From 68717819f3294058613da2878ff2c89bb3015c26 Mon Sep 17 00:00:00 2001 From: Aaron Ogle Date: Wed, 30 Jan 2019 15:16:25 -0600 Subject: [PATCH 0001/1586] Added readme (#11016) Signed-off-by: Aaron Ogle --- stable/rocketchat/Chart.yaml | 2 +- stable/rocketchat/README.md | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+), 1 deletion(-) create mode 100644 stable/rocketchat/README.md diff --git a/stable/rocketchat/Chart.yaml b/stable/rocketchat/Chart.yaml index bb1fc0b8321e..67e0836b92a9 100644 --- a/stable/rocketchat/Chart.yaml +++ b/stable/rocketchat/Chart.yaml @@ -1,5 +1,5 @@ name: rocketchat -version: 0.3.0 +version: 0.3.1 appVersion: 0.73.2 description: Prepare to take off with the ultimate chat platform, experience the next level of team communications diff --git a/stable/rocketchat/README.md b/stable/rocketchat/README.md new file mode 100644 index 000000000000..0a0ed3ba84e1 --- /dev/null +++ b/stable/rocketchat/README.md @@ -0,0 +1,26 @@ +# Rocket.Chat + +[Rocket.Chat](https://rocket.chat/) is free, unlimited and open source. Replace email, HipChat & Slack with the ultimate team chat software solution. + +## Notes on installation and recommended settings + +- This chart installs rocketchat chart (stable/rocketchat) +- This chart installs mongodb chart (stable/mongodb) +- Authentication for mongodb is enabled by default (usePassword : true) + +### Please set your own mongodbUsername and mongodbPassword like this: +```bash +$ helm install --set mongodb.mongodbUsername=,mongodb.mongodbPassword= --name my-rocketchat stable/rocketchat +``` + +### If you want to use another image set it like this: +```bash +$ helm install --set mongodb.mongodbUsername=,mongodb.mongodbPassword=,repository= --name my-rocketchat stable/rocketchat +``` + +### If you want to install another version of rocket.chat image you can set the version like this: +```bash +$ helm install --set mongodb.mongodbUsername=,mongodb.mongodbPassword=,tag=0.74.0 --name my-rocketchat stable/rocketchat +``` + + From eabad269a09c5bdf4e8b16cf0aa9cc168d40aabb Mon Sep 17 00:00:00 2001 From: Rico Pahlisch Date: Wed, 30 Jan 2019 22:23:37 +0100 Subject: [PATCH 0002/1586] enable watching configmaps for prometheus server (#10973) Signed-off-by: Rico Pahlisch --- stable/prometheus/Chart.yaml | 2 +- stable/prometheus/templates/server-clusterrole.yaml | 7 +------ 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/stable/prometheus/Chart.yaml b/stable/prometheus/Chart.yaml index 244418a3abfc..92efde321a80 100755 --- a/stable/prometheus/Chart.yaml +++ b/stable/prometheus/Chart.yaml @@ -1,5 +1,5 @@ name: prometheus -version: 8.4.9 +version: 8.5.0 appVersion: 2.6.1 description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ diff --git a/stable/prometheus/templates/server-clusterrole.yaml b/stable/prometheus/templates/server-clusterrole.yaml index 9fe94d467efa..e039172a3be2 100644 --- a/stable/prometheus/templates/server-clusterrole.yaml +++ b/stable/prometheus/templates/server-clusterrole.yaml @@ -15,16 +15,11 @@ rules: - endpoints - pods - ingresses + - configmaps verbs: - get - list - watch - - apiGroups: - - "" - resources: - - configmaps - verbs: - - get - apiGroups: - "extensions" resources: From 894fadd51a3e322b48f603d876dedb356463055d Mon Sep 17 00:00:00 2001 From: Aaron Ogle Date: Wed, 30 Jan 2019 15:32:24 -0600 Subject: [PATCH 0003/1586] Change liveness to /api/info (#11017) Signed-off-by: Aaron Ogle --- stable/rocketchat/Chart.yaml | 2 +- stable/rocketchat/templates/deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/rocketchat/Chart.yaml b/stable/rocketchat/Chart.yaml index 67e0836b92a9..e7caf2912eaf 100644 --- a/stable/rocketchat/Chart.yaml +++ b/stable/rocketchat/Chart.yaml @@ -1,5 +1,5 @@ name: rocketchat -version: 0.3.1 +version: 0.3.2 appVersion: 0.73.2 description: Prepare to take off with the ultimate chat platform, experience the next level of team communications diff --git a/stable/rocketchat/templates/deployment.yaml b/stable/rocketchat/templates/deployment.yaml index 4eb5e3b7036d..70ddb30cdb77 100644 --- a/stable/rocketchat/templates/deployment.yaml +++ b/stable/rocketchat/templates/deployment.yaml @@ -60,7 +60,7 @@ spec: containerPort: 3000 livenessProbe: httpGet: - path: / + path: /api/info port: http initialDelaySeconds: 60 timeoutSeconds: 5 From 92da66322c695fc4428d5f925cec820c463a7f34 Mon Sep 17 00:00:00 2001 From: Harshal Shah Date: Wed, 30 Jan 2019 22:45:00 +0100 Subject: [PATCH 0004/1586] [stable/nginx-ingress] Reverting PR 10849 (#10993) * Reverting PR 10849 Signed-off-by: Harshal Shah * Update Chart.yaml Signed-off-by: David J. M. Karlsen --- stable/nginx-ingress/Chart.yaml | 2 +- stable/nginx-ingress/templates/controller-metrics-service.yaml | 2 -- stable/nginx-ingress/templates/controller-service.yaml | 2 -- stable/nginx-ingress/templates/controller-stats-service.yaml | 2 -- stable/nginx-ingress/templates/default-backend-service.yaml | 2 -- 5 files changed, 1 insertion(+), 9 deletions(-) diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index 187f6889e92d..8eda402b4388 100644 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,5 +1,5 @@ name: nginx-ingress -version: 1.2.2 +version: 1.2.3 appVersion: 0.22.0 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. diff --git a/stable/nginx-ingress/templates/controller-metrics-service.yaml b/stable/nginx-ingress/templates/controller-metrics-service.yaml index bfff958f6e99..df079fc43a59 100644 --- a/stable/nginx-ingress/templates/controller-metrics-service.yaml +++ b/stable/nginx-ingress/templates/controller-metrics-service.yaml @@ -19,9 +19,7 @@ metadata: release: {{ .Release.Name }} name: {{ template "nginx-ingress.controller.fullname" . }}-metrics spec: -{{- if .Values.controller.metrics.service.clusterIP }} clusterIP: "{{ .Values.controller.metrics.service.clusterIP }}" -{{- end }} {{- if .Values.controller.metrics.service.externalIPs }} externalIPs: {{ toYaml .Values.controller.metrics.service.externalIPs | indent 4 }} diff --git a/stable/nginx-ingress/templates/controller-service.yaml b/stable/nginx-ingress/templates/controller-service.yaml index 6a0979c4f832..a81c81e0051a 100644 --- a/stable/nginx-ingress/templates/controller-service.yaml +++ b/stable/nginx-ingress/templates/controller-service.yaml @@ -18,9 +18,7 @@ metadata: release: {{ .Release.Name }} name: {{ template "nginx-ingress.controller.fullname" . }} spec: -{{- if .Values.controller.service.clusterIP }} clusterIP: "{{ .Values.controller.service.clusterIP }}" -{{- end }} {{- if .Values.controller.service.externalIPs }} externalIPs: {{ toYaml .Values.controller.service.externalIPs | indent 4 }} diff --git a/stable/nginx-ingress/templates/controller-stats-service.yaml b/stable/nginx-ingress/templates/controller-stats-service.yaml index b162859939c3..4b536d171398 100644 --- a/stable/nginx-ingress/templates/controller-stats-service.yaml +++ b/stable/nginx-ingress/templates/controller-stats-service.yaml @@ -16,9 +16,7 @@ metadata: release: {{ .Release.Name }} name: {{ template "nginx-ingress.controller.fullname" . }}-stats spec: -{{- if .Values.controller.stats.service.clusterIP }} clusterIP: "{{ .Values.controller.stats.service.clusterIP }}" -{{- end }} {{- if .Values.controller.stats.service.externalIPs }} externalIPs: {{ toYaml .Values.controller.stats.service.externalIPs | indent 4 }} diff --git a/stable/nginx-ingress/templates/default-backend-service.yaml b/stable/nginx-ingress/templates/default-backend-service.yaml index 36a355e35c3f..8698c540c47c 100644 --- a/stable/nginx-ingress/templates/default-backend-service.yaml +++ b/stable/nginx-ingress/templates/default-backend-service.yaml @@ -16,9 +16,7 @@ metadata: release: {{ .Release.Name }} name: {{ template "nginx-ingress.defaultBackend.fullname" . }} spec: -{{- if .Values.defaultBackend.service.clusterIP }} clusterIP: "{{ .Values.defaultBackend.service.clusterIP }}" -{{- end }} {{- if .Values.defaultBackend.service.externalIPs }} externalIPs: {{ toYaml .Values.defaultBackend.service.externalIPs | indent 4 }} From 02514936bf43de92d4f71f929326711b10a0a44e Mon Sep 17 00:00:00 2001 From: Jeff Hastings Date: Wed, 30 Jan 2019 16:45:11 -0500 Subject: [PATCH 0005/1586] add tolerations to mysql deployment (#11018) * add tolerations to mysql deployment Signed-off-by: Jeff Hastings * Update Chart.yaml Signed-off-by: David J. M. Karlsen --- stable/mysql/Chart.yaml | 2 +- stable/mysql/README.md | 1 + stable/mysql/templates/deployment.yaml | 4 ++++ stable/mysql/values.yaml | 5 +++++ 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/stable/mysql/Chart.yaml b/stable/mysql/Chart.yaml index 705743e15149..39730a1c3799 100755 --- a/stable/mysql/Chart.yaml +++ b/stable/mysql/Chart.yaml @@ -1,5 +1,5 @@ name: mysql -version: 0.13.3 +version: 0.14.0 appVersion: 5.7.14 description: Fast, reliable, scalable, and easy to use open-source relational database system. diff --git a/stable/mysql/README.md b/stable/mysql/README.md index 059e7f1d4d51..cd4433153937 100755 --- a/stable/mysql/README.md +++ b/stable/mysql/README.md @@ -79,6 +79,7 @@ The following table lists the configurable parameters of the MySQL chart and the | `persistence.subPath` | Subdirectory of the volume to mount | `nil` | | `persistence.annotations` | Persistent Volume annotations | {} | | `nodeSelector` | Node labels for pod assignment | {} | +| `tolerations` | Pod taint tolerations for deployment | {} | | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image` | Exporter image | `prom/mysqld-exporter` | | `metrics.imageTag` | Exporter image | `v0.10.0` | diff --git a/stable/mysql/templates/deployment.yaml b/stable/mysql/templates/deployment.yaml index 60e02b3f8c51..7d71ee6b70cd 100644 --- a/stable/mysql/templates/deployment.yaml +++ b/stable/mysql/templates/deployment.yaml @@ -41,6 +41,10 @@ spec: {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} {{- end }} containers: - name: {{ template "mysql.fullname" . }} diff --git a/stable/mysql/values.yaml b/stable/mysql/values.yaml index cc6c0209eaa0..8a0ccd8d1630 100644 --- a/stable/mysql/values.yaml +++ b/stable/mysql/values.yaml @@ -61,6 +61,11 @@ extraInitContainers: | ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector nodeSelector: {} +## Tolerations for pod assignment +## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +## +tolerations: [] + livenessProbe: initialDelaySeconds: 30 periodSeconds: 10 From ac05903affbbe4c148f33ec2e5bc38bcbde7da34 Mon Sep 17 00:00:00 2001 From: "David J. M. Karlsen" Date: Thu, 31 Jan 2019 11:28:52 +0100 Subject: [PATCH 0006/1586] [stable/prometheus] Upgrade to latest release (#11020) Signed-off-by: David J. M. Karlsen --- stable/prometheus/Chart.yaml | 4 ++-- stable/prometheus/README.md | 2 +- stable/prometheus/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/prometheus/Chart.yaml b/stable/prometheus/Chart.yaml index 92efde321a80..c096b92f96b9 100755 --- a/stable/prometheus/Chart.yaml +++ b/stable/prometheus/Chart.yaml @@ -1,6 +1,6 @@ name: prometheus -version: 8.5.0 -appVersion: 2.6.1 +version: 8.6.0 +appVersion: 2.7.0 description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png diff --git a/stable/prometheus/README.md b/stable/prometheus/README.md index cc6f92e34de2..d132c80d1e4e 100644 --- a/stable/prometheus/README.md +++ b/stable/prometheus/README.md @@ -227,7 +227,7 @@ Parameter | Description | Default `rbac.create` | If true, create & use RBAC resources | `true` `server.name` | Prometheus server container name | `server` `server.image.repository` | Prometheus server container image repository | `prom/prometheus` -`server.image.tag` | Prometheus server container image tag | `v2.6.1` +`server.image.tag` | Prometheus server container image tag | `v2.7.0` `server.image.pullPolicy` | Prometheus server container image pull policy | `IfNotPresent` `server.enableAdminApi` | If true, Prometheus administrative HTTP API will be enabled. Please note, that you should take care of administrative API access protection (ingress or some frontend Nginx with auth) before enabling it. | `false` `server.configPath` | Path to a prometheus server config file on the container FS | `/etc/config/prometheus.yml` diff --git a/stable/prometheus/values.yaml b/stable/prometheus/values.yaml index 32f35f4f7381..15389f50b480 100644 --- a/stable/prometheus/values.yaml +++ b/stable/prometheus/values.yaml @@ -518,7 +518,7 @@ server: ## image: repository: prom/prometheus - tag: v2.6.1 + tag: v2.7.0 pullPolicy: IfNotPresent ## prometheus server priorityClassName From 1278759cd7dc2ad6c42c77299d67ca1c61bce10c Mon Sep 17 00:00:00 2001 From: Max Heidinger Date: Thu, 31 Jan 2019 02:35:51 -0800 Subject: [PATCH 0007/1586] Fix drone server protocol (#11021) * Fix drone server protocol Signed-off-by: Max Heidinger * Bump version Signed-off-by: Max Heidinger --- stable/drone/Chart.yaml | 2 +- stable/drone/templates/deployment-server.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/drone/Chart.yaml b/stable/drone/Chart.yaml index 609332c3752b..b61a1a4b268b 100644 --- a/stable/drone/Chart.yaml +++ b/stable/drone/Chart.yaml @@ -1,7 +1,7 @@ name: drone home: https://drone.io/ icon: https://drone.io/apple-touch-icon.png -version: 2.0.0-rc.4 +version: 2.0.0-rc.5 appVersion: 1.0.0-rc.4 description: Drone is a Continuous Delivery system built on container technology keywords: diff --git a/stable/drone/templates/deployment-server.yaml b/stable/drone/templates/deployment-server.yaml index defec929c5e3..dfe745978916 100644 --- a/stable/drone/templates/deployment-server.yaml +++ b/stable/drone/templates/deployment-server.yaml @@ -60,7 +60,7 @@ spec: {{- else }} value: "{{ template "drone.fullname" . }}" {{- end }} - - name: DRONE_SERVER_PROTOCOL + - name: DRONE_SERVER_PROTO value: {{ .Values.server.protocol }} {{- if .Values.server.adminUser }} - name: DRONE_USER_CREATE From 12aad70c43afcae76aa6b11ef9da555ca63734d4 Mon Sep 17 00:00:00 2001 From: Jonathan Juares Beber Date: Thu, 31 Jan 2019 11:50:33 +0100 Subject: [PATCH 0008/1586] Add support for external Redis to the Sentry chart (#11010) Signed-off-by: jonathanbeber --- stable/sentry/Chart.yaml | 2 +- stable/sentry/README.md | 8 +++++ stable/sentry/requirements.lock | 4 +-- stable/sentry/requirements.yaml | 1 + stable/sentry/templates/_helpers.tpl | 33 +++++++++++++++++++ stable/sentry/templates/cron-deployment.yaml | 8 +++-- .../sentry/templates/hooks/db-init.job.yaml | 8 +++-- .../templates/hooks/user-create.job.yaml | 8 +++-- stable/sentry/templates/secrets.yaml | 3 ++ stable/sentry/templates/web-deployment.yaml | 8 +++-- .../sentry/templates/workers-deployment.yaml | 8 +++-- stable/sentry/values.yaml | 6 ++++ 12 files changed, 79 insertions(+), 18 deletions(-) diff --git a/stable/sentry/Chart.yaml b/stable/sentry/Chart.yaml index 17db590f4a2e..40219a256379 100644 --- a/stable/sentry/Chart.yaml +++ b/stable/sentry/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Sentry is a cross-platform crash reporting and aggregation platform. name: sentry -version: 1.2.0 +version: 1.3.0 appVersion: 9.0 keywords: - debugging diff --git a/stable/sentry/README.md b/stable/sentry/README.md index 5679beeb7084..a9e9595ded79 100644 --- a/stable/sentry/README.md +++ b/stable/sentry/README.md @@ -108,6 +108,10 @@ The following table lists the configurable parameters of the Sentry chart and th | `postgresql.postgresHost` | External postgres host | `nil` | | `postgresql.postgresPassword` | External postgres password | `nil` | | `postgresql.postgresPort` | External postgres port | `5432` | +| `redis.enabled` | Deploy redis server (see below) | `true` | +| `redis.host` | External redis host | `nil` | +| `redis.password` | External redis password | `nil` | +| `redis.port` | External redis port | `6379` | | `persistence.enabled` | Enable persistence using PVC | `true` | | `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` | `nil` | | `persistence.storageClass` | PVC Storage Class | `nil` (uses alpha storage class annotation) | @@ -138,6 +142,10 @@ $ helm install --name my-release -f values.yaml stable/sentry By default, PostgreSQL is installed as part of the chart. To use an external PostgreSQL server set `postgresql.enabled` to `false` and then set `postgresql.postgresHost` and `postgresql.postgresPassword`. The other options (`postgresql.postgresDatabase`, `postgresql.postgresUser` and `postgresql.postgresPort`) may also want changing from their default values. +## Redis + +By default, Redis is installed as part of the chart. To use an external Redis server/cluster set `redis.enabled` to `false` and then set `redis.host`. If your redis cluster uses password define it with `redis.password`, otherwise just omit it. Check the table above for more configuration options. + ## Persistence The [Sentry](https://github.com/getsentry/docker-sentry) image stores the Sentry data at the `/var/lib/sentry/files` path of the container. diff --git a/stable/sentry/requirements.lock b/stable/sentry/requirements.lock index d630d73dedc5..e8a705a38450 100644 --- a/stable/sentry/requirements.lock +++ b/stable/sentry/requirements.lock @@ -5,5 +5,5 @@ dependencies: - name: redis repository: https://kubernetes-charts.storage.googleapis.com/ version: 3.8.1 -digest: sha256:48cdc656a1a3a2951266a108ddd3b0a4b4d3ce2af2e8ea54d81d2f88641bc6a1 -generated: 2018-09-11T18:06:41.639986538-04:00 +digest: sha256:2e645b00617ba18fb9c6b03eb0b1a7b6c1c0b6272f654fc455ef623faeeba0df +generated: 2019-01-30T14:20:03.270355538+01:00 diff --git a/stable/sentry/requirements.yaml b/stable/sentry/requirements.yaml index f9fab760b6da..1aa2b85202c2 100644 --- a/stable/sentry/requirements.yaml +++ b/stable/sentry/requirements.yaml @@ -6,3 +6,4 @@ dependencies: - name: redis version: 3.8.1 repository: https://kubernetes-charts.storage.googleapis.com/ + condition: redis.enabled diff --git a/stable/sentry/templates/_helpers.tpl b/stable/sentry/templates/_helpers.tpl index 1a26d6c652ae..a4ccfa84e7d0 100644 --- a/stable/sentry/templates/_helpers.tpl +++ b/stable/sentry/templates/_helpers.tpl @@ -70,3 +70,36 @@ Set postgres port {{- default "5432" .Values.postgresql.postgresPort | quote -}} {{- end -}} {{- end -}} + +{{/* +Set redis host +*/}} +{{- define "redis.host" -}} +{{- if .Values.redis.enabled -}} +{{- template "redis.fullname" . -}}-master +{{- else -}} +{{- .Values.redis.host | quote -}} +{{- end -}} +{{- end -}} + +{{/* +Set redis secret +*/}} +{{- define "redis.secret" -}} +{{- if .Values.redis.enabled -}} +{{- template "redis.fullname" . -}} +{{- else -}} +{{- template "fullname" . -}} +{{- end -}} +{{- end -}} + +{{/* +Set redis port +*/}} +{{- define "redis.port" -}} +{{- if .Values.redis.enabled -}} + "6379" +{{- else -}} +{{- default "6379" .Values.redis.port | quote -}} +{{- end -}} +{{- end -}} diff --git a/stable/sentry/templates/cron-deployment.yaml b/stable/sentry/templates/cron-deployment.yaml index 7ba1fdc6d4a6..3cd605eedfe0 100644 --- a/stable/sentry/templates/cron-deployment.yaml +++ b/stable/sentry/templates/cron-deployment.yaml @@ -69,19 +69,21 @@ spec: value: {{ template "postgresql.host" . }} - name: SENTRY_POSTGRES_PORT value: {{ template "postgresql.port" . }} + {{- if or (.Values.redis.enabled) (.Values.redis.password) }} - name: SENTRY_REDIS_PASSWORD valueFrom: secretKeyRef: {{- if .Values.redis.existingSecret }} name: {{ .Values.redis.existingSecret }} {{- else }} - name: {{ template "redis.fullname" . }} + name: {{ template "redis.secret" . }} {{- end }} key: redis-password + {{- end }} - name: SENTRY_REDIS_HOST - value: {{ template "redis.fullname" . }}-master + value: {{ template "redis.host" . }} - name: SENTRY_REDIS_PORT - value: "6379" + value: {{ template "redis.port" . }} - name: SENTRY_EMAIL_HOST value: {{ default "" .Values.email.host | quote }} - name: SENTRY_EMAIL_PORT diff --git a/stable/sentry/templates/hooks/db-init.job.yaml b/stable/sentry/templates/hooks/db-init.job.yaml index 83023f70184e..fcf30f768fa2 100644 --- a/stable/sentry/templates/hooks/db-init.job.yaml +++ b/stable/sentry/templates/hooks/db-init.job.yaml @@ -53,19 +53,21 @@ spec: value: {{ template "postgresql.host" . }} - name: SENTRY_POSTGRES_PORT value: {{ template "postgresql.port" . }} + {{- if or (.Values.redis.enabled) (.Values.redis.password) }} - name: SENTRY_REDIS_PASSWORD valueFrom: secretKeyRef: {{- if .Values.redis.existingSecret }} name: {{ .Values.redis.existingSecret }} {{- else }} - name: {{ template "redis.fullname" . }} + name: {{ template "redis.secret" . }} {{- end }} key: redis-password + {{- end }} - name: SENTRY_REDIS_HOST - value: {{ template "redis.fullname" . }}-master + value: {{ template "redis.host" . }} - name: SENTRY_REDIS_PORT - value: "6379" + value: {{ template "redis.port" . }} - name: SENTRY_EMAIL_HOST value: {{ default "" .Values.smtpHost | quote }} - name: SENTRY_EMAIL_PORT diff --git a/stable/sentry/templates/hooks/user-create.job.yaml b/stable/sentry/templates/hooks/user-create.job.yaml index bf725f4bd324..9be9874c9065 100644 --- a/stable/sentry/templates/hooks/user-create.job.yaml +++ b/stable/sentry/templates/hooks/user-create.job.yaml @@ -53,19 +53,21 @@ spec: value: {{ template "postgresql.host" . }} - name: SENTRY_POSTGRES_PORT value: {{ template "postgresql.port" . }} + {{- if or (.Values.redis.enabled) (.Values.redis.password) }} - name: SENTRY_REDIS_PASSWORD valueFrom: secretKeyRef: {{- if .Values.redis.existingSecret }} name: {{ .Values.redis.existingSecret }} {{- else }} - name: {{ template "redis.fullname" . }} + name: {{ template "redis.secret" . }} {{- end }} key: redis-password + {{- end }} - name: SENTRY_REDIS_HOST - value: {{ template "redis.fullname" . }}-master + value: {{ template "redis.host" . }} - name: SENTRY_REDIS_PORT - value: "6379" + value: {{ template "redis.port" . }} - name: SENTRY_EMAIL_HOST value: {{ default "" .Values.smtpHost | quote }} - name: SENTRY_EMAIL_PORT diff --git a/stable/sentry/templates/secrets.yaml b/stable/sentry/templates/secrets.yaml index 0a985b5a4673..f3b48446ab04 100644 --- a/stable/sentry/templates/secrets.yaml +++ b/stable/sentry/templates/secrets.yaml @@ -25,3 +25,6 @@ data: {{ if not .Values.postgresql.enabled }} postgres-password: {{ .Values.postgresql.postgresPassword | default "" | b64enc | quote }} {{ end }} + {{ if and (not .Values.redis.enabled) (.Values.redis.password) }} + redis-password: {{ .Values.redis.password | default "" | b64enc | quote }} + {{ end }} diff --git a/stable/sentry/templates/web-deployment.yaml b/stable/sentry/templates/web-deployment.yaml index 8cb87b6ff255..b8a1016a9b7c 100644 --- a/stable/sentry/templates/web-deployment.yaml +++ b/stable/sentry/templates/web-deployment.yaml @@ -68,19 +68,21 @@ spec: value: {{ template "postgresql.host" . }} - name: SENTRY_POSTGRES_PORT value: {{ template "postgresql.port" . }} + {{- if or (.Values.redis.enabled) (.Values.redis.password) }} - name: SENTRY_REDIS_PASSWORD valueFrom: secretKeyRef: {{- if .Values.redis.existingSecret }} name: {{ .Values.redis.existingSecret }} {{- else }} - name: {{ template "redis.fullname" . }} + name: {{ template "redis.secret" . }} {{- end }} key: redis-password + {{- end }} - name: SENTRY_REDIS_HOST - value: {{ template "redis.fullname" . }}-master + value: {{ template "redis.host" . }} - name: SENTRY_REDIS_PORT - value: "6379" + value: {{ template "redis.port" . }} - name: SENTRY_EMAIL_HOST value: {{ default "" .Values.email.host | quote }} - name: SENTRY_EMAIL_PORT diff --git a/stable/sentry/templates/workers-deployment.yaml b/stable/sentry/templates/workers-deployment.yaml index 64704478411e..2f3754af87ee 100644 --- a/stable/sentry/templates/workers-deployment.yaml +++ b/stable/sentry/templates/workers-deployment.yaml @@ -69,19 +69,21 @@ spec: value: {{ template "postgresql.host" . }} - name: SENTRY_POSTGRES_PORT value: {{ template "postgresql.port" . }} + {{- if or (.Values.redis.enabled) (.Values.redis.password) }} - name: SENTRY_REDIS_PASSWORD valueFrom: secretKeyRef: {{- if .Values.redis.existingSecret }} name: {{ .Values.redis.existingSecret }} {{- else }} - name: {{ template "redis.fullname" . }} + name: {{ template "redis.secret" . }} {{- end }} key: redis-password + {{- end }} - name: SENTRY_REDIS_HOST - value: {{ template "redis.fullname" . }}-master + value: {{ template "redis.host" . }} - name: SENTRY_REDIS_PORT - value: "6379" + value: {{ template "redis.port" . }} - name: SENTRY_EMAIL_HOST value: {{ default "" .Values.email.host | quote }} - name: SENTRY_EMAIL_PORT diff --git a/stable/sentry/values.yaml b/stable/sentry/values.yaml index 8c63c01acaad..666efab038d3 100644 --- a/stable/sentry/values.yaml +++ b/stable/sentry/values.yaml @@ -157,6 +157,12 @@ postgresql: enabled: true redis: + enabled: true + # Only used when internal redis is disabled + # host: redis + # Just omit the password field if your redis cluster doesn't use password + # password: redis + # port: 6379 master: persistence: enabled: true From 25d05a61f984cb012a4b8f299e23c7105e8cd5f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Thu, 31 Jan 2019 13:12:22 +0100 Subject: [PATCH 0009/1586] [stable/redis] Fix use password as file environment variable issue (#10826) * [stable/redis] Fix use password as file environment variable issue Signed-off-by: Javier J. Salmeron Garcia * Fix metrics deployment Signed-off-by: Javier J. Salmeron Garcia * Fix readme Signed-off-by: Javier J. Salmeron Garcia * Update exporter to new version Signed-off-by: Javier J. Salmeron Garcia * Bump chart version Signed-off-by: Javier J. Salmeron Garcia * Update test values Signed-off-by: Javier J. Salmeron Garcia --- stable/redis/Chart.yaml | 2 +- stable/redis/README.md | 2 +- stable/redis/ci/production-values.yaml | 5 +- stable/redis/ci/redis-lib-values.yaml | 3 +- stable/redis/ci/redisgraph-module-values.yaml | 3 +- stable/redis/templates/health-configmap.yaml | 8 +++ .../redis/templates/metrics-deployment.yaml | 10 ---- .../templates/redis-master-statefulset.yaml | 42 +++++++------- .../templates/redis-slave-deployment.yaml | 56 +++++++++---------- stable/redis/values-production.yaml | 5 +- stable/redis/values.yaml | 5 +- 11 files changed, 65 insertions(+), 76 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index e26df759c1e7..eb1657b94d6a 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,5 +1,5 @@ name: redis -version: 5.4.0 +version: 5.5.0 appVersion: 4.0.12 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/README.md b/stable/redis/README.md index 16029c86d909..bbb662c16127 100644 --- a/stable/redis/README.md +++ b/stable/redis/README.md @@ -138,7 +138,7 @@ The following table lists the configurable parameters of the Redis chart and the | `master.podLabels` | Additional labels for Redis master pod | {} | | `master.podAnnotations` | Additional annotations for Redis master pod | {} | | `master.port` | Redis master port | `6379` | -| `master.command` | Redis master entrypoint array. The docker image's ENTRYPOINT is used if this is not provided. | [] | +| `master.command` | Redis master entrypoint string. The command `redis-server` is executed if this is not provided. | `/run.sh` | | `master.disableCommands` | Array of Redis commands to disable (master) | `["FLUSHDB", "FLUSHALL"]` | | `master.extraFlags` | Redis master additional command line flags | [] | | `master.nodeSelector` | Redis master Node labels for pod assignment | {"beta.kubernetes.io/arch": "amd64"} | diff --git a/stable/redis/ci/production-values.yaml b/stable/redis/ci/production-values.yaml index 4be8386debc7..fbc15c5de0ff 100644 --- a/stable/redis/ci/production-values.yaml +++ b/stable/redis/ci/production-values.yaml @@ -96,8 +96,7 @@ master: ## ## Can be used to specify command line arguments, for example: ## - # command: - # - "redis-server" + # command: "redis-server" ## Redis additional command line flags ## ## Can be used to specify command line flags, for example: @@ -301,7 +300,7 @@ metrics: image: registry: docker.io repository: oliver006/redis_exporter - tag: v0.20.2 + tag: v0.28.0 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/redis/ci/redis-lib-values.yaml b/stable/redis/ci/redis-lib-values.yaml index 9417e719c5e5..79c63c442b7c 100644 --- a/stable/redis/ci/redis-lib-values.yaml +++ b/stable/redis/ci/redis-lib-values.yaml @@ -7,5 +7,4 @@ image: tag: '4.0.11' master: - command: - - "redis-server" + command: "redis-server" diff --git a/stable/redis/ci/redisgraph-module-values.yaml b/stable/redis/ci/redisgraph-module-values.yaml index 234a2cd0692b..27cf30e3ec80 100644 --- a/stable/redis/ci/redisgraph-module-values.yaml +++ b/stable/redis/ci/redisgraph-module-values.yaml @@ -4,5 +4,4 @@ image: tag: '1.0.0' master: - command: - - "redis-server" + command: "redis-server" diff --git a/stable/redis/templates/health-configmap.yaml b/stable/redis/templates/health-configmap.yaml index 24c34f08827d..c60982cb53fc 100644 --- a/stable/redis/templates/health-configmap.yaml +++ b/stable/redis/templates/health-configmap.yaml @@ -9,6 +9,10 @@ metadata: name: {{ template "redis.fullname" . }}-health data: ping_local.sh: |- +{{- if .Values.usePasswordFile }} + password_aux=`cat ${REDIS_PASSWORD_FILE}` + export REDIS_PASSWORD=$password_aux +{{- end }} response=$( redis-cli \ {{- if .Values.usePassword }} @@ -23,6 +27,10 @@ data: exit 1 fi ping_master.sh: |- +{{- if .Values.usePasswordFile }} + password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}` + export REDIS_MASTER_PASSWORD=$password_aux +{{- end }} response=$( redis-cli \ {{- if .Values.usePassword }} diff --git a/stable/redis/templates/metrics-deployment.yaml b/stable/redis/templates/metrics-deployment.yaml index 14926d35c57a..bbf598062a9b 100644 --- a/stable/redis/templates/metrics-deployment.yaml +++ b/stable/redis/templates/metrics-deployment.yaml @@ -77,16 +77,6 @@ spec: key: redis-password {{- end }} {{- end }} - command: - - /bin/sh - - -c - - |- - if [[ -n $REDIS_PASSWORD_FILE ]]; then - password_aux="$(< "${REDIS_PASSWORD_FILE}")" - export REDIS_PASSWORD=$password_aux - fi - /bin/redis_exporter - volumeMounts: {{- if .Values.usePasswordFile }} - name: redis-password diff --git a/stable/redis/templates/redis-master-statefulset.yaml b/stable/redis/templates/redis-master-statefulset.yaml index e10b7fd8cfec..af1cf571d95f 100644 --- a/stable/redis/templates/redis-master-statefulset.yaml +++ b/stable/redis/templates/redis-master-statefulset.yaml @@ -66,29 +66,27 @@ spec: - name: {{ template "redis.fullname" . }} image: "{{ template "redis.image" . }}" imagePullPolicy: {{ default "" .Values.image.pullPolicy | quote }} - {{- if .Values.master.command }} command: -{{ toYaml .Values.master.command | indent 10 }} - {{- end }} - args: - - "--port" - - "$(REDIS_PORT)" - {{- if .Values.usePassword }} - - "--requirepass" - - "$(REDIS_PASSWORD)" - {{- else }} - - "--protected-mode" - - "no" - {{- end }} - - "--include" - - "/opt/bitnami/redis/etc/redis.conf" - - "--include" - - "/opt/bitnami/redis/etc/master.conf" - {{- if .Values.master.extraFlags }} - {{- range .Values.master.extraFlags }} - - {{ . | quote }} - {{- end }} - {{- end }} + - /bin/bash + - -c + - | + if [[ -n $REDIS_PASSWORD_FILE ]]; then + password_aux=`cat ${REDIS_PASSWORD_FILE}` + export REDIS_PASSWORD=$password_aux + fi + ARGS=("--port" "${REDIS_PORT}") + {{- if .Values.usePassword }} + ARGS+=("--requirepass" "${REDIS_PASSWORD}") + {{- else }} + ARGS+=("--protected-mode" "no") + {{- end }} + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/master.conf") + {{- if .Values.master.command }} + {{ .Values.master.command }} ${ARGS[@]} + {{- else }} + redis-server "${ARGS[@]}" + {{- end }} env: - name: REDIS_REPLICATION_MODE value: master diff --git a/stable/redis/templates/redis-slave-deployment.yaml b/stable/redis/templates/redis-slave-deployment.yaml index dddb0e176030..981290a106f4 100644 --- a/stable/redis/templates/redis-slave-deployment.yaml +++ b/stable/redis/templates/redis-slave-deployment.yaml @@ -71,35 +71,33 @@ spec: image: {{ template "redis.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | default "" | quote }} {{- $command := default .Values.master.command .Values.slave.command }} - {{- if $command }} command: -{{ toYaml $command | indent 10 }} - {{- end }} - args: - - "--port" - - "$(REDIS_PORT)" - - "--slaveof" - - "$(REDIS_MASTER_HOST)" - - "$(REDIS_MASTER_PORT_NUMBER)" - {{- if .Values.usePassword }} - - "--requirepass" - - "$(REDIS_PASSWORD)" - - "--masterauth" - - "$(REDIS_MASTER_PASSWORD)" - {{- else }} - - "--protected-mode" - - "no" - {{- end }} - - "--include" - - "/opt/bitnami/redis/etc/redis.conf" - - "--include" - - "/opt/bitnami/redis/etc/replica.conf" - {{- $extraFlags := ( default .Values.master.extraFlags .Values.slave.extraFlags ) }} - {{- if $extraFlags }} - {{- range $extraFlags }} - - {{ . | quote }} - {{- end }} - {{- end }} + - /bin/bash + - -c + - | + if [[ -n $REDIS_PASSWORD_FILE ]]; then + password_aux=`cat ${REDIS_PASSWORD_FILE}` + export REDIS_PASSWORD=$password_aux + fi + if [[ -n $REDIS_MASTER_PASSWORD_FILE ]]; then + password_aux=`cat ${REDIS_MASTER_PASSWORD_FILE}` + export REDIS_MASTER_PASSWORD=$password_aux + fi + ARGS=("--port" "${REDIS_PORT}") + {{- if .Values.usePassword }} + ARGS+=("--requirepass" "${REDIS_PASSWORD}") + ARGS+=("--slaveof" "${REDIS_MASTER_HOST}" "${REDIS_MASTER_PORT_NUMBER}") + ARGS+=("--masterauth" "${REDIS_MASTER_PASSWORD}") + {{- else }} + ARGS+=("--protected-mode" "no") + {{- end }} + ARGS+=("--include" "/opt/bitnami/redis/etc/redis.conf") + ARGS+=("--include" "/opt/bitnami/redis/etc/replica.conf") + {{- if .Values.master.command }} + {{ .Values.master.command }} "${ARGS[@]}" + {{- else }} + redis-server "${ARGS[@]}" + {{- end }} env: - name: REDIS_REPLICATION_MODE value: slave @@ -114,7 +112,7 @@ spec: - name: REDIS_PASSWORD_FILE value: "/opt/bitnami/redis/secrets/redis-password" - name: REDIS_MASTER_PASSWORD_FILE - value: "/opt/bitnami/redis/secrets/redis-master-password" + value: "/opt/bitnami/redis/secrets/redis-password" {{- else }} - name: REDIS_PASSWORD valueFrom: diff --git a/stable/redis/values-production.yaml b/stable/redis/values-production.yaml index c18afb393f6a..09d83bcd08f7 100644 --- a/stable/redis/values-production.yaml +++ b/stable/redis/values-production.yaml @@ -99,8 +99,7 @@ master: ## ## Can be used to specify command line arguments, for example: ## - # command: - # - "redis-server" + command: "/run.sh" ## Redis additional command line flags ## ## Can be used to specify command line flags, for example: @@ -309,7 +308,7 @@ metrics: image: registry: docker.io repository: oliver006/redis_exporter - tag: v0.25.0 + tag: v0.28.0 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/redis/values.yaml b/stable/redis/values.yaml index 356fa99126f9..adcb31daba6b 100644 --- a/stable/redis/values.yaml +++ b/stable/redis/values.yaml @@ -99,8 +99,7 @@ master: ## ## Can be used to specify command line arguments, for example: ## - command: - - "/run.sh" + command: "/run.sh" ## Redis additional command line flags ## ## Can be used to specify command line flags, for example: @@ -309,7 +308,7 @@ metrics: image: registry: docker.io repository: oliver006/redis_exporter - tag: v0.25.0 + tag: v0.28.0 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 8e946f3ea85566d2184a36fef6f9e3c7f1f06836 Mon Sep 17 00:00:00 2001 From: Jawshua Date: Thu, 31 Jan 2019 12:32:51 +0000 Subject: [PATCH 0010/1586] [stable/prometheus-operator] fix conditional rule inserts (#10935) * [stable/prometheus-operator] Fix conditional rule insert bug Signed-off-by: Joshua Welsh * [stable/prometheus-operator] Bump version Signed-off-by: Joshua Welsh --- stable/prometheus-operator/Chart.yaml | 2 +- .../hack/sync_prometheus_rules.py | 14 ++++++++++++++ .../alertmanager/rules/kubernetes-absent.yaml | 2 +- 3 files changed, 16 insertions(+), 2 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 49076c731f16..9f71dcca4242 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.1.1 +version: 2.1.2 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/hack/sync_prometheus_rules.py b/stable/prometheus-operator/hack/sync_prometheus_rules.py index 0a5ac851c674..89d1c2073551 100755 --- a/stable/prometheus-operator/hack/sync_prometheus_rules.py +++ b/stable/prometheus-operator/hack/sync_prometheus_rules.py @@ -146,6 +146,20 @@ def add_rules_conditions(rules, indent=4): except ValueError: # we found the last alert in file if there are no alerts after it next_index = len(rules) + + # depending on the rule ordering in alert_condition_map it's possible that an if statement from another rule is present at the end of this block. + found_block_end = False + last_line_index = next_index + while not found_block_end: + last_line_index = rules.rindex('\n', index, last_line_index - 1) # find the starting position of the last line + last_line = rules[last_line_index + 1:next_index] + + if last_line.startswith('{{- if'): + next_index = last_line_index + 1 # move next_index back if the current block ends in an if statement + continue + + found_block_end = True + rules = rules[:next_index] + '{{- end }}\n' + rules[next_index:] return rules diff --git a/stable/prometheus-operator/templates/alertmanager/rules/kubernetes-absent.yaml b/stable/prometheus-operator/templates/alertmanager/rules/kubernetes-absent.yaml index ce021553bf4b..e40332df0d36 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/kubernetes-absent.yaml +++ b/stable/prometheus-operator/templates/alertmanager/rules/kubernetes-absent.yaml @@ -38,8 +38,8 @@ spec: for: 15m labels: severity: critical -{{- if .Values.kubeApiServer.enabled }} {{- end }} +{{- if .Values.kubeApiServer.enabled }} - alert: KubeAPIDown annotations: message: KubeAPI has disappeared from Prometheus target discovery. From 95f3e724fc2572cf4c20d09166ecbfd7275eb2bc Mon Sep 17 00:00:00 2001 From: "David J. M. Karlsen" Date: Thu, 31 Jan 2019 14:09:58 +0100 Subject: [PATCH 0011/1586] [stable/prometheus] upgrade to latest release (#11030) Signed-off-by: David J. M. Karlsen --- stable/prometheus/Chart.yaml | 4 ++-- stable/prometheus/README.md | 2 +- stable/prometheus/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/prometheus/Chart.yaml b/stable/prometheus/Chart.yaml index c096b92f96b9..897cdd59a4c7 100755 --- a/stable/prometheus/Chart.yaml +++ b/stable/prometheus/Chart.yaml @@ -1,6 +1,6 @@ name: prometheus -version: 8.6.0 -appVersion: 2.7.0 +version: 8.6.1 +appVersion: 2.7.1 description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png diff --git a/stable/prometheus/README.md b/stable/prometheus/README.md index d132c80d1e4e..495a447409a1 100644 --- a/stable/prometheus/README.md +++ b/stable/prometheus/README.md @@ -227,7 +227,7 @@ Parameter | Description | Default `rbac.create` | If true, create & use RBAC resources | `true` `server.name` | Prometheus server container name | `server` `server.image.repository` | Prometheus server container image repository | `prom/prometheus` -`server.image.tag` | Prometheus server container image tag | `v2.7.0` +`server.image.tag` | Prometheus server container image tag | `v2.7.1` `server.image.pullPolicy` | Prometheus server container image pull policy | `IfNotPresent` `server.enableAdminApi` | If true, Prometheus administrative HTTP API will be enabled. Please note, that you should take care of administrative API access protection (ingress or some frontend Nginx with auth) before enabling it. | `false` `server.configPath` | Path to a prometheus server config file on the container FS | `/etc/config/prometheus.yml` diff --git a/stable/prometheus/values.yaml b/stable/prometheus/values.yaml index 15389f50b480..c57c20206aa7 100644 --- a/stable/prometheus/values.yaml +++ b/stable/prometheus/values.yaml @@ -518,7 +518,7 @@ server: ## image: repository: prom/prometheus - tag: v2.7.0 + tag: v2.7.1 pullPolicy: IfNotPresent ## prometheus server priorityClassName From f672cf7c447e452a0d2a35fde3ab18737327744b Mon Sep 17 00:00:00 2001 From: Cola Chen Date: Fri, 1 Feb 2019 00:27:54 +0800 Subject: [PATCH 0012/1586] [stable/gocd] add host in template ingress.yaml instead of using default backend (#10983) * if there is no host in template ingress.yaml, use default backend Signed-off-by: cola * Update CHANGELOG Signed-off-by: cola --- stable/gocd/CHANGELOG.md | 6 ++++++ stable/gocd/Chart.yaml | 2 +- stable/gocd/templates/ingress.yaml | 19 ++++++++++++++----- stable/gocd/values.yaml | 4 ++-- 4 files changed, 23 insertions(+), 8 deletions(-) diff --git a/stable/gocd/CHANGELOG.md b/stable/gocd/CHANGELOG.md index ccd9f1c19533..9d3d65f3b565 100644 --- a/stable/gocd/CHANGELOG.md +++ b/stable/gocd/CHANGELOG.md @@ -1,3 +1,9 @@ +### 1.6.6 + +* [84bd7fe](https://github.com/kubernetes/charts/commit/f44d408): + +- If there is no host in template ingress.yaml, use default backend. + ### 1.6.5 * [f44d408](https://github.com/kubernetes/charts/commit/f44d408): diff --git a/stable/gocd/Chart.yaml b/stable/gocd/Chart.yaml index 4a5b053e6d12..5c4d8f76bfa3 100644 --- a/stable/gocd/Chart.yaml +++ b/stable/gocd/Chart.yaml @@ -1,6 +1,6 @@ name: gocd home: https://www.gocd.org/ -version: 1.6.5 +version: 1.6.6 appVersion: 19.1.0 description: GoCD is an open-source continuous delivery server to model and visualize complex workflows with ease. icon: https://gocd.github.io/assets/images/go-icon-black-192x192.png diff --git a/stable/gocd/templates/ingress.yaml b/stable/gocd/templates/ingress.yaml index 4dd546797e5f..52206b52bd3f 100644 --- a/stable/gocd/templates/ingress.yaml +++ b/stable/gocd/templates/ingress.yaml @@ -15,16 +15,25 @@ metadata: {{ $key }}: {{ $value | quote }} {{- end }} spec: - backend: - serviceName: {{ template "gocd.fullname" . }}-server - servicePort: {{ .Values.server.service.httpPort }} + {{- if .Values.server.ingress.hosts }} + {{ $dot := .}} rules: {{- range $host := .Values.server.ingress.hosts }} - host: {{ $host }} - {{- end -}} + http: + paths: + - backend: + serviceName: {{ template "gocd.fullname" $dot }}-server + servicePort: {{ $dot.Values.server.service.httpPort }} + {{- end }} + {{- else }} + backend: + serviceName: {{ template "gocd.fullname" . }}-server + servicePort: {{ .Values.server.service.httpPort }} + {{- end -}} {{- if .Values.server.ingress.tls }} tls: {{ toYaml .Values.server.ingress.tls | indent 4 }} {{- end -}} {{- end -}} -{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/stable/gocd/values.yaml b/stable/gocd/values.yaml index 10bb689babde..23bd22ba9611 100644 --- a/stable/gocd/values.yaml +++ b/stable/gocd/values.yaml @@ -115,8 +115,8 @@ server: # server.ingress.enabled is the toggle to enable/disable GoCD Server Ingress enabled: true # server.ingress.hosts is used to create an Ingress record. -# hosts: -# - ci.example.com + # hosts: + # - ci.example.com annotations: # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" From 3c34df71ac7da7b490427622b5b90151aee79e14 Mon Sep 17 00:00:00 2001 From: Moody Saada Date: Thu, 31 Jan 2019 11:47:06 -0500 Subject: [PATCH 0013/1586] [stable/ark] upgrade 0.9 to 0.10 + restic support (#10790) Signed-off-by: moody --- stable/ark/Chart.yaml | 4 +- stable/ark/README.md | 31 +++++-- stable/ark/templates/backups.yaml | 1 + .../ark/templates/backupstoragelocation.yaml | 39 +++++++++ ...nfigs.yaml => backupstoragelocations.yaml} | 7 +- stable/ark/templates/config.yaml | 48 ----------- .../ark/templates/deletebackuprequests.yaml | 1 + stable/ark/templates/deployment.yaml | 17 ++++ stable/ark/templates/downloadrequests.yaml | 1 + stable/ark/templates/podvolumebackups.yaml | 1 + stable/ark/templates/podvolumerestores.yaml | 1 + stable/ark/templates/restic-daemonset.yaml | 83 +++++++++++++++++++ stable/ark/templates/resticrepositories.yaml | 1 + stable/ark/templates/restores.yaml | 1 + stable/ark/templates/schedules.yaml | 1 + .../ark/templates/volumesnapshotlocation.yaml | 27 ++++++ .../templates/volumesnapshotlocations.yaml | 19 +++++ stable/ark/values.yaml | 12 ++- 18 files changed, 231 insertions(+), 64 deletions(-) create mode 100644 stable/ark/templates/backupstoragelocation.yaml rename stable/ark/templates/{configs.yaml => backupstoragelocations.yaml} (67%) delete mode 100644 stable/ark/templates/config.yaml create mode 100644 stable/ark/templates/restic-daemonset.yaml create mode 100644 stable/ark/templates/volumesnapshotlocation.yaml create mode 100644 stable/ark/templates/volumesnapshotlocations.yaml diff --git a/stable/ark/Chart.yaml b/stable/ark/Chart.yaml index 16bc377319c4..e114397aff43 100644 --- a/stable/ark/Chart.yaml +++ b/stable/ark/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 0.9.1 +appVersion: 0.10.1 description: A Helm chart for ark name: ark -version: 2.0.0 +version: 3.0.0 home: https://github.com/heptio/ark icon: https://cdn-images-1.medium.com/max/1600/1*-9mb3AKnKdcL_QD3CMnthQ.png sources: diff --git a/stable/ark/README.md b/stable/ark/README.md index b63a832bea49..f6731ee91a7a 100644 --- a/stable/ark/README.md +++ b/stable/ark/README.md @@ -1,14 +1,32 @@ # Ark-server -This helm chart installs Ark version v0.9.0 -https://github.com/heptio/ark/tree/v0.9.0 +This helm chart installs Ark version v0.10.1 +https://github.com/heptio/ark/tree/v0.10.1 +## Upgrading to v0.10 + +Ark v0.10.1 introduces breaking changes. The below instructions are based on the [official upgrade guide](https://github.com/heptio/ark/blob/master/docs/upgrading-to-v0.10.md). + +1. Pull the latest changes in this chart. If you're using Helm dependencies, update the chart version you're using in your `requirements.yaml` and run `helm dependency update`. + +2. Scale down + +```sh +kubectl scale -n heptio-ark deploy/ark --replicas 0 +``` + +3. Migrate file structure of your backup storage according to [guide](https://github.com/heptio/ark/blob/master/docs/storage-layout-reorg-v0.10.md) +4. Upgrade your deployment + +```sh +helm upgrade --force --namespace heptio-ark ark ./ark +``` ## Prerequisites ### Secret for cloud provider credentials Ark server needs an IAM service account in order to run, if you don't have it you must create it. -Please follow the official documentation: https://heptio.github.io/ark/v0.9.0/cloud-common +Please follow the official documentation: https://heptio.github.io/ark/v0.10.0/install-overview Don't forget the step to create the secret ``` @@ -17,7 +35,7 @@ kubectl create secret generic cloud-credentials --namespace --fr ### Configuration Please change the values.yaml according to your setup -See here for the official documentation https://heptio.github.io/ark/v0.9.0/config-definition +See here for the official documentation https://heptio.github.io/ark/v0.10.0/install-overview Parameter | Description | Default | Required --- | --- | --- | --- @@ -54,9 +72,8 @@ Parameter | Description | Default `configuration.backupStorageProvider.config.kmsKeyId` | KMS key for encryption (AWS only) | `` `configuration.backupSyncPeriod` | How frequently Ark queries the object storage to make sure that the appropriate Backup resources have been created for existing backup files | `60m` `configuration.extraEnvVars` | Key/values for extra environment variables such as AWS_CLUSTER_NAME, etc | `{}` -`configuration.gcSyncPeriod` | How frequently Ark queries the object storage to delete backup files that have passed their TTL | `60m` -`configuration.scheduleSyncPeriod` | How frequently Ark checks its Schedule resource objects to see if a backup needs to be initiated | `1m` -`configuration.resourcePriorities` | An ordered list that describes the order in which Kubernetes resource objects should be restored | `[]` +`configuration.metricsAddress` | Address to expose metrics | `:8085` +`configuration.restoreResourcePriorities` | An ordered list that describes the order in which Kubernetes resource objects should be restored | `namespaces,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods` `configuration.restoreOnlyMode` | When RestoreOnly mode is on, functionality for backups, schedules, and expired backup deletion is turned off. Restores are made from existing backup files in object storage | `false` `credentials.existingSecret` | If specified and `useSecret` is `true`, uses an existing secret with this name instead of creating one | `` `credentials.useSecret` | Whether a secret should be used. Set this to `false` when using `kube2iam` | `true` diff --git a/stable/ark/templates/backups.yaml b/stable/ark/templates/backups.yaml index 3591c03b77a3..06aa25943db5 100644 --- a/stable/ark/templates/backups.yaml +++ b/stable/ark/templates/backups.yaml @@ -9,6 +9,7 @@ metadata: app: {{ template "ark.name" . }} annotations: "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" spec: group: ark.heptio.com version: v1 diff --git a/stable/ark/templates/backupstoragelocation.yaml b/stable/ark/templates/backupstoragelocation.yaml new file mode 100644 index 000000000000..0816947118eb --- /dev/null +++ b/stable/ark/templates/backupstoragelocation.yaml @@ -0,0 +1,39 @@ +{{- $root := . }} +{{- with .Values.configuration }} +{{- with .backupStorageProvider }} +apiVersion: ark.heptio.com/v1 +kind: BackupStorageLocation +metadata: + name: default + labels: + chart: {{ template "ark.chart" $root }} + heritage: {{ $root.Release.Service }} + release: {{ $root.Release.Name }} + app: {{ template "ark.name" $root }} +spec: + provider: {{ .name }} + objectStorage: + bucket: {{ .bucket }} +{{- with .config }} + config: + {{- with .region }} + region: {{ . }} + {{- end }} + {{- with .s3ForcePathStyle }} + s3ForcePathStyle: {{ . }} + {{- end }} + {{- with .s3Url }} + s3Url: {{ . }} + {{- end }} + {{- with .kmsKeyId }} + kmsKeyId: {{ . }} + {{- end }} + {{- with .resourceGroup }} + resourceGroup: {{ . }} + {{- end }} + {{- with .storageAccount }} + storageAccount: {{ . }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/stable/ark/templates/configs.yaml b/stable/ark/templates/backupstoragelocations.yaml similarity index 67% rename from stable/ark/templates/configs.yaml rename to stable/ark/templates/backupstoragelocations.yaml index 957815c148c7..60c1ad7d08fb 100644 --- a/stable/ark/templates/configs.yaml +++ b/stable/ark/templates/backupstoragelocations.yaml @@ -1,7 +1,7 @@ apiVersion: apiextensions.k8s.io/v1beta1 kind: CustomResourceDefinition metadata: - name: configs.ark.heptio.com + name: backupstoragelocations.ark.heptio.com labels: chart: {{ template "ark.chart" . }} heritage: {{ .Release.Service }} @@ -9,10 +9,11 @@ metadata: app: {{ template "ark.name" . }} annotations: "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" spec: group: ark.heptio.com version: v1 scope: Namespaced names: - plural: configs - kind: Config + plural: backupstoragelocations + kind: BackupStorageLocation diff --git a/stable/ark/templates/config.yaml b/stable/ark/templates/config.yaml deleted file mode 100644 index 1ac5b60db8fb..000000000000 --- a/stable/ark/templates/config.yaml +++ /dev/null @@ -1,48 +0,0 @@ -apiVersion: ark.heptio.com/v1 -kind: Config -metadata: - name: default - labels: - chart: {{ template "ark.chart" . }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - app: {{ template "ark.name" . }} -{{ with .Values.configuration }} -{{- with .persistentVolumeProvider }} -persistentVolumeProvider: - name: {{ .name }} -{{ with .config }} - config: - {{- with .region }} - region: {{ . }} - {{- end }} - {{- with .apitimeout }} - apiTimeout: {{ . }} - {{- end }} -{{- end }} -{{- end }} -{{- with .backupStorageProvider }} -backupStorageProvider: - name: {{ .name }} - bucket: {{ .bucket }} -{{- with .config }} - config: - {{- with .region }} - region: {{ . }} - {{- end }} - {{- with .s3ForcePathStyle }} - s3ForcePathStyle: {{ . }} - {{- end }} - {{- with .s3Url }} - s3Url: {{ . }} - {{- end }} - {{- with .kmsKeyId }} - kmsKeyId: {{ . }} - {{- end }} -{{- end }} -{{- end }} -backupSyncPeriod: {{ .backupSyncPeriod }} -gcSyncPeriod: {{ .gcSyncPeriod }} -scheduleSyncPeriod: {{ .scheduleSyncPeriod }} -restoreOnlyMode: {{ .restoreOnlyMode }} -{{- end }} diff --git a/stable/ark/templates/deletebackuprequests.yaml b/stable/ark/templates/deletebackuprequests.yaml index 4dc9baaae3f9..87fe6b1491fa 100644 --- a/stable/ark/templates/deletebackuprequests.yaml +++ b/stable/ark/templates/deletebackuprequests.yaml @@ -9,6 +9,7 @@ metadata: app: {{ template "ark.name" . }} annotations: "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" spec: group: ark.heptio.com version: v1 diff --git a/stable/ark/templates/deployment.yaml b/stable/ark/templates/deployment.yaml index 02af98cd861f..9ee640bff97b 100644 --- a/stable/ark/templates/deployment.yaml +++ b/stable/ark/templates/deployment.yaml @@ -35,6 +35,23 @@ spec: - /ark args: - server + {{- with .Values.configuration }} + {{- with .metricAddress }} + - --metrics-address={{ . }} + {{- end }} + {{- with .backupSyncPeriod }} + - --backup-sync-period={{ . }} + {{- end }} + {{- with .resticTimeout }} + - --restic-timeout={{ . }} + {{- end }} + {{- if .restoreOnlyMode }} + - --restore-only + {{- end }} + {{- with .restoreResourcePriorities }} + - --restore-resource-priorities={{ . }} + {{- end }} + {{- end }} {{- if eq $provider "azure" }} envFrom: - secretRef: diff --git a/stable/ark/templates/downloadrequests.yaml b/stable/ark/templates/downloadrequests.yaml index c083fe3e69bf..c0a155d9bc44 100644 --- a/stable/ark/templates/downloadrequests.yaml +++ b/stable/ark/templates/downloadrequests.yaml @@ -9,6 +9,7 @@ metadata: app: {{ template "ark.name" . }} annotations: "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" spec: group: ark.heptio.com version: v1 diff --git a/stable/ark/templates/podvolumebackups.yaml b/stable/ark/templates/podvolumebackups.yaml index b649ccf30f02..e0e625d0872e 100644 --- a/stable/ark/templates/podvolumebackups.yaml +++ b/stable/ark/templates/podvolumebackups.yaml @@ -9,6 +9,7 @@ metadata: app: {{ template "ark.name" . }} annotations: "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" spec: group: ark.heptio.com version: v1 diff --git a/stable/ark/templates/podvolumerestores.yaml b/stable/ark/templates/podvolumerestores.yaml index 72edce146cbb..52ac283ead21 100644 --- a/stable/ark/templates/podvolumerestores.yaml +++ b/stable/ark/templates/podvolumerestores.yaml @@ -9,6 +9,7 @@ metadata: app: {{ template "ark.name" . }} annotations: "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" spec: group: ark.heptio.com version: v1 diff --git a/stable/ark/templates/restic-daemonset.yaml b/stable/ark/templates/restic-daemonset.yaml new file mode 100644 index 000000000000..801a667c3c7f --- /dev/null +++ b/stable/ark/templates/restic-daemonset.yaml @@ -0,0 +1,83 @@ +{{- if .Values.deployRestic }} +{{- $provider := .Values.configuration.backupStorageProvider.name -}} +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: restic + labels: + app: {{ template "ark.name" . }} + chart: {{ template "ark.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} +spec: + selector: + matchLabels: + name: restic + template: + metadata: + labels: + name: restic + spec: + {{- if .Values.serviceAccount.server.create }} + serviceAccountName: {{ template "ark.serverServiceAccount" . }} + {{- end }} + securityContext: + runAsUser: 0 + volumes: + {{- if and .Values.credentials.useSecret (or (eq $provider "aws") (eq $provider "gcp")) }} + - name: cloud-credentials + secret: + secretName: {{ template "ark.secretName" . }} + {{- end }} + - name: host-pods + hostPath: + path: /var/lib/kubelet/pods + - name: scratch + emptyDir: {} + containers: + - name: ark + image: gcr.io/heptio-images/ark:latest + command: + - /ark + args: + - restic + - server + volumeMounts: + {{- if and .Values.credentials.useSecret (or (eq $provider "aws") (eq $provider "gcp")) }} + - name: cloud-credentials + mountPath: /credentials + {{- end }} + - name: host-pods + mountPath: /host_pods + mountPropagation: HostToContainer + - name: scratch + mountPath: /scratch + {{- if and .Values.credentials.useSecret (eq $provider "azure") }} + envFrom: + - secretRef: + name: {{ template "ark.secretName" . }} + {{- end }} + env: + - name: HEPTIO_ARK_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + - name: ARK_SCRATCH_DIR + value: /scratch + {{- if eq $provider "aws" }} + - name: AWS_SHARED_CREDENTIALS_FILE + value: /credentials/cloud + {{- end }} + {{- if eq $provider "gcp" }} + - name: GOOGLE_APPLICATION_CREDENTIALS + value: /credentials/cloud + {{- end }} + {{- if eq $provider "minio" }} + - name: AWS_SHARED_CREDENTIALS_FILE + value: /credentials/cloud + {{- end }} +{{- end }} diff --git a/stable/ark/templates/resticrepositories.yaml b/stable/ark/templates/resticrepositories.yaml index 8ba66943ba5e..cebb2bd8a902 100644 --- a/stable/ark/templates/resticrepositories.yaml +++ b/stable/ark/templates/resticrepositories.yaml @@ -9,6 +9,7 @@ metadata: app: {{ template "ark.name" . }} annotations: "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" spec: group: ark.heptio.com version: v1 diff --git a/stable/ark/templates/restores.yaml b/stable/ark/templates/restores.yaml index 21dbce9bd5a5..cd569d67f770 100644 --- a/stable/ark/templates/restores.yaml +++ b/stable/ark/templates/restores.yaml @@ -9,6 +9,7 @@ metadata: app: {{ template "ark.name" . }} annotations: "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" spec: group: ark.heptio.com version: v1 diff --git a/stable/ark/templates/schedules.yaml b/stable/ark/templates/schedules.yaml index f7f1850a5d85..847da2f79407 100644 --- a/stable/ark/templates/schedules.yaml +++ b/stable/ark/templates/schedules.yaml @@ -9,6 +9,7 @@ metadata: app: {{ template "ark.name" . }} annotations: "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" spec: group: ark.heptio.com version: v1 diff --git a/stable/ark/templates/volumesnapshotlocation.yaml b/stable/ark/templates/volumesnapshotlocation.yaml new file mode 100644 index 000000000000..afa287c0fd8b --- /dev/null +++ b/stable/ark/templates/volumesnapshotlocation.yaml @@ -0,0 +1,27 @@ +{{- $root := . }} +{{- with .Values.configuration }} +{{- with .persistentVolumeProvider }} +apiVersion: ark.heptio.com/v1 +kind: VolumeSnapshotLocation +metadata: + name: default + labels: + chart: {{ template "ark.chart" $root }} + heritage: {{ $root.Release.Service }} + release: {{ $root.Release.Name }} + app: {{ template "ark.name" $root }} +spec: + provider: {{ .name }} + objectStorage: + bucket: {{ .bucket }} +{{ with .config }} + config: + {{- with .region }} + region: {{ . }} + {{- end }} + {{- with .apitimeout }} + apiTimeout: {{ . }} + {{- end }} +{{- end }} +{{- end }} +{{- end }} diff --git a/stable/ark/templates/volumesnapshotlocations.yaml b/stable/ark/templates/volumesnapshotlocations.yaml new file mode 100644 index 000000000000..5ca0e5beb9a1 --- /dev/null +++ b/stable/ark/templates/volumesnapshotlocations.yaml @@ -0,0 +1,19 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: volumesnapshotlocations.ark.heptio.com + labels: + chart: {{ template "ark.chart" . }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + app: {{ template "ark.name" . }} + annotations: + "helm.sh/hook": crd-install + "helm.sh/hook-delete-policy": "before-hook-creation" +spec: + group: ark.heptio.com + version: v1 + scope: Namespaced + names: + plural: volumesnapshotlocations + kind: VolumeSnapshotLocation diff --git a/stable/ark/values.yaml b/stable/ark/values.yaml index 27915d041f05..1eac4e73900e 100644 --- a/stable/ark/values.yaml +++ b/stable/ark/values.yaml @@ -1,6 +1,6 @@ image: repository: gcr.io/heptio-images/ark - tag: v0.9.1 + tag: v0.10.1 pullPolicy: IfNotPresent # Only kube2iam: change the AWS_ACCOUNT_ID and HEPTIO_ARK_ROLE_NAME @@ -38,11 +38,13 @@ configuration: # s3ForcePathStyle: # s3Url: # kmsKeyId: + # resourceGroup: + # storageAccount: backupSyncPeriod: 60m - gcSyncPeriod: 60m - scheduleSyncPeriod: 1m - resourcePriorities: [] + metricsAddress: ":8085" + resticTimeout: 1h + restoreResourcePriorities: namespaces,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods restoreOnlyMode: false # additional key/value pairs to be used as environment variables such as "AWS_CLUSTER_NAME: 'yourcluster.domain.tld'" extraEnvVars: {} @@ -61,3 +63,5 @@ credentials: existingSecret: useSecret: true secretContents: {} + +deployRestic: false From 0cf77f9c1bfeca58f78b142e1186534c3de84b6c Mon Sep 17 00:00:00 2001 From: Nikita Akhnin Date: Fri, 1 Feb 2019 00:00:31 +0700 Subject: [PATCH 0014/1586] [casssandra] Toggle for enabling hostNetwork in Cassandra pods (#11023) * Add hostNetwork toggle Signed-off-by: Nikita Akhnin * Add feature to enable hostNetwork in Cassandra pods Signed-off-by: Nikita Akhnin * Update README.md Signed-off-by: Nikita Akhnin * Update Chart.yaml Signed-off-by: Nikita Akhnin --- incubator/cassandra/Chart.yaml | 2 +- incubator/cassandra/README.md | 1 + incubator/cassandra/templates/statefulset.yaml | 5 +++++ incubator/cassandra/values.yaml | 4 ++++ 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/incubator/cassandra/Chart.yaml b/incubator/cassandra/Chart.yaml index 16fd4b92ed8d..579d8e6ffc9e 100644 --- a/incubator/cassandra/Chart.yaml +++ b/incubator/cassandra/Chart.yaml @@ -1,5 +1,5 @@ name: cassandra -version: 0.10.3 +version: 0.10.4 appVersion: 3.11.3 description: Apache Cassandra is a free and open-source distributed database management system designed to handle large amounts of data across many commodity servers, providing diff --git a/incubator/cassandra/README.md b/incubator/cassandra/README.md index 6cdbb8aa0cd4..b3b19595ac19 100644 --- a/incubator/cassandra/README.md +++ b/incubator/cassandra/README.md @@ -88,6 +88,7 @@ The following table lists the configurable parameters of the Cassandra chart and | `config.cluster_name` | The name of the cluster. | `cassandra` | | `config.cluster_size` | The number of nodes in the cluster. | `3` | | `config.seed_size` | The number of seed nodes used to bootstrap new clients joining the cluster. | `2` | +| `config.seeds` | The comma-separated list of seed nodes. | Automatically generated according to `.Release.Name` and `config.seed_size` | | `config.num_tokens` | Initdb Arguments | `256` | | `config.dc_name` | Initdb Arguments | `DC1` | | `config.rack_name` | Initdb Arguments | `RAC1` | diff --git a/incubator/cassandra/templates/statefulset.yaml b/incubator/cassandra/templates/statefulset.yaml index 412a4cbcf215..c691597f4f34 100644 --- a/incubator/cassandra/templates/statefulset.yaml +++ b/incubator/cassandra/templates/statefulset.yaml @@ -30,6 +30,7 @@ spec: {{ toYaml .Values.podAnnotations | indent 8 }} {{- end }} spec: + hostNetwork: {{ .Values.hostNetwork }} {{- if .Values.selector }} {{ toYaml .Values.selector | indent 6 }} {{- end }} @@ -86,7 +87,11 @@ spec: {{- $seed_size := default 1 .Values.config.seed_size | int -}} {{- $global := . }} - name: CASSANDRA_SEEDS + {{- if .Values.hostNetwork }} + value: {{ required "You must fill \".Values.config.seeds\" with list of Cassandra seeds when hostNetwork is set to true" .Values.config.seeds | quote }} + {{- else }} value: "{{- range $i, $e := until $seed_size }}{{ template "cassandra.fullname" $global }}-{{ $i }}.{{ template "cassandra.fullname" $global }}.{{ $global.Release.Namespace }}.svc.{{ $global.Values.config.cluster_domain }}{{- if (lt ( add1 $i ) $seed_size ) }},{{- end }}{{- end }}" + {{- end }} - name: MAX_HEAP_SIZE value: {{ default "8192M" .Values.config.max_heap_size | quote }} - name: HEAP_NEWSIZE diff --git a/incubator/cassandra/values.yaml b/incubator/cassandra/values.yaml index 86cec364e33c..6bfae651acf5 100644 --- a/incubator/cassandra/values.yaml +++ b/incubator/cassandra/values.yaml @@ -148,6 +148,10 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template # name: +# Use host network for Cassandra pods +# You must pass seed list into config.seeds property if set to true +hostNetwork: false + ## Backup cronjob configuration ## Ref: https://github.com/nuvo/cain backup: From ac99818c23baa21140e9ccbc2ba54a7d5bc6b603 Mon Sep 17 00:00:00 2001 From: "David J. M. Karlsen" Date: Thu, 31 Jan 2019 20:55:43 +0100 Subject: [PATCH 0015/1586] [stable/karma] upgrade karma (#11039) Signed-off-by: David J. M. Karlsen --- stable/karma/Chart.yaml | 4 ++-- stable/karma/README.md | 2 +- stable/karma/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/karma/Chart.yaml b/stable/karma/Chart.yaml index 10197b3906f1..5cb73cd4ffcd 100644 --- a/stable/karma/Chart.yaml +++ b/stable/karma/Chart.yaml @@ -1,12 +1,12 @@ apiVersion: v1 -appVersion: "v0.21" +appVersion: "v0.22" description: A Helm chart for Karma - an UI for Prometheus Alertmanager name: karma home: https://github.com/prymitive/karma sources: - https://hub.docker.com/r/lmierzwa/karma/ - https://github.com/prymitive/karma -version: 1.1.9 +version: 1.1.10 maintainers: - name: davidkarlsen email: david@davidkarlsen.com diff --git a/stable/karma/README.md b/stable/karma/README.md index ca57a2c86b2e..df05db6b63b1 100644 --- a/stable/karma/README.md +++ b/stable/karma/README.md @@ -41,7 +41,7 @@ The following table lists the configurable parameters of the karma chart and the |-------------------------------------|----------------------------------------|-------------------------------------------| | `replicaCount` | Number of replicas | `1` | | `image.repository` | The image to run | `lmierzwa/karma` | -| `image.tag` | The image tag to pull | `v0.21` | +| `image.tag` | The image tag to pull | `v0.22` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `nameOverride` | Override name of app | `` | | `fullnameOverride` | Override full name of app | `` | diff --git a/stable/karma/values.yaml b/stable/karma/values.yaml index 8e9f80b1bf24..b26eb4f53233 100644 --- a/stable/karma/values.yaml +++ b/stable/karma/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 image: repository: lmierzwa/karma - tag: v0.21 + tag: v0.22 pullPolicy: IfNotPresent nameOverride: "" From eba953cc8e15b9dc59dcb242e3555785c069580e Mon Sep 17 00:00:00 2001 From: Kevin Lefevre Date: Thu, 31 Jan 2019 21:04:07 +0100 Subject: [PATCH 0016/1586] [incubator/fluentd-cloudwatch] add affinity/nodeselector (#10850) Signed-off-by: ArchiFleKs --- incubator/fluentd-cloudwatch/Chart.yaml | 2 +- incubator/fluentd-cloudwatch/README.md | 2 ++ .../fluentd-cloudwatch/templates/daemonset.yaml | 10 +++++++++- incubator/fluentd-cloudwatch/values.yaml | 17 +++++++++++++++++ 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/incubator/fluentd-cloudwatch/Chart.yaml b/incubator/fluentd-cloudwatch/Chart.yaml index 36d329d3d9ad..33f0e5d56a92 100644 --- a/incubator/fluentd-cloudwatch/Chart.yaml +++ b/incubator/fluentd-cloudwatch/Chart.yaml @@ -1,5 +1,5 @@ name: fluentd-cloudwatch -version: 0.6.4 +version: 0.7.0 appVersion: v0.12.43-cloudwatch description: A Fluentd CloudWatch Helm chart for Kubernetes. home: https://www.fluentd.org/ diff --git a/incubator/fluentd-cloudwatch/README.md b/incubator/fluentd-cloudwatch/README.md index fec16b71722c..10a9bbb3ca31 100644 --- a/incubator/fluentd-cloudwatch/README.md +++ b/incubator/fluentd-cloudwatch/README.md @@ -68,6 +68,8 @@ The following table lists the configurable parameters of the Fluentd Cloudwatch | `tolerations` | Add tolerations | `[]` | | `extraVars` | Add pod environment variables (must be specified as a single line object) | `[]` | | `updateStrategy` | Define daemonset update strategy | `OnDelete` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `affinity` | Node affinity for pod assignment | `{}` | Starting with fluentd-kubernetes-daemonset v0.12.43-cloudwatch, the container runs as user fluentd. To be able to write pos files to the host system, you'll need to run fluentd as root. Add the following extraVars value to run as root. diff --git a/incubator/fluentd-cloudwatch/templates/daemonset.yaml b/incubator/fluentd-cloudwatch/templates/daemonset.yaml index b72a6e1f472c..785b4b1d38ce 100644 --- a/incubator/fluentd-cloudwatch/templates/daemonset.yaml +++ b/incubator/fluentd-cloudwatch/templates/daemonset.yaml @@ -86,5 +86,13 @@ spec: tolerations: {{ toYaml .Values.tolerations | indent 6 }} {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} updateStrategy: -{{ toYaml .Values.updateStrategy | indent 4 }} \ No newline at end of file +{{ toYaml .Values.updateStrategy | indent 4 }} diff --git a/incubator/fluentd-cloudwatch/values.yaml b/incubator/fluentd-cloudwatch/values.yaml index ebc8dc25bec8..2f0e79d3843a 100644 --- a/incubator/fluentd-cloudwatch/values.yaml +++ b/incubator/fluentd-cloudwatch/values.yaml @@ -19,6 +19,23 @@ resources: # hostNetwork: false +## Node labels for pod assignment +## Ref: https://kubernetes.io/docs/user-guide/node-selection/ +## +nodeSelector: {} + # kubernetes.io/role: node +# Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core +# Expects input structure as per specification for example: +# affinity: +# nodeAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# nodeSelectorTerms: +# - matchExpressions: +# - key: foo.bar.com/role +# operator: In +# values: +# - master +affinity: {} ## Add tolerations if specified tolerations: [] # - key: node-role.kubernetes.io/master From e60adf75872e3c67e25868ccb98f15e173b0666f Mon Sep 17 00:00:00 2001 From: Kyle von Bredow Date: Thu, 31 Jan 2019 15:24:45 -0500 Subject: [PATCH 0017/1586] [stable/prometheus-node-exporter] Add nodeSelector to DaemonSet (#10952) * Add nodeSelector to prometheus-node-exporter DaemonSet Signed-off-by: Kyle von Bredow * Add affinity to prometheus-node-exporter DaemonSet Signed-off-by: Kyle von Bredow --- stable/prometheus-node-exporter/Chart.yaml | 2 +- stable/prometheus-node-exporter/README.md | 2 ++ .../templates/daemonset.yaml | 8 ++++++++ stable/prometheus-node-exporter/values.yaml | 18 ++++++++++++++++++ 4 files changed, 29 insertions(+), 1 deletion(-) diff --git a/stable/prometheus-node-exporter/Chart.yaml b/stable/prometheus-node-exporter/Chart.yaml index 89f76634ab6e..569c8b1c8f0f 100644 --- a/stable/prometheus-node-exporter/Chart.yaml +++ b/stable/prometheus-node-exporter/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.17.0" description: A Helm chart for prometheus node-exporter name: prometheus-node-exporter -version: 1.1.0 +version: 1.2.0 home: https://github.com/prometheus/node_exporter/ sources: - https://github.com/prometheus/node_exporter/ diff --git a/stable/prometheus-node-exporter/README.md b/stable/prometheus-node-exporter/README.md index e5027062a78e..7abf0b5539cf 100644 --- a/stable/prometheus-node-exporter/README.md +++ b/stable/prometheus-node-exporter/README.md @@ -56,6 +56,8 @@ The following table lists the configurable parameters of the Node Exporter chart | `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | | | | `serviceAccount.imagePullSecrets` | Specify image pull secrets | `[]` | | | `securityContext` | SecurityContext | `{"runAsNonRoot": true, "runAsUser": 65534}` | | +| `affinity` | A group of affinity scheduling rules for pod assignment | `{}` | | +| `nodeSelector` | Node labels for pod assignment | `{}` | | | `tolerations` | List of node taints to tolerate | `- effect: NoSchedule operator: Exists` | | | `priorityClassName` | Name of Priority Class to assign pods | `nil` | | | `endpoints` | list of addresses that have node exporter deployed outside of the cluster | `[]` | | diff --git a/stable/prometheus-node-exporter/templates/daemonset.yaml b/stable/prometheus-node-exporter/templates/daemonset.yaml index a6687d5bc05f..74261bdc3259 100644 --- a/stable/prometheus-node-exporter/templates/daemonset.yaml +++ b/stable/prometheus-node-exporter/templates/daemonset.yaml @@ -67,6 +67,14 @@ spec: {{- end }} hostNetwork: true hostPID: true +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} {{- with .Values.tolerations }} tolerations: {{ toYaml . | indent 8 }} diff --git a/stable/prometheus-node-exporter/values.yaml b/stable/prometheus-node-exporter/values.yaml index 6df243685d67..5f4298c683ff 100644 --- a/stable/prometheus-node-exporter/values.yaml +++ b/stable/prometheus-node-exporter/values.yaml @@ -50,6 +50,24 @@ rbac: # their addresses here endpoints: [] +## Assign a group of affinity scheduling rules +## +affinity: {} +# nodeAffinity: +# requiredDuringSchedulingIgnoredDuringExecution: +# nodeSelectorTerms: +# - matchFields: +# - key: metadata.name +# operator: In +# values: +# - target-host-name + +## Assign a nodeSelector if operating a hybrid cluster +## +nodeSelector: {} +# beta.kubernetes.io/arch: amd64 +# beta.kubernetes.io/os: linux + tolerations: - effect: NoSchedule operator: Exists From 66fe1f757477a4f717d1b916cc5289b3d3748a3d Mon Sep 17 00:00:00 2001 From: guessi mei Date: Thu, 31 Jan 2019 22:03:36 +0000 Subject: [PATCH 0018/1586] [stable/gce-ingress] Fix incorrect link in README.md (#11038) Signed-off-by: guessi --- stable/gce-ingress/Chart.yaml | 2 +- stable/gce-ingress/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/gce-ingress/Chart.yaml b/stable/gce-ingress/Chart.yaml index 4fc8302c866c..96d928e543dc 100644 --- a/stable/gce-ingress/Chart.yaml +++ b/stable/gce-ingress/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "1.4.0" description: A GCE Ingress Controller name: gce-ingress -version: 1.1.1 +version: 1.1.2 keywords: - ingress - gce diff --git a/stable/gce-ingress/README.md b/stable/gce-ingress/README.md index 7e86ea5fabd2..cd5a9effa035 100644 --- a/stable/gce-ingress/README.md +++ b/stable/gce-ingress/README.md @@ -1,6 +1,6 @@ # gce-ingress -[gce-ingress](https://github.com/kubernetes/gce-gce) is an Ingress controller that configures GCE loadbalancers +[ingress-gce](https://github.com/kubernetes/ingress-gce) is an Ingress controller that configures GCE loadbalancers To use, add the `kubernetes.io/ingress.class: "gce"` annotation to your Ingress resources. From 9b837739412bbde0d58e774c56b25948bd8a299b Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 1 Feb 2019 04:56:19 +0530 Subject: [PATCH 0019/1586] suitecrm: update to `7.11.1` (#11041) Signed-off-by: Bitnami Containers --- stable/suitecrm/Chart.yaml | 4 ++-- stable/suitecrm/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/suitecrm/Chart.yaml b/stable/suitecrm/Chart.yaml index bc5f88a3e689..470e8f1819aa 100644 --- a/stable/suitecrm/Chart.yaml +++ b/stable/suitecrm/Chart.yaml @@ -1,6 +1,6 @@ name: suitecrm -version: 5.0.4 -appVersion: 7.11.0 +version: 5.0.5 +appVersion: 7.11.1 description: SuiteCRM is a completely open source enterprise-grade Customer Relationship Management (CRM) application. SuiteCRM is a software fork of the popular customer relationship management (CRM) system SugarCRM. keywords: - suitecrm diff --git a/stable/suitecrm/values.yaml b/stable/suitecrm/values.yaml index e50909cec964..8c00c629a9fe 100644 --- a/stable/suitecrm/values.yaml +++ b/stable/suitecrm/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/suitecrm - tag: 7.11.0 + tag: 7.11.1 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 7755cea24c028db07e2e36933ec13c28efea9a32 Mon Sep 17 00:00:00 2001 From: unclejack Date: Fri, 1 Feb 2019 09:10:57 +0200 Subject: [PATCH 0020/1586] [stable/kibana]: remove ports from initContainers (#10975) Signed-off-by: unclejack --- stable/kibana/Chart.yaml | 2 +- stable/kibana/README.md | 1 - stable/kibana/ci/authproxy-enabled.yaml | 3 +++ stable/kibana/ci/disabled-internal-port.yaml | 4 ---- stable/kibana/templates/deployment.yaml | 10 ---------- stable/kibana/values.yaml | 2 -- 6 files changed, 4 insertions(+), 18 deletions(-) create mode 100644 stable/kibana/ci/authproxy-enabled.yaml delete mode 100644 stable/kibana/ci/disabled-internal-port.yaml diff --git a/stable/kibana/Chart.yaml b/stable/kibana/Chart.yaml index c32b97dd7b5d..860088d8b3b7 100644 --- a/stable/kibana/Chart.yaml +++ b/stable/kibana/Chart.yaml @@ -1,5 +1,5 @@ name: kibana -version: 1.3.0 +version: 1.4.0 appVersion: 6.6.0 description: Kibana is an open source data visualization plugin for Elasticsearch icon: https://raw.githubusercontent.com/elastic/kibana/master/src/ui/public/icons/kibana-color.svg diff --git a/stable/kibana/README.md b/stable/kibana/README.md index 8b0c28606fe7..c740610e0e8f 100644 --- a/stable/kibana/README.md +++ b/stable/kibana/README.md @@ -69,7 +69,6 @@ The following table lists the configurable parameters of the kibana chart and th | `resources` | pod resource requests & limits | `{}` | | `priorityClassName` | priorityClassName | `nil` | | `service.externalPort` | external port for the service | `443` | -| `service.disableInternalPort` | disable internal port when using sidecar | `false` | | `service.internalPort` | internal port for the service | `4180` | | `service.authProxyPort` | port to use when using sidecar authProxy | None: | | `service.externalIPs` | external IP addresses | None: | diff --git a/stable/kibana/ci/authproxy-enabled.yaml b/stable/kibana/ci/authproxy-enabled.yaml new file mode 100644 index 000000000000..186724a58f6b --- /dev/null +++ b/stable/kibana/ci/authproxy-enabled.yaml @@ -0,0 +1,3 @@ +--- +# disable internal port by setting authProxyEnabled +authProxyEnabled: true diff --git a/stable/kibana/ci/disabled-internal-port.yaml b/stable/kibana/ci/disabled-internal-port.yaml deleted file mode 100644 index 51e49a736f29..000000000000 --- a/stable/kibana/ci/disabled-internal-port.yaml +++ /dev/null @@ -1,4 +0,0 @@ ---- -# disable internal service -service: - disableInternalPort: true diff --git a/stable/kibana/templates/deployment.yaml b/stable/kibana/templates/deployment.yaml index 6669bb00072c..7f26b99afd53 100644 --- a/stable/kibana/templates/deployment.yaml +++ b/stable/kibana/templates/deployment.yaml @@ -47,10 +47,6 @@ spec: - name: "{{ $key }}" value: "{{ $value }}" {{- end }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ template "kibana.name" . }} - protocol: TCP volumeMounts: - name: {{ template "kibana.fullname" . }}-dashboards mountPath: "/kibanadashboards" @@ -106,12 +102,6 @@ spec: - name: "{{ $key }}" value: "{{ $value }}" {{- end }} -{{- if not .Values.service.disableInternalPort }} - ports: - - containerPort: {{ .Values.service.internalPort }} - name: {{ template "kibana.name" . }} - protocol: TCP -{{- end }} volumeMounts: - name: plugins mountPath: /usr/share/kibana/plugins diff --git a/stable/kibana/values.yaml b/stable/kibana/values.yaml index c950aecb89b3..de34527191a3 100644 --- a/stable/kibana/values.yaml +++ b/stable/kibana/values.yaml @@ -35,8 +35,6 @@ deployment: service: type: ClusterIP externalPort: 443 - # disables the internal port if set to true; to be used with a sidecar - disableInternalPort: false internalPort: 5601 # authProxyPort: 5602 To be used with authProxyEnabled and a proxy extraContainer ## External IP addresses of service From 15493df5ad0e38da7301bcb4979a07a0dbe5a73c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20R=C3=BCger?= Date: Fri, 1 Feb 2019 08:22:30 +0100 Subject: [PATCH 0021/1586] [stable/prometheus-operator] Add option to set log formatting (#10341) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Manuel Rüger --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 1 + .../templates/prometheus-operator/deployment.yaml | 3 +++ stable/prometheus-operator/values.yaml | 4 ++++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 9f71dcca4242..a13ef3d6996b 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.1.2 +version: 2.1.3 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index abe5b7563461..87bcd6a5f8b8 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -86,6 +86,7 @@ The following tables lists the configurable parameters of the prometheus-operato | `prometheusOperator.enabled` | Deploy Prometheus Operator. Only one of these should be deployed into the cluster | `true` | | `prometheusOperator.serviceAccount` | Create a serviceaccount for the operator | `true` | | `prometheusOperator.name` | Operator serviceAccount name | `""` | +| `prometheusOperator.logFormat | Operator log output formatting | `"logfmt"` | | `prometheusOperator.createCustomResource` | Create CRDs. Required if deploying anything besides the operator itself as part of the release. The operator will create / update these on startup. If your Helm version < 2.10 you will have to either create the CRDs first or deploy the operator first, then the rest of the resources | `true` | | `prometheusOperator.crdApiGroup` | Specify the API Group for the CustomResourceDefinitions | `monitoring.coreos.com` | | `prometheusOperator.cleanupCustomResource` | Attempt to delete CRDs when the release is removed. This option may be useful while testing but is not recommended, as deleting the CRD definition will delete resources and prevent the operator from being able to clean up resources that it manages | `false` | diff --git a/stable/prometheus-operator/templates/prometheus-operator/deployment.yaml b/stable/prometheus-operator/templates/prometheus-operator/deployment.yaml index b2cfea07c4a9..dbad33b068a9 100644 --- a/stable/prometheus-operator/templates/prometheus-operator/deployment.yaml +++ b/stable/prometheus-operator/templates/prometheus-operator/deployment.yaml @@ -31,6 +31,9 @@ spec: args: {{- if .Values.prometheusOperator.kubeletService.enabled }} - --kubelet-service={{ .Values.prometheusOperator.kubeletService.namespace }}/{{ template "prometheus-operator.fullname" . }}-kubelet + {{- end }} + {{- if .Values.prometheusOperator.logFormat }} + - --log-format={{ .Values.prometheusOperator.logFormat }} {{- end }} - --logtostderr=true - --crd-apigroup={{ .Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com" }} diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index 69a1e78450e4..a6ba6262fe23 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -563,6 +563,10 @@ prometheusOperator: ## Assign a PriorityClassName to pods if set # priorityClassName: "" + ## Define Log Format + # Use logfmt (default) or json-formatted logging + # logFormat: logfmt + ## If true, the operator will create and maintain a service for scraping kubelets ## ref: https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus-operator/README.md ## From b5600383bcc9adae34cfd8d6ab426a72dd0a1fa0 Mon Sep 17 00:00:00 2001 From: Benjamin Lee Date: Fri, 1 Feb 2019 01:13:57 -0700 Subject: [PATCH 0022/1586] [stable/prometheus-operator] Removed duplicate nodePort in prometheus service (#9684) * Removed duplicate nodePort in prometheus service Signed-off-by: Benjamin Lee * Bumped version Signed-off-by: Benjamin Lee * [stable/prometheus-operator] Merged upstream master and bumped version again Signed-off-by: Benjamin Lee --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/templates/prometheus/service.yaml | 3 --- 2 files changed, 1 insertion(+), 4 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index a13ef3d6996b..ec58a3e2cfd4 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.1.3 +version: 2.1.4 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/templates/prometheus/service.yaml b/stable/prometheus-operator/templates/prometheus/service.yaml index 831a881425b3..fa53aece4c7d 100644 --- a/stable/prometheus-operator/templates/prometheus/service.yaml +++ b/stable/prometheus-operator/templates/prometheus/service.yaml @@ -33,9 +33,6 @@ spec: nodePort: {{ .Values.prometheus.service.nodePort }} {{- end }} port: 9090 - {{- if eq .Values.prometheus.service.type "NodePort" }} - nodePort: {{ .Values.prometheus.service.nodePort }} - {{- end }} targetPort: web selector: app: prometheus From 36a7e5d662e58abe3459b74e0be2ffc706428357 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Fri, 1 Feb 2019 05:37:16 -0400 Subject: [PATCH 0023/1586] Bump MM-te to 5.7.1 (#11052) Signed-off-by: cpanato --- stable/mattermost-team-edition/Chart.yaml | 4 ++-- stable/mattermost-team-edition/README.md | 2 +- stable/mattermost-team-edition/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/mattermost-team-edition/Chart.yaml b/stable/mattermost-team-edition/Chart.yaml index 0d1fc64774ee..09e45c218ee3 100644 --- a/stable/mattermost-team-edition/Chart.yaml +++ b/stable/mattermost-team-edition/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: Mattermost Team Edition server. name: mattermost-team-edition -version: 2.2.0 -appVersion: 5.7.0 +version: 2.2.1 +appVersion: 5.7.1 keywords: - mattermost - communication diff --git a/stable/mattermost-team-edition/README.md b/stable/mattermost-team-edition/README.md index 8e3e8d477df3..1fe1d7538e80 100644 --- a/stable/mattermost-team-edition/README.md +++ b/stable/mattermost-team-edition/README.md @@ -46,7 +46,7 @@ The following table lists the configurable parameters of the Mattermost Team Edi Parameter | Description | Default --- | --- | --- `image.repository` | container image repository | `mattermost/mattermost-team-edition` -`image.tag` | container image tag | `5.7.0` +`image.tag` | container image tag | `5.7.1` `image.imagePullPolicy` | container image pull policy | `IfNotPresent` `initContainerImage.repository` | init container image repository | `appropriate/curl` `initContainerImage.tag` | init container image tag | `latest` diff --git a/stable/mattermost-team-edition/values.yaml b/stable/mattermost-team-edition/values.yaml index fb74e949bd17..df5b55cd7097 100644 --- a/stable/mattermost-team-edition/values.yaml +++ b/stable/mattermost-team-edition/values.yaml @@ -3,7 +3,7 @@ # Declare variables to be passed into your templates. image: repository: mattermost/mattermost-team-edition - tag: 5.7.0 + tag: 5.7.1 imagePullPolicy: IfNotPresent initContainerImage: From 19b5a7c41c5fef15e214cfdf30b0c17e577c8796 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 1 Feb 2019 15:21:22 +0530 Subject: [PATCH 0024/1586] rabbitmq: update to `3.7.11` (#11045) Signed-off-by: Bitnami Containers --- stable/rabbitmq/Chart.yaml | 4 ++-- stable/rabbitmq/values-production.yaml | 2 +- stable/rabbitmq/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/rabbitmq/Chart.yaml b/stable/rabbitmq/Chart.yaml index 096132f2113d..bb4b61a68f4f 100644 --- a/stable/rabbitmq/Chart.yaml +++ b/stable/rabbitmq/Chart.yaml @@ -1,6 +1,6 @@ name: rabbitmq -version: 4.1.0 -appVersion: 3.7.10 +version: 4.1.1 +appVersion: 3.7.11 description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) keywords: - rabbitmq diff --git a/stable/rabbitmq/values-production.yaml b/stable/rabbitmq/values-production.yaml index 7b0878ccc9fa..6fbf2ce3c970 100644 --- a/stable/rabbitmq/values-production.yaml +++ b/stable/rabbitmq/values-production.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/rabbitmq - tag: 3.7.10 + tag: 3.7.11 ## set to true if you would like to see extra information on logs ## it turns BASH and NAMI debugging in minideb diff --git a/stable/rabbitmq/values.yaml b/stable/rabbitmq/values.yaml index 8ed645188966..ade7a4b38be0 100644 --- a/stable/rabbitmq/values.yaml +++ b/stable/rabbitmq/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/rabbitmq - tag: 3.7.10 + tag: 3.7.11 ## set to true if you would like to see extra information on logs ## it turns BASH and NAMI debugging in minideb From f51cbd01bf5e25767abe16ceeef8158998239519 Mon Sep 17 00:00:00 2001 From: Max Williams Date: Fri, 1 Feb 2019 11:00:31 +0100 Subject: [PATCH 0025/1586] [stable/drone] adding permission to update deployments for pipeline clusterrole (#11036) Signed-off-by: Max Williams --- stable/drone/Chart.yaml | 2 +- stable/drone/templates/role-pipeline.yaml | 24 ++++++++++++++++------- 2 files changed, 18 insertions(+), 8 deletions(-) diff --git a/stable/drone/Chart.yaml b/stable/drone/Chart.yaml index b61a1a4b268b..229aaa3bbdb7 100644 --- a/stable/drone/Chart.yaml +++ b/stable/drone/Chart.yaml @@ -1,7 +1,7 @@ name: drone home: https://drone.io/ icon: https://drone.io/apple-touch-icon.png -version: 2.0.0-rc.5 +version: 2.0.0-rc.6 appVersion: 1.0.0-rc.4 description: Drone is a Continuous Delivery system built on container technology keywords: diff --git a/stable/drone/templates/role-pipeline.yaml b/stable/drone/templates/role-pipeline.yaml index b61cdf94a1e5..da266049a550 100644 --- a/stable/drone/templates/role-pipeline.yaml +++ b/stable/drone/templates/role-pipeline.yaml @@ -9,6 +9,16 @@ metadata: release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" rules: + - apiGroups: + - extensions + resources: + - deployments + verbs: + - get + - list + - watch + - patch + - update - apiGroups: - "" resources: @@ -17,15 +27,15 @@ rules: - secrets - pods verbs: - - "create" - - "delete" - - "get" - - "list" - - "watch" + - create + - delete + - get + - list + - watch - apiGroups: - "" resources: - - "pods/log" + - pods/log verbs: - - "get" + - get {{ end }} From d873c6a5dc23cd2d17353d48e837939b50214cba Mon Sep 17 00:00:00 2001 From: eduardo aleixo Date: Fri, 1 Feb 2019 09:13:34 -0200 Subject: [PATCH 0026/1586] [stable/spinnaker] remove ending slash of gate's url (#10147) Signed-off-by: Eduardo --- stable/spinnaker/Chart.yaml | 2 +- stable/spinnaker/templates/configmap/halyard-init-script.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/spinnaker/Chart.yaml b/stable/spinnaker/Chart.yaml index 5d68c9cf3c70..08ed00839782 100644 --- a/stable/spinnaker/Chart.yaml +++ b/stable/spinnaker/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence. name: spinnaker -version: 1.5.0 +version: 1.5.1 appVersion: 1.11.6 home: http://spinnaker.io/ sources: diff --git a/stable/spinnaker/templates/configmap/halyard-init-script.yaml b/stable/spinnaker/templates/configmap/halyard-init-script.yaml index 1623c8146632..034238b73d54 100644 --- a/stable/spinnaker/templates/configmap/halyard-init-script.yaml +++ b/stable/spinnaker/templates/configmap/halyard-init-script.yaml @@ -15,7 +15,7 @@ data: mkdir -p /tmp/spinnaker/.hal/default/service-settings printf 'overrideBaseUrl: redis://:{{ .Values.redis.password }}@{{ .Release.Name }}-redis-master:6379\nskipLifeCycleManagement: true\n' > /tmp/spinnaker/.hal/default/service-settings/redis.yml # Route the /gate path of Deck to Gate - printf 'env:\n API_HOST: http://spin-gate.{{ .Release.Namespace }}:8084/\n' > /tmp/spinnaker/.hal/default/service-settings/deck.yml + printf 'env:\n API_HOST: http://spin-gate.{{ .Release.Namespace }}:8084\n' > /tmp/spinnaker/.hal/default/service-settings/deck.yml {{- if .Values.halyard.additionalProfileConfigMaps.create }} rm -rf /tmp/spinnaker/.hal/default/profiles && \ From 0150265af835883235a418f48b400854b587748b Mon Sep 17 00:00:00 2001 From: Abhishek Jaisingh Date: Fri, 1 Feb 2019 18:46:03 +0530 Subject: [PATCH 0027/1586] [stable/prometheus-operator] Fix README: prometheusOperator.logFormat highlight (#11050) Signed-off-by: Abhishek Jaisingh --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index ec58a3e2cfd4..b50702003221 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.1.4 +version: 2.1.5 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index 87bcd6a5f8b8..b057c0f14a1e 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -86,7 +86,7 @@ The following tables lists the configurable parameters of the prometheus-operato | `prometheusOperator.enabled` | Deploy Prometheus Operator. Only one of these should be deployed into the cluster | `true` | | `prometheusOperator.serviceAccount` | Create a serviceaccount for the operator | `true` | | `prometheusOperator.name` | Operator serviceAccount name | `""` | -| `prometheusOperator.logFormat | Operator log output formatting | `"logfmt"` | +| `prometheusOperator.logFormat` | Operator log output formatting | `"logfmt"` | | `prometheusOperator.createCustomResource` | Create CRDs. Required if deploying anything besides the operator itself as part of the release. The operator will create / update these on startup. If your Helm version < 2.10 you will have to either create the CRDs first or deploy the operator first, then the rest of the resources | `true` | | `prometheusOperator.crdApiGroup` | Specify the API Group for the CustomResourceDefinitions | `monitoring.coreos.com` | | `prometheusOperator.cleanupCustomResource` | Attempt to delete CRDs when the release is removed. This option may be useful while testing but is not recommended, as deleting the CRD definition will delete resources and prevent the operator from being able to clean up resources that it manages | `false` | From e3f1cd29e44a3141e498514b3873347e5f755616 Mon Sep 17 00:00:00 2001 From: Mikhail Zholobov Date: Fri, 1 Feb 2019 19:55:48 +0100 Subject: [PATCH 0028/1586] [stable/k8s-spot-termination-handler] Merge [incubator/kube-spot-termination-notice-handler] into this chart (#10286) * [stable/k8s-spot-termination-handler] Merge [incubator/kube-spot-termination-notice-handler] to this stable chart Signed-off-by: Mikhail Zholobov * [incubator/kube-spot-termination-notice-handler] Delete the chart It's merged to [stable/k8s-spot-termination-handler] Signed-off-by: Mikhail Zholobov * [incubator/kube-spot-termination-notice-handler] add support for option to detach from autoscaling group Signed-off-by: Frode Egeland Signed-off-by: Mikhail Zholobov --- .../.helmignore | 21 ------ .../Chart.yaml | 11 ---- .../README.md | 37 ----------- .../templates/NOTES.txt | 1 - .../templates/_helpers.tpl | 27 -------- .../templates/daemonset.yaml | 52 --------------- .../templates/rbac.yaml | 66 ------------------- .../templates/serviceaccount.yaml | 11 ---- .../values.yaml | 48 -------------- .../k8s-spot-termination-handler/Chart.yaml | 8 +-- stable/k8s-spot-termination-handler/README.md | 43 ++++++++++++ .../templates/NOTES.txt | 2 +- .../templates/_helpers.tpl | 2 +- .../templates/clusterrole.yaml | 22 +++++-- .../templates/clusterrolebinding.yaml | 12 ++-- .../templates/daemonset.yaml | 33 ++++++++-- .../templates/serviceaccount.yaml | 10 +-- .../k8s-spot-termination-handler/values.yaml | 36 +++++++--- 18 files changed, 130 insertions(+), 312 deletions(-) delete mode 100644 incubator/kube-spot-termination-notice-handler/.helmignore delete mode 100644 incubator/kube-spot-termination-notice-handler/Chart.yaml delete mode 100644 incubator/kube-spot-termination-notice-handler/README.md delete mode 100644 incubator/kube-spot-termination-notice-handler/templates/NOTES.txt delete mode 100644 incubator/kube-spot-termination-notice-handler/templates/_helpers.tpl delete mode 100644 incubator/kube-spot-termination-notice-handler/templates/daemonset.yaml delete mode 100644 incubator/kube-spot-termination-notice-handler/templates/rbac.yaml delete mode 100644 incubator/kube-spot-termination-notice-handler/templates/serviceaccount.yaml delete mode 100644 incubator/kube-spot-termination-notice-handler/values.yaml create mode 100644 stable/k8s-spot-termination-handler/README.md diff --git a/incubator/kube-spot-termination-notice-handler/.helmignore b/incubator/kube-spot-termination-notice-handler/.helmignore deleted file mode 100644 index f0c131944441..000000000000 --- a/incubator/kube-spot-termination-notice-handler/.helmignore +++ /dev/null @@ -1,21 +0,0 @@ -# Patterns to ignore when building packages. -# This supports shell glob matching, relative path matching, and -# negation (prefixed with !). Only one pattern per line. -.DS_Store -# Common VCS dirs -.git/ -.gitignore -.bzr/ -.bzrignore -.hg/ -.hgignore -.svn/ -# Common backup files -*.swp -*.bak -*.tmp -*~ -# Various IDEs -.project -.idea/ -*.tmproj diff --git a/incubator/kube-spot-termination-notice-handler/Chart.yaml b/incubator/kube-spot-termination-notice-handler/Chart.yaml deleted file mode 100644 index 492843929feb..000000000000 --- a/incubator/kube-spot-termination-notice-handler/Chart.yaml +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: v1 -description: Watch and action AWS spot termination events -name: kube-spot-termination-notice-handler -version: 0.4.0 -appVersion: 1.10.8-1 -home: https://github.com/kube-aws/kube-spot-termination-notice-handler -source: - - https://hub.docker.com/r/kubeaws/kube-spot-termination-notice-handler/ -maintainers: - - name: egeland - email: egeland@gmail.com diff --git a/incubator/kube-spot-termination-notice-handler/README.md b/incubator/kube-spot-termination-notice-handler/README.md deleted file mode 100644 index 31569192ddd8..000000000000 --- a/incubator/kube-spot-termination-notice-handler/README.md +++ /dev/null @@ -1,37 +0,0 @@ -# Kubernetes AWS EC2 Spot Termination Notice Handler - -This chart installs the [kube-spot-termination-notice-handler](https://github.com/kube-aws/kube-spot-termination-notice-handler) as a daemonset across the cluster nodes. - -## Purpose - -The handler watches for Spot termination events, and will do the following if detected: - -* Drain the affected node - -* [Optional] Send a message to a Slack channel informing that a termination notice has been received. - -## Installation - -You should install into the `kube-system` namespace, but this is not a requirement. The following example assumes this has been chosen. - -``` -helm install incubator/kube-spot-termination-notice-handler --name-space kube-system -``` - -## Configuration - -You may set these options in your values file: - -* `enableLogspout` - if you use Logspout to capture logs, this option will ensure your logs are captured. The logs are noisy, and as such are disabled from Logspout by default. - -* `slackUrl` - optional - put a slack webhook URL here to get messaged when a termination notice is received. - -* `clusterName` - optional - when slack is configured use this cluster name for reports - -* `pollInterval` - how often to query the EC2 metadata for termination notices. Defaults to every `5` seconds. - -* `rbac.create` - Specifies whether RBAC resources should be created. Defaults to `true`. - -* `serviceAccount.create` - Specifies whether a ServiceAccount should be created. Defaults to `true`. - -* `serviceAccount.name` - The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template. diff --git a/incubator/kube-spot-termination-notice-handler/templates/NOTES.txt b/incubator/kube-spot-termination-notice-handler/templates/NOTES.txt deleted file mode 100644 index 00d334555247..000000000000 --- a/incubator/kube-spot-termination-notice-handler/templates/NOTES.txt +++ /dev/null @@ -1 +0,0 @@ -# Notes TBC diff --git a/incubator/kube-spot-termination-notice-handler/templates/_helpers.tpl b/incubator/kube-spot-termination-notice-handler/templates/_helpers.tpl deleted file mode 100644 index 68c2062efce2..000000000000 --- a/incubator/kube-spot-termination-notice-handler/templates/_helpers.tpl +++ /dev/null @@ -1,27 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create the name of the service account to use -*/}} -{{- define "kube-spot-termination-notice-handler.serviceAccountName" -}} -{{- if .Values.serviceAccount.create -}} - {{ default (include "fullname" .) .Values.serviceAccount.name }} -{{- else -}} - {{ default "default" .Values.serviceAccount.name }} -{{- end -}} -{{- end -}} diff --git a/incubator/kube-spot-termination-notice-handler/templates/daemonset.yaml b/incubator/kube-spot-termination-notice-handler/templates/daemonset.yaml deleted file mode 100644 index 82399d81081e..000000000000 --- a/incubator/kube-spot-termination-notice-handler/templates/daemonset.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: extensions/v1beta1 -kind: DaemonSet -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - template: - metadata: - labels: - app: {{ template "name" . }} - release: {{ .Release.Name }} - spec: - serviceAccountName: {{ template "kube-spot-termination-notice-handler.serviceAccountName" . }} - containers: - - name: {{ .Chart.Name }} - image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" - imagePullPolicy: {{ .Values.image.pullPolicy }} - env: - {{- if not .Values.enableLogspout }} - - name: LOGSPOUT - value: "ignore" - {{- end }} - {{- with .Values.slackUrl }} - - name: SLACK_URL - value: {{ . | quote }} - {{- end }} - - name: POLL_INTERVAL - value: {{ .Values.pollInterval | quote }} - - name: CLUSTER - value: {{ .Values.clusterName | quote }} - - name: POD_NAME - valueFrom: - fieldRef: - fieldPath: metadata.name - - name: NAMESPACE - valueFrom: - fieldRef: - fieldPath: metadata.namespace - resources: -{{ toYaml .Values.resources | indent 12 }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} -{{- if .Values.tolerations }} - tolerations: -{{ toYaml .Values.tolerations | indent 8 }} - {{- end }} diff --git a/incubator/kube-spot-termination-notice-handler/templates/rbac.yaml b/incubator/kube-spot-termination-notice-handler/templates/rbac.yaml deleted file mode 100644 index 9ff2517243b2..000000000000 --- a/incubator/kube-spot-termination-notice-handler/templates/rbac.yaml +++ /dev/null @@ -1,66 +0,0 @@ -{{- if .Values.rbac.create -}} -kind: ClusterRoleBinding -apiVersion: rbac.authorization.k8s.io/v1beta1 -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "fullname" . }} - chart: {{ .Chart.Name }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -roleRef: - kind: ClusterRole - name: {{ template "fullname" . }} - apiGroup: rbac.authorization.k8s.io -subjects: -- kind: ServiceAccount - namespace: {{ .Release.Namespace | quote }} - name: {{ template "kube-spot-termination-notice-handler.serviceAccountName" . }} ---- -apiVersion: rbac.authorization.k8s.io/v1beta1 -kind: ClusterRole -metadata: - name: {{ template "fullname" . }} - labels: - app: {{ template "fullname" . }} - chart: {{ .Chart.Name }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -rules: -- apiGroups: - - "" - resources: - - pods - verbs: - - get - - list -- apiGroups: - - extensions - resources: - - replicasets - - daemonsets - verbs: - - get - - list -- apiGroups: - - apps - resources: - - statefulsets - verbs: - - get - - list -- apiGroups: - - "" - resources: - - nodes - verbs: - - get - - list - - patch -- apiGroups: - - "" - resources: - - pods/eviction - verbs: - - create -{{- end -}} diff --git a/incubator/kube-spot-termination-notice-handler/templates/serviceaccount.yaml b/incubator/kube-spot-termination-notice-handler/templates/serviceaccount.yaml deleted file mode 100644 index 67496367b889..000000000000 --- a/incubator/kube-spot-termination-notice-handler/templates/serviceaccount.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.serviceAccount.create -}} -apiVersion: v1 -kind: ServiceAccount -metadata: - name: {{ template "kube-spot-termination-notice-handler.serviceAccountName" . }} - labels: - app: {{ template "fullname" . }} - chart: {{ .Chart.Name }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- end -}} diff --git a/incubator/kube-spot-termination-notice-handler/values.yaml b/incubator/kube-spot-termination-notice-handler/values.yaml deleted file mode 100644 index a83ad5c9eb76..000000000000 --- a/incubator/kube-spot-termination-notice-handler/values.yaml +++ /dev/null @@ -1,48 +0,0 @@ -# Default values for kube-spot-termination-notice-handler. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -image: - repository: kubeaws/kube-spot-termination-notice-handler - tag: 1.10.8-1 - pullPolicy: IfNotPresent - -# Poll the metadata every pollInterval seconds for termination events: -pollInterval: 5 - -# Send notifications to a Slack webhook URL - replace with your own value and uncomment: -# slackUrl: https://hooks.slack.com/services/EXAMPLE123/EXAMPLE123/example1234567 - -# Set the cluster name to be reported in a Slack message -# clusterName: test - -# Silence logspout by default - set to true to enable logs arriving in logspout -enableLogspout: false - -resources: {} -# We usually recommend not to specify default resources and to leave this as a conscious -# choice for the user. This also increases chances charts run on environments with little -# resources, such as Minikube. If you do want to specify resources, uncomment the following -# lines, adjust them as necessary, and remove the curly braces after 'resources:'. -# limits: -# cpu: 100m -# memory: 128Mi -# requests: -# cpu: 100m -# memory: 128Mi - -rbac: - # Specifies whether RBAC resources should be created - create: true - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - -tolerations: [] - # key: "dedicated" - # operator: "Equal" - # value: "gpu" - # effect: "NoSchedule" diff --git a/stable/k8s-spot-termination-handler/Chart.yaml b/stable/k8s-spot-termination-handler/Chart.yaml index 34124bfdc20f..36d4ddcae053 100644 --- a/stable/k8s-spot-termination-handler/Chart.yaml +++ b/stable/k8s-spot-termination-handler/Chart.yaml @@ -1,14 +1,14 @@ apiVersion: v1 -appVersion: "0.1.0" +appVersion: "1.10.8-1" description: The K8s Spot Termination handler handles draining AWS Spot Instances in response to termination requests. name: k8s-spot-termination-handler -version: 0.1.0 +version: 1.0.0 keywords: - spot - termination -home: https://github.com/pusher/k8s-spot-termination-handler +home: https://github.com/kube-aws/kube-spot-termination-notice-handler sources: - - https://github.com/pusher/k8s-spot-termination-handler + - https://github.com/kube-aws/kube-spot-termination-notice-handler maintainers: - name: kierranm email: kierranm@gmail.com diff --git a/stable/k8s-spot-termination-handler/README.md b/stable/k8s-spot-termination-handler/README.md new file mode 100644 index 000000000000..1bebe7d495cd --- /dev/null +++ b/stable/k8s-spot-termination-handler/README.md @@ -0,0 +1,43 @@ +# Kubernetes AWS EC2 Spot Termination Notice Handler + +This chart installs the [k8s-spot-termination-handler](https://github.com/kube-aws/kube-spot-termination-notice-handler) +as a daemonset across the cluster nodes. + +## Purpose + +Spot instances on EC2 come with significant cost savings, but with the burden of instance being terminated if +the market price goes higher than the maximum price you have configured. + +The termination handler watches the AWS Metadata API for termination requests and starts draining the node +so that it can be terminated safely. Optionally it can also send a message to a Slack channel informing that +a termination notice has been received. + +## Installation + +You should install into the `kube-system` namespace, but this is not a requirement. The following example assumes this has been chosen. + +``` +helm install stable/k8s-spot-termination-handler --namespace kube-system +``` + +## Configuration + +The following table lists the configurable parameters of the k8s-spot-termination-handler chart and their default values. + +Parameter | Description | Default +--- | --- | --- +`image.repository` | container image repository | `kubeaws/kube-spot-termination-notice-handler` +`image.tag` | container image tag | `1.10.8-1` +`image.pullPolicy` | container image pull policy | `IfNotPresent` +`pollInterval` | the interval in seconds between attempts to poll EC2 metadata API for termination events | `"5"` +`slackUrl` | Slack webhook URL to send messages when a termination notice is received | _not defined_ +`clusterName` | if `slackUrl` is set - use this cluster name in Slack messages | _not defined_ +`enableLogspout` | if `true`, enable the Logspout log capturing. Logspout should be deployed separately | `false` +`rbac.create` | if `true`, create & use RBAC resources | `true` +`serviceAccount.create` | if `true`, create a service account | `true` +`serviceAccount.name` | the name of the service account to use. If not set and `create` is `true`, a name is generated using the fullname template. | `` +`detachAsg` | if `true`, the spot termination handler will detect (standard) AutoScaling Group, and initiate detach when termination notice is detected. | `false` +`resources` | pod resource requests & limits | `{}` +`nodeSelector` | node labels for pod assignment | `{}` +`tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` +`affinity` | node/pod affinities (requires Kubernetes >=1.6) | `{}` diff --git a/stable/k8s-spot-termination-handler/templates/NOTES.txt b/stable/k8s-spot-termination-handler/templates/NOTES.txt index 3b258f154d1d..467f4e17906a 100644 --- a/stable/k8s-spot-termination-handler/templates/NOTES.txt +++ b/stable/k8s-spot-termination-handler/templates/NOTES.txt @@ -1,3 +1,3 @@ To verify that k8s-spot-termination-handler has started, run: - kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "k8s-spot-termination-handler.name" . }},release={{ .Release.Name }}" \ No newline at end of file + kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "k8s-spot-termination-handler.name" . }},release={{ .Release.Name }}" diff --git a/stable/k8s-spot-termination-handler/templates/_helpers.tpl b/stable/k8s-spot-termination-handler/templates/_helpers.tpl index f3d23d855021..3190a4158f70 100644 --- a/stable/k8s-spot-termination-handler/templates/_helpers.tpl +++ b/stable/k8s-spot-termination-handler/templates/_helpers.tpl @@ -40,4 +40,4 @@ Create the name of the service account to use {{- else -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/k8s-spot-termination-handler/templates/clusterrole.yaml b/stable/k8s-spot-termination-handler/templates/clusterrole.yaml index d730d886c607..6a17d0e7aa39 100644 --- a/stable/k8s-spot-termination-handler/templates/clusterrole.yaml +++ b/stable/k8s-spot-termination-handler/templates/clusterrole.yaml @@ -4,10 +4,10 @@ kind: ClusterRole metadata: name: {{ template "k8s-spot-termination-handler.fullname" . }} labels: - app: {{ template "k8s-spot-termination-handler.name" . }} - chart: {{ template "k8s-spot-termination-handler.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + app.kubernetes.io/name: {{ template "k8s-spot-termination-handler.name" . }} + helm.sh/chart: {{ template "k8s-spot-termination-handler.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} rules: # For draining nodes - apiGroups: @@ -16,12 +16,14 @@ rules: - nodes verbs: - get - - update + - list + - patch - apiGroups: - "" resources: - pods verbs: + - get - list - apiGroups: - extensions @@ -30,10 +32,18 @@ rules: - daemonsets verbs: - get + - list + - apiGroups: + - apps + resources: + - statefulsets + verbs: + - get + - list - apiGroups: - "" resources: - pods/eviction verbs: - create -{{- end}} \ No newline at end of file +{{- end}} diff --git a/stable/k8s-spot-termination-handler/templates/clusterrolebinding.yaml b/stable/k8s-spot-termination-handler/templates/clusterrolebinding.yaml index 5cd0942b0b9f..492558c826a6 100644 --- a/stable/k8s-spot-termination-handler/templates/clusterrolebinding.yaml +++ b/stable/k8s-spot-termination-handler/templates/clusterrolebinding.yaml @@ -4,10 +4,10 @@ kind: ClusterRoleBinding metadata: name: {{ template "k8s-spot-termination-handler.fullname" . }} labels: - app: {{ template "k8s-spot-termination-handler.name" . }} - chart: {{ template "k8s-spot-termination-handler.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + app.kubernetes.io/name: {{ template "k8s-spot-termination-handler.name" . }} + helm.sh/chart: {{ template "k8s-spot-termination-handler.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -15,5 +15,5 @@ roleRef: subjects: - kind: ServiceAccount name: {{ template "k8s-spot-termination-handler.serviceAccountName" . }} - namespace: {{ .Release.Namespace }} -{{- end}} \ No newline at end of file + namespace: {{ .Release.Namespace | quote }} +{{- end}} diff --git a/stable/k8s-spot-termination-handler/templates/daemonset.yaml b/stable/k8s-spot-termination-handler/templates/daemonset.yaml index 7abc119c3439..1ef9498e1b4c 100644 --- a/stable/k8s-spot-termination-handler/templates/daemonset.yaml +++ b/stable/k8s-spot-termination-handler/templates/daemonset.yaml @@ -1,28 +1,49 @@ apiVersion: extensions/v1beta1 kind: DaemonSet metadata: - name: {{ include "k8s-spot-termination-handler.fullname" . }} + name: {{ template "k8s-spot-termination-handler.fullname" . }} labels: - app.kubernetes.io/name: {{ include "k8s-spot-termination-handler.name" . }} - helm.sh/chart: {{ include "k8s-spot-termination-handler.chart" . }} + app.kubernetes.io/name: {{ template "k8s-spot-termination-handler.name" . }} + helm.sh/chart: {{ template "k8s-spot-termination-handler.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} spec: template: metadata: labels: - app.kubernetes.io/name: {{ include "k8s-spot-termination-handler.name" . }} + app.kubernetes.io/name: {{ template "k8s-spot-termination-handler.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} spec: + serviceAccountName: {{ template "k8s-spot-termination-handler.serviceAccountName" . }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: - - name: NODE_NAME + {{- if not .Values.enableLogspout }} + - name: LOGSPOUT + value: "ignore" + {{- end }} + {{- with .Values.slackUrl }} + - name: SLACK_URL + value: {{ . | quote }} + {{- end }} + {{- with .Values.detachAsg }} + - name: DETACH_ASG + value: {{ . | quote }} + {{- end }} + - name: POLL_INTERVAL + value: {{ .Values.pollInterval | quote }} + - name: CLUSTER + value: {{ .Values.clusterName | quote }} + - name: POD_NAME valueFrom: fieldRef: - fieldPath: spec.nodeName + fieldPath: metadata.name + - name: NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace resources: {{ toYaml .Values.resources | indent 12 }} {{- with .Values.nodeSelector }} diff --git a/stable/k8s-spot-termination-handler/templates/serviceaccount.yaml b/stable/k8s-spot-termination-handler/templates/serviceaccount.yaml index 3ebc059bc597..492e73e1a75e 100644 --- a/stable/k8s-spot-termination-handler/templates/serviceaccount.yaml +++ b/stable/k8s-spot-termination-handler/templates/serviceaccount.yaml @@ -4,8 +4,8 @@ kind: ServiceAccount metadata: name: {{ template "k8s-spot-termination-handler.serviceAccountName" . }} labels: - app: {{ template "k8s-spot-termination-handler.name" . }} - chart: {{ template "k8s-spot-termination-handler.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- end }} \ No newline at end of file + app.kubernetes.io/name: {{ template "k8s-spot-termination-handler.name" . }} + helm.sh/chart: {{ template "k8s-spot-termination-handler.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} diff --git a/stable/k8s-spot-termination-handler/values.yaml b/stable/k8s-spot-termination-handler/values.yaml index ca6a71f989eb..26f2eed9724b 100644 --- a/stable/k8s-spot-termination-handler/values.yaml +++ b/stable/k8s-spot-termination-handler/values.yaml @@ -13,26 +13,44 @@ serviceAccount: name: image: - repository: quay.io/pusher/k8s-spot-termination-handler - tag: v0.1.0 + repository: kubeaws/kube-spot-termination-notice-handler + tag: 1.10.8-1 pullPolicy: IfNotPresent +# Poll the metadata every pollInterval seconds for termination events: +pollInterval: 5 + +# Send notifications to a Slack webhook URL - replace with your own value and uncomment: +# slackUrl: https://hooks.slack.com/services/EXAMPLE123/EXAMPLE123/example1234567 + +# Set the cluster name to be reported in a Slack message +# clusterName: test + +# Silence logspout by default - set to true to enable logs arriving in logspout +enableLogspout: false + +# Trigger instance removal from AutoScaling Group on termination notice +detachAsg: false + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little # resources, such as Minikube. If you do want to specify resources, uncomment the following # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # requests: - # cpu: 5m - # memory: 20Mi # limits: # cpu: 100m - # memory: 100Mi + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 32Mi -# By default, schedule only on spot workers -nodeSelector: - "node-role.kubernetes.io/spot-worker": "true" +nodeSelector: {} + # "node-role.kubernetes.io/spot-worker": "true" tolerations: [] + # - key: "dedicated" + # operator: "Equal" + # value: "gpu" + # effect: "NoSchedule" affinity: {} From d3dea2df29f753e10fdac8646e49eea76afef9ad Mon Sep 17 00:00:00 2001 From: Max Williams Date: Fri, 1 Feb 2019 20:22:48 +0100 Subject: [PATCH 0029/1586] [stable/drone] bump version to rc5, simplify container names (#11054) * [stable/drone] bump version to rc5, simplify container names Signed-off-by: Max Williams * revert this, it was a local change Signed-off-by: Max Williams --- stable/drone/Chart.yaml | 4 ++-- stable/drone/templates/deployment-agent.yaml | 4 ++-- stable/drone/templates/deployment-server.yaml | 2 +- stable/drone/values.yaml | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stable/drone/Chart.yaml b/stable/drone/Chart.yaml index 229aaa3bbdb7..60e0c05b4d13 100644 --- a/stable/drone/Chart.yaml +++ b/stable/drone/Chart.yaml @@ -1,8 +1,8 @@ name: drone home: https://drone.io/ icon: https://drone.io/apple-touch-icon.png -version: 2.0.0-rc.6 -appVersion: 1.0.0-rc.4 +version: 2.0.0-rc.7 +appVersion: 1.0.0-rc.5 description: Drone is a Continuous Delivery system built on container technology keywords: - continuous-delivery diff --git a/stable/drone/templates/deployment-agent.yaml b/stable/drone/templates/deployment-agent.yaml index 135b694156c3..b7530abbc892 100644 --- a/stable/drone/templates/deployment-agent.yaml +++ b/stable/drone/templates/deployment-agent.yaml @@ -36,7 +36,7 @@ spec: {{- end }} serviceAccountName: {{ template "drone.serviceAccountName" . }} containers: - - name: {{ template "drone.fullname" . }}-agent + - name: agent image: "{{ .Values.images.agent.repository }}:{{ .Values.images.agent.tag }}" imagePullPolicy: {{ .Values.images.agent.pullPolicy }} ports: @@ -72,7 +72,7 @@ spec: hostPath: path: /var/run/docker.sock {{- else }} - - name: {{ template "drone.fullname" . }}-dind + - name: dind image: "{{ .Values.images.dind.repository }}:{{ .Values.images.dind.tag }}" imagePullPolicy: {{ .Values.images.dind.pullPolicy }} {{- if .Values.dind.command }} diff --git a/stable/drone/templates/deployment-server.yaml b/stable/drone/templates/deployment-server.yaml index dfe745978916..a6ffdf1db8d0 100644 --- a/stable/drone/templates/deployment-server.yaml +++ b/stable/drone/templates/deployment-server.yaml @@ -40,7 +40,7 @@ spec: {{- end }} serviceAccountName: {{ template "drone.serviceAccountName" . }} containers: - - name: {{ template "drone.fullname" . }}-server + - name: server image: "{{ .Values.images.server.repository }}:{{ .Values.images.server.tag }}" imagePullPolicy: {{ .Values.images.server.pullPolicy }} env: diff --git a/stable/drone/values.yaml b/stable/drone/values.yaml index aafb2e5aa48c..124b2621462f 100644 --- a/stable/drone/values.yaml +++ b/stable/drone/values.yaml @@ -4,7 +4,7 @@ images: ## server: repository: "docker.io/drone/drone" - tag: 1.0.0-rc.4 + tag: 1.0.0-rc.5 pullPolicy: IfNotPresent ## The official drone (agent) image, change tag to use a different version. @@ -12,7 +12,7 @@ images: ## agent: repository: "docker.io/drone/agent" - tag: 1.0.0-rc.4 + tag: 1.0.0-rc.5 pullPolicy: IfNotPresent ## The official docker (dind) image, change tag to use a different version. From b91b9c56870688062e8393b11804e2a3f5b12cb0 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Sat, 2 Feb 2019 00:58:12 +0530 Subject: [PATCH 0030/1586] mongodb: update to `4.0.5` (#11066) Signed-off-by: Bitnami Containers --- stable/mongodb/Chart.yaml | 4 ++-- stable/mongodb/values-production.yaml | 2 +- stable/mongodb/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index e3ad40f8626f..d66cbc239804 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,6 +1,6 @@ name: mongodb -version: 5.3.0 -appVersion: 4.0.3 +version: 5.3.1 +appVersion: 4.0.5 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: - mongodb diff --git a/stable/mongodb/values-production.yaml b/stable/mongodb/values-production.yaml index 35cd03dc884f..051b3bf2d032 100644 --- a/stable/mongodb/values-production.yaml +++ b/stable/mongodb/values-production.yaml @@ -14,7 +14,7 @@ image: ## Bitnami MongoDB image tag ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ ## - tag: 4.0.3 + tag: 4.0.5 ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/stable/mongodb/values.yaml b/stable/mongodb/values.yaml index 6e6eb0a24120..822230053160 100644 --- a/stable/mongodb/values.yaml +++ b/stable/mongodb/values.yaml @@ -14,7 +14,7 @@ image: ## Bitnami MongoDB image tag ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ ## - tag: 4.0.3 + tag: 4.0.5 ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 1912822188517fa4c71554b047667d494a85ea2e Mon Sep 17 00:00:00 2001 From: Baron Lenardson Date: Fri, 1 Feb 2019 13:40:07 -0600 Subject: [PATCH 0031/1586] Add pod security policy support to metrics server (#11075) * Add pod security policy support to metrics server Signed-off-by: Baron Lenardson * Update Chart.yaml Signed-off-by: David J. M. Karlsen --- stable/metrics-server/Chart.yaml | 2 +- stable/metrics-server/README.md | 1 + .../templates/cluster-role.yaml | 10 +++++++ stable/metrics-server/templates/psp.yaml | 26 +++++++++++++++++++ stable/metrics-server/values.yaml | 1 + 5 files changed, 39 insertions(+), 1 deletion(-) create mode 100644 stable/metrics-server/templates/psp.yaml diff --git a/stable/metrics-server/Chart.yaml b/stable/metrics-server/Chart.yaml index 8c917bdbc916..ef0b8f0777bf 100755 --- a/stable/metrics-server/Chart.yaml +++ b/stable/metrics-server/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.3.1 description: Metrics Server is a cluster-wide aggregator of resource usage data. name: metrics-server -version: 2.2.0 +version: 2.3.0 keywords: - metrics-server home: https://github.com/kubernetes-incubator/metrics-server diff --git a/stable/metrics-server/README.md b/stable/metrics-server/README.md index b8c664830c0d..d42607890661 100644 --- a/stable/metrics-server/README.md +++ b/stable/metrics-server/README.md @@ -7,6 +7,7 @@ Metrics Server is a cluster-wide aggregator of resource usage data. Parameter | Description | Default --- | --- | --- `rbac.create` | Enable Role-based authentication | `true` +`rbac.pspEnabled` | Enable pod security policy support | `false` `serviceAccount.create` | If `true`, create a new service account | `true` `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | `` `apiService.create` | Create the v1beta1.metrics.k8s.io API service | `true` diff --git a/stable/metrics-server/templates/cluster-role.yaml b/stable/metrics-server/templates/cluster-role.yaml index 4c94f175bb28..c91c47fc5e4f 100644 --- a/stable/metrics-server/templates/cluster-role.yaml +++ b/stable/metrics-server/templates/cluster-role.yaml @@ -26,4 +26,14 @@ rules: verbs: - get - create + {{- if .Values.rbac.pspEnabled }} + - apiGroups: + - extensions + resources: + - podsecuritypolicies + resourceNames: + - privileged-{{ template "metrics-server.fullname" . }} + verbs: + - use + {{- end -}} {{- end -}} diff --git a/stable/metrics-server/templates/psp.yaml b/stable/metrics-server/templates/psp.yaml new file mode 100644 index 000000000000..021ef97219b0 --- /dev/null +++ b/stable/metrics-server/templates/psp.yaml @@ -0,0 +1,26 @@ +{{- if .Values.rbac.pspEnabled }} +apiVersion: extensions/v1beta1 +kind: PodSecurityPolicy +metadata: + name: privileged-{{ template "metrics-server.fullname" . }} +spec: + allowedCapabilities: + - '*' + fsGroup: + rule: RunAsAny + privileged: true + runAsUser: + rule: RunAsAny + seLinux: + rule: RunAsAny + supplementalGroups: + rule: RunAsAny + volumes: + - '*' + hostPID: true + hostIPC: true + hostNetwork: true + hostPorts: + - min: 1 + max: 65536 +{{- end }} diff --git a/stable/metrics-server/values.yaml b/stable/metrics-server/values.yaml index c05332e98dd0..1b267fd43e38 100644 --- a/stable/metrics-server/values.yaml +++ b/stable/metrics-server/values.yaml @@ -1,6 +1,7 @@ rbac: # Specifies whether RBAC resources should be created create: true + pspEnabled: false serviceAccount: # Specifies whether a ServiceAccount should be created From 71be2b134f77399eaec38cfe892c6701ed88583a Mon Sep 17 00:00:00 2001 From: "David J. M. Karlsen" Date: Fri, 1 Feb 2019 21:05:02 +0100 Subject: [PATCH 0032/1586] [stable/karma] make configchanges roll the deployment (#11077) Signed-off-by: David J. M. Karlsen --- stable/karma/Chart.yaml | 2 +- stable/karma/templates/deployment.yaml | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/stable/karma/Chart.yaml b/stable/karma/Chart.yaml index 5cb73cd4ffcd..b2e46a2237cf 100644 --- a/stable/karma/Chart.yaml +++ b/stable/karma/Chart.yaml @@ -6,7 +6,7 @@ home: https://github.com/prymitive/karma sources: - https://hub.docker.com/r/lmierzwa/karma/ - https://github.com/prymitive/karma -version: 1.1.10 +version: 1.1.11 maintainers: - name: davidkarlsen email: david@davidkarlsen.com diff --git a/stable/karma/templates/deployment.yaml b/stable/karma/templates/deployment.yaml index e5289ef15503..01442778c75b 100644 --- a/stable/karma/templates/deployment.yaml +++ b/stable/karma/templates/deployment.yaml @@ -18,6 +18,10 @@ spec: labels: app.kubernetes.io/name: {{ include "karma.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} + {{- if .Values.configMap.enabled }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- end }} spec: serviceAccountName: {{ template "karma.serviceAccountName" . }} containers: @@ -73,4 +77,3 @@ spec: configMap: name: {{ .Release.Name }}-config {{- end }} - From cb30a6076f99e95d2fb9771f6f34ab4230c4dc7c Mon Sep 17 00:00:00 2001 From: Maxime VISONNEAU Date: Fri, 1 Feb 2019 16:16:52 -0400 Subject: [PATCH 0033/1586] kiam - added missing patch verb on the RBAC configuration for kiam-server (#11058) Signed-off-by: Maxime VISONNEAU --- stable/kiam/Chart.yaml | 2 +- stable/kiam/templates/server-write-clusterrole.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/stable/kiam/Chart.yaml b/stable/kiam/Chart.yaml index 89fa96f22d9e..d77f448647cd 100644 --- a/stable/kiam/Chart.yaml +++ b/stable/kiam/Chart.yaml @@ -1,5 +1,5 @@ name: kiam -version: 2.0.1-rc6 +version: 2.0.1-rc7 appVersion: 3.0-rc1 description: Integrate AWS IAM with Kubernetes keywords: diff --git a/stable/kiam/templates/server-write-clusterrole.yaml b/stable/kiam/templates/server-write-clusterrole.yaml index 05ad474a7a94..8ae2bc62936d 100644 --- a/stable/kiam/templates/server-write-clusterrole.yaml +++ b/stable/kiam/templates/server-write-clusterrole.yaml @@ -17,5 +17,6 @@ rules: - events verbs: - create + - patch {{- end -}} {{- end -}} From f333fb799ae66a5e665ecd6df15bc72d8b535c61 Mon Sep 17 00:00:00 2001 From: dkarnutsch Date: Fri, 1 Feb 2019 23:07:48 +0100 Subject: [PATCH 0034/1586] make chnange of ownership on init optional (#11061) Signed-off-by: Daniel Karnutsch --- stable/grafana/Chart.yaml | 2 +- stable/grafana/README.md | 1 + stable/grafana/templates/deployment.yaml | 2 +- stable/grafana/values.yaml | 1 + 4 files changed, 4 insertions(+), 2 deletions(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index 1cfef8b77262..ed591ed5b606 100755 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 1.25.4 +version: 1.26.0 appVersion: 5.4.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/README.md b/stable/grafana/README.md index a172c84fa1f6..5981a7b5fb5e 100644 --- a/stable/grafana/README.md +++ b/stable/grafana/README.md @@ -54,6 +54,7 @@ The command removes all the Kubernetes components associated with the chart and | `tolerations` | Toleration labels for pod assignment | `[]` | | `affinity` | Affinity settings for pod assignment | `{}` | | `persistence.enabled` | Use persistent volume to store data | `false` | +| `persistence.initChownData` | Change ownership of persistent volume on initialization | `true` | | `persistence.size` | Size of persistent volume claim | `10Gi` | | `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | | `persistence.storageClassName` | Type of persistent volume claim | `nil` | diff --git a/stable/grafana/templates/deployment.yaml b/stable/grafana/templates/deployment.yaml index ebaf40511424..dc594fe23c1f 100644 --- a/stable/grafana/templates/deployment.yaml +++ b/stable/grafana/templates/deployment.yaml @@ -46,7 +46,7 @@ spec: {{- if ( or .Values.persistence.enabled .Values.dashboards ) }} initContainers: {{- end }} -{{- if .Values.persistence.enabled }} +{{- if ( and .Values.persistence.enabled .Values.persistence.initChownData ) }} - name: init-chown-data image: "{{ .Values.chownDataImage.repository }}:{{ .Values.chownDataImage.tag }}" imagePullPolicy: {{ .Values.chownDataImage.pullPolicy }} diff --git a/stable/grafana/values.yaml b/stable/grafana/values.yaml index c16a4f9cfd88..7727c00cffad 100644 --- a/stable/grafana/values.yaml +++ b/stable/grafana/values.yaml @@ -119,6 +119,7 @@ affinity: {} ## persistence: enabled: false + initChownData: true # storageClassName: default accessModes: - ReadWriteOnce From 0f20023cab1e17f965620b8cb567a734415858fa Mon Sep 17 00:00:00 2001 From: Norbert Varzariu Date: Sat, 2 Feb 2019 20:40:07 +0100 Subject: [PATCH 0035/1586] add missing rc variable and bump chart version (#11093) Signed-off-by: Norbert Varzariu --- stable/mysqldump/Chart.yaml | 4 ++-- stable/mysqldump/templates/configmap.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/mysqldump/Chart.yaml b/stable/mysqldump/Chart.yaml index af00f82949a4..03345566ef0e 100644 --- a/stable/mysqldump/Chart.yaml +++ b/stable/mysqldump/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 2.3.0 +appVersion: 2.3.1 description: A Helm chart to help backup MySQL databases using mysqldump name: mysqldump -version: 2.3.0 +version: 2.3.1 keywords: - mysql - mysqldump diff --git a/stable/mysqldump/templates/configmap.yaml b/stable/mysqldump/templates/configmap.yaml index 0e73da5f3bb2..33ba7d23767a 100644 --- a/stable/mysqldump/templates/configmap.yaml +++ b/stable/mysqldump/templates/configmap.yaml @@ -55,7 +55,7 @@ data: echo "Backing up single db ${MYSQL_DB}" {{ if .Values.saveToDirectory }}mkdir -p "${BACKUP_DIR}"/"${MYSQL_DB}"{{ end }} mysqldump ${MYSQL_OPTS} -h ${MYSQL_HOST} -P ${MYSQL_PORT} -u ${MYSQL_USERNAME}{{ if .Values.mysql.password }} -p${MYSQL_PASSWORD}{{ end }} --databases ${MYSQL_DB} | gzip > ${BACKUP_DIR}/{{ if .Values.saveToDirectory }}${MYSQL_DB}/{{ end }}${TIMESTAMP}_${MYSQL_DB}.sql.gz - + rc=$? {{ else if and (.Values.allDatabases.enabled) (eq .Values.allDatabases.singleBackupFile false)}} for MYSQL_DB in $(mysql -h "${MYSQL_HOST}" -u ${MYSQL_USERNAME}{{ if .Values.mysql.password }} -p${MYSQL_PASSWORD}{{ end }} -B -N -e "SHOW DATABASES;"|egrep -v '^(information|performance)_schema$'); do echo "Backing up db ${MYSQL_DB}" From c9d42c5574e0dfb7e8c1d69347512f4fe416d411 Mon Sep 17 00:00:00 2001 From: Vyas Swaroop Date: Sun, 3 Feb 2019 19:27:54 +0530 Subject: [PATCH 0036/1586] [stable/spinnaker] Option to use external redis (#10663) * Option to use external redis Signed-off-by: Vyas Swarooop * Chart version bumped Signed-off-by: Vyas Swarooop * Updating the external redis values structure with the base pattern Signed-off-by: Vyas Swarooop * Resolving out of sync requirements.lock Signed-off-by: Vyas Swarooop * Bumped chart version Signed-off-by: Vyas Swarooop * move redis config to new init script config map Signed-off-by: Paul Czarkowski * add missing {{ end }} Signed-off-by: Paul Czarkowski --- stable/spinnaker/Chart.yaml | 2 +- stable/spinnaker/requirements.lock | 4 ++-- stable/spinnaker/requirements.yaml | 1 + .../templates/configmap/halyard-init-script.yaml | 11 ++++++++++- stable/spinnaker/values.yaml | 8 +++++++- 5 files changed, 21 insertions(+), 5 deletions(-) diff --git a/stable/spinnaker/Chart.yaml b/stable/spinnaker/Chart.yaml index 08ed00839782..87dc63be745f 100644 --- a/stable/spinnaker/Chart.yaml +++ b/stable/spinnaker/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence. name: spinnaker -version: 1.5.1 +version: 1.6.0 appVersion: 1.11.6 home: http://spinnaker.io/ sources: diff --git a/stable/spinnaker/requirements.lock b/stable/spinnaker/requirements.lock index b61350f8aae7..d40d9943b579 100644 --- a/stable/spinnaker/requirements.lock +++ b/stable/spinnaker/requirements.lock @@ -5,5 +5,5 @@ dependencies: - name: minio repository: https://kubernetes-charts.storage.googleapis.com/ version: 1.6.3 -digest: sha256:91008508c9ab75698d9ceadd02362d9169582065a185de15ccb41c78a12d1818 -generated: 2018-08-31T13:53:57.346842993+02:00 +digest: sha256:bccb7348a48817b0c0c654dfecd2f399a64a50b0f677b483a27a76f4ff7ddd89 +generated: 2019-01-21T21:59:54.069291+05:30 diff --git a/stable/spinnaker/requirements.yaml b/stable/spinnaker/requirements.yaml index 948f78a883aa..a5c15c0e956f 100644 --- a/stable/spinnaker/requirements.yaml +++ b/stable/spinnaker/requirements.yaml @@ -2,6 +2,7 @@ dependencies: - name: redis version: 3.8.0 repository: https://kubernetes-charts.storage.googleapis.com/ + condition: redis.enabled - name: minio version: 1.6.3 repository: https://kubernetes-charts.storage.googleapis.com/ diff --git a/stable/spinnaker/templates/configmap/halyard-init-script.yaml b/stable/spinnaker/templates/configmap/halyard-init-script.yaml index 034238b73d54..71d550685c2c 100644 --- a/stable/spinnaker/templates/configmap/halyard-init-script.yaml +++ b/stable/spinnaker/templates/configmap/halyard-init-script.yaml @@ -11,9 +11,18 @@ data: # Override Halyard daemon's listen address cp /opt/halyard/config/* /tmp/config printf 'server.address: 0.0.0.0\n' > /tmp/config/halyard-local.yml - # Use Redis deployed via the dependent Helm chart + mkdir -p /tmp/spinnaker/.hal/default/service-settings + + {{- if .Values.redis.enabled }} printf 'overrideBaseUrl: redis://:{{ .Values.redis.password }}@{{ .Release.Name }}-redis-master:6379\nskipLifeCycleManagement: true\n' > /tmp/spinnaker/.hal/default/service-settings/redis.yml + {{- else }} + {{ if .Values.redis.external.password }} + printf 'overrideBaseUrl: redis://:{{ .Values.redis.external.password }}@{{ .Values.redis.external.host }}:{{ .Values.redis.external.port }}\nskipLifeCycleManagement: true\n' > /tmp/spinnaker/.hal/default/service-settings/redis.yml + {{- else }} + printf 'overrideBaseUrl: redis://{{ .Values.redis.external.host }}:{{ .Values.redis.external.port }}\nskipLifeCycleManagement: true\n' > /tmp/spinnaker/.hal/default/service-settings/redis.yml + {{- end }} + {{- end }} # Route the /gate path of Deck to Gate printf 'env:\n API_HOST: http://spin-gate.{{ .Release.Namespace }}:8084\n' > /tmp/spinnaker/.hal/default/service-settings/deck.yml diff --git a/stable/spinnaker/values.yaml b/stable/spinnaker/values.yaml index fcf3d990a950..0e63c98fa6ac 100644 --- a/stable/spinnaker/values.yaml +++ b/stable/spinnaker/values.yaml @@ -122,8 +122,14 @@ spinnakerFeatureFlags: nodeSelector: {} # Redis password to use for the in-cluster redis service -# Redis is not exposed publically +# Enable redis to use in-cluster redis redis: + enabled: true + # External Redis option will be enabled if in-cluster redis is disabled + external: + host: "" + port: 6379 + # password: "" password: password nodeSelector: {} cluster: From ded6c29884c0824b37738ff49dd1c388d33bc6ec Mon Sep 17 00:00:00 2001 From: "David J. M. Karlsen" Date: Sun, 3 Feb 2019 15:42:31 +0100 Subject: [PATCH 0037/1586] ugrade kube-hunter (#11103) Signed-off-by: David J. M. Karlsen --- stable/kube-hunter/Chart.yaml | 4 ++-- stable/kube-hunter/README.md | 2 +- stable/kube-hunter/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/kube-hunter/Chart.yaml b/stable/kube-hunter/Chart.yaml index 5e2498a052dd..eeb70b7eb214 100644 --- a/stable/kube-hunter/Chart.yaml +++ b/stable/kube-hunter/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "34" +appVersion: "195" description: A Helm chart for Kube-hunter name: kube-hunter -version: 1.0.1 +version: 1.0.2 home: https://github.com/aquasecurity/kube-hunter icon: https://raw.githubusercontent.com/aquasecurity/kube-hunter/master/kube-hunter.png keywords: diff --git a/stable/kube-hunter/README.md b/stable/kube-hunter/README.md index 3d4a3573ff75..8d005ccc4744 100644 --- a/stable/kube-hunter/README.md +++ b/stable/kube-hunter/README.md @@ -26,7 +26,7 @@ their default values. | `customArguments` | Additional custom arguments to give to kube-hunter | `[]` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.repository` | Container image to use | `aquasec/kube-hunter` | -| `image.tag` | Container image tag to deploy | `34` | +| `image.tag` | Container image tag to deploy | `195` | | `cronjob.schedule` | Schedule for the CronJob | `0 1 * * *` | | `cronjob.annotations` | Annotations to add to the cronjob | {} | | `cronjob.concurrencyPolicy` | `Allow|Forbid|Replace` concurrent jobs | `Forbid` | diff --git a/stable/kube-hunter/values.yaml b/stable/kube-hunter/values.yaml index cd2261216bbc..1168a8cf2b18 100644 --- a/stable/kube-hunter/values.yaml +++ b/stable/kube-hunter/values.yaml @@ -17,7 +17,7 @@ pod: image: repository: aquasec/kube-hunter - tag: 34 + tag: 195 pullPolicy: IfNotPresent resources: {} From cc7b54837c9b62bd4dbae8dbe57b32ab310a75c8 Mon Sep 17 00:00:00 2001 From: Jesse Suen Date: Sun, 3 Feb 2019 06:57:27 -0800 Subject: [PATCH 0038/1586] Use rbac.authorization.k8s.io/v1 apiVersion in RBAC resources (#11094) Signed-off-by: Jesse Suen --- stable/kube-state-metrics/Chart.yaml | 2 +- stable/kube-state-metrics/templates/psp-clusterrole.yaml | 6 +----- .../templates/psp-clusterrolebinding.yaml | 6 +----- 3 files changed, 3 insertions(+), 11 deletions(-) diff --git a/stable/kube-state-metrics/Chart.yaml b/stable/kube-state-metrics/Chart.yaml index e64bcad98e41..0588e2912888 100644 --- a/stable/kube-state-metrics/Chart.yaml +++ b/stable/kube-state-metrics/Chart.yaml @@ -5,7 +5,7 @@ keywords: - metric - monitoring - prometheus -version: 0.13.0 +version: 0.13.1 appVersion: 1.4.0 home: https://github.com/kubernetes/kube-state-metrics/ sources: diff --git a/stable/kube-state-metrics/templates/psp-clusterrole.yaml b/stable/kube-state-metrics/templates/psp-clusterrole.yaml index bdc774af7de6..c43f90da2c63 100644 --- a/stable/kube-state-metrics/templates/psp-clusterrole.yaml +++ b/stable/kube-state-metrics/templates/psp-clusterrole.yaml @@ -1,10 +1,6 @@ {{- if and .Values.podSecurityPolicy.enabled -}} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} -apiVersion: rbac.authorization.k8s.io/v1alpha1 -{{- end }} metadata: labels: app: {{ template "kube-state-metrics.name" . }} diff --git a/stable/kube-state-metrics/templates/psp-clusterrolebinding.yaml b/stable/kube-state-metrics/templates/psp-clusterrolebinding.yaml index 611a9a246428..bfca12cab4c3 100644 --- a/stable/kube-state-metrics/templates/psp-clusterrolebinding.yaml +++ b/stable/kube-state-metrics/templates/psp-clusterrolebinding.yaml @@ -1,9 +1,5 @@ {{- if and .Values.podSecurityPolicy.enabled -}} -{{- if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1beta1" }} -apiVersion: rbac.authorization.k8s.io/v1beta1 -{{- else if .Capabilities.APIVersions.Has "rbac.authorization.k8s.io/v1alpha1" }} -apiVersion: rbac.authorization.k8s.io/v1alpha1 -{{- end }} +apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: From 026320e8f6f844d1c805909c8671fffc4b173da6 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Sun, 3 Feb 2019 20:27:37 +0530 Subject: [PATCH 0039/1586] phabricator: update to `2019.5.0` (#11097) Signed-off-by: Bitnami Containers --- stable/phabricator/Chart.yaml | 4 ++-- stable/phabricator/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/phabricator/Chart.yaml b/stable/phabricator/Chart.yaml index 31c4e18201b7..77b2cc590a52 100644 --- a/stable/phabricator/Chart.yaml +++ b/stable/phabricator/Chart.yaml @@ -1,6 +1,6 @@ name: phabricator -version: 4.0.10 -appVersion: 2019.4.0 +version: 4.0.11 +appVersion: 2019.5.0 description: Collection of open source web applications that help software companies build better software. keywords: - phabricator diff --git a/stable/phabricator/values.yaml b/stable/phabricator/values.yaml index 408942bd4bc9..ee3b09b3f4f7 100644 --- a/stable/phabricator/values.yaml +++ b/stable/phabricator/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/phabricator - tag: 2019.4.0 + tag: 2019.5.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From b54a9b39472aad99c269464cc7c15dfccb213ecd Mon Sep 17 00:00:00 2001 From: Naseem Date: Sun, 3 Feb 2019 09:57:46 -0500 Subject: [PATCH 0040/1586] Bumping img (#11099) Signed-off-by: Naseem Ullah --- stable/fluent-bit/Chart.yaml | 4 ++-- stable/fluent-bit/README.md | 6 +++--- stable/fluent-bit/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/fluent-bit/Chart.yaml b/stable/fluent-bit/Chart.yaml index 15bef4cf945d..5a5263a8d5b4 100755 --- a/stable/fluent-bit/Chart.yaml +++ b/stable/fluent-bit/Chart.yaml @@ -1,6 +1,6 @@ name: fluent-bit -version: 1.5.1 -appVersion: 1.0.3 +version: 1.5.2 +appVersion: 1.0.4 description: Fast and Lightweight Log/Data Forwarder for Linux, BSD and OSX keywords: - logging diff --git a/stable/fluent-bit/README.md b/stable/fluent-bit/README.md index 33abdccf5e7f..96003d37eb5b 100644 --- a/stable/fluent-bit/README.md +++ b/stable/fluent-bit/README.md @@ -95,7 +95,7 @@ The following table lists the configurable parameters of the Fluent-Bit chart an | `filter.kubeTag` | Optional top-level tag for matching in filter | `kube` | | `filter.mergeJSONLog` | If the log field content is a JSON string map, append the map fields as part of the log structure | `true` | | `image.fluent_bit.repository` | Image | `fluent/fluent-bit` | -| `image.fluent_bit.tag` | Image tag | `1.0.3` | +| `image.fluent_bit.tag` | Image tag | `1.0.4` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `nil` | | `input.tail.memBufLimit` | Specify Mem_Buf_Limit in tail input | `5MB` | @@ -137,6 +137,6 @@ $ helm install --name my-release -f values.yaml stable/fluent-bit ### From < 1.0.0 To 1.0.0 -Values `extraInputs`, `extraFilters` and `extraOutputs` have been removed in version `1.0.0` of the fluent-bit chart. -To add additional entries to the existing sections, please use the `extraEntries.input`, `extraEntries.filter` and `extraEntries.output` values. +Values `extraInputs`, `extraFilters` and `extraOutputs` have been removed in version `1.0.0` of the fluent-bit chart. +To add additional entries to the existing sections, please use the `extraEntries.input`, `extraEntries.filter` and `extraEntries.output` values. For entire sections, please use the `rawConfig` value, inserting blocks of text as desired. diff --git a/stable/fluent-bit/values.yaml b/stable/fluent-bit/values.yaml index 703c13cf9938..33f92f12c20d 100644 --- a/stable/fluent-bit/values.yaml +++ b/stable/fluent-bit/values.yaml @@ -5,7 +5,7 @@ on_minikube: false image: fluent_bit: repository: fluent/fluent-bit - tag: 1.0.3 + tag: 1.0.4 pullPolicy: IfNotPresent # When enabled, exposes json and prometheus metrics on {{ .Release.Name }}-metrics service From fd37371d69dc4dee9cb3af3d1a1ad3783e5fbd7d Mon Sep 17 00:00:00 2001 From: Cyrill Troxler Date: Sun, 3 Feb 2019 18:53:06 +0100 Subject: [PATCH 0041/1586] Add loadBalancerIP to configure static LB IP (#11065) Signed-off-by: Cyrill Troxler --- incubator/vault/Chart.yaml | 2 +- incubator/vault/README.md | 1 + incubator/vault/templates/service.yaml | 3 +++ incubator/vault/values.yaml | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/incubator/vault/Chart.yaml b/incubator/vault/Chart.yaml index 75f4065aef86..ec0d80bd1d04 100644 --- a/incubator/vault/Chart.yaml +++ b/incubator/vault/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart for Vault, a tool for managing secrets name: vault -version: 0.14.6 +version: 0.14.7 appVersion: 1.0.1 home: https://www.vaultproject.io/ icon: https://www.vaultproject.io/assets/images/mega-nav/logo-vault-0f83e3d2.svg diff --git a/incubator/vault/README.md b/incubator/vault/README.md index e3bf7004710d..754e23302709 100644 --- a/incubator/vault/README.md +++ b/incubator/vault/README.md @@ -62,6 +62,7 @@ The following table lists the configurable parameters of the Vault chart and the | `resources.limits.cpu` | Container requested CPU | `nil` | | `resources.limits.memory` | Container requested memory | `nil` | | `affinity` | Affinity settings | See values.yaml | +| `service.loadBalancerIP` | Assign a static IP to the loadbalancer | `nil` | | `service.loadBalancerSourceRanges`| IP whitelist for service type loadbalancer | `[]` | | `service.annotations` | Annotations for service | `{}` | | `annotations` | Annotations for deployment | `{}` | diff --git a/incubator/vault/templates/service.yaml b/incubator/vault/templates/service.yaml index a29a6f5a2c4b..c271d1a18a1e 100644 --- a/incubator/vault/templates/service.yaml +++ b/incubator/vault/templates/service.yaml @@ -17,6 +17,9 @@ spec: clusterIP: {{ .Values.service.clusterIP }} {{- end }} {{- if eq .Values.service.type "LoadBalancer" }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} loadBalancerSourceRanges: {{- range .Values.service.loadBalancerSourceRanges }} - {{ . }} diff --git a/incubator/vault/values.yaml b/incubator/vault/values.yaml index 9e537bea9aa8..28940b8d73f2 100644 --- a/incubator/vault/values.yaml +++ b/incubator/vault/values.yaml @@ -28,6 +28,8 @@ service: name: vault type: ClusterIP # type: LoadBalancer + # Assign a static LB IP + # loadBalancerIP: 203.0.113.32 loadBalancerSourceRanges: [] # - 10.0.0.0/8 # - 130.211.204.2/32 From 4c2ca4c38a8cc6abe2f9f60a0a48daa8fa3440ea Mon Sep 17 00:00:00 2001 From: Norbert Varzariu Date: Sun, 3 Feb 2019 19:33:58 +0100 Subject: [PATCH 0042/1586] [stable/mysqldump] option to run additional shell steps (#11100) * add option for additional shell steps to run, fix kc alias in Notes.txt to kubectl Signed-off-by: Norbert Varzariu * bump minor chart version, add example for additionalSteps Signed-off-by: Norbert Varzariu --- stable/mysqldump/Chart.yaml | 4 ++-- stable/mysqldump/README.md | 1 + stable/mysqldump/templates/NOTES.txt | 10 +++++----- stable/mysqldump/templates/configmap.yaml | 6 ++++++ stable/mysqldump/values.yaml | 8 ++++++++ 5 files changed, 22 insertions(+), 7 deletions(-) diff --git a/stable/mysqldump/Chart.yaml b/stable/mysqldump/Chart.yaml index 03345566ef0e..01e13aaf952f 100644 --- a/stable/mysqldump/Chart.yaml +++ b/stable/mysqldump/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 2.3.1 +appVersion: 2.4.0 description: A Helm chart to help backup MySQL databases using mysqldump name: mysqldump -version: 2.3.1 +version: 2.4.0 keywords: - mysql - mysqldump diff --git a/stable/mysqldump/README.md b/stable/mysqldump/README.md index 93e34f7115a4..14d8958d25b7 100644 --- a/stable/mysqldump/README.md +++ b/stable/mysqldump/README.md @@ -57,6 +57,7 @@ The following tables lists the configurable parameters of the mysqldump chart an | schedule | crontab schedule to run on. set as `now` to run as a one time job | "0/5 \* \* \* \*" | | options | options to pass onto MySQL | "--opt --single-transaction" | | debug | print some extra debug logs during backup | false | +| additionalSteps | run these extra shell steps after all backup jobs completed | [] | | successfulJobsHistoryLimit | number of successful jobs to remember | 5 | | failedJobsHistoryLimit | number of failed jobs to remember | 5 | | persistentVolumeClaim | existing Persistent Volume Claim to backup to, leave blank to create a new one | | diff --git a/stable/mysqldump/templates/NOTES.txt b/stable/mysqldump/templates/NOTES.txt index cff75de1de2a..22ad7e8937e8 100644 --- a/stable/mysqldump/templates/NOTES.txt +++ b/stable/mysqldump/templates/NOTES.txt @@ -10,7 +10,7 @@ $ kubectl get pods --selector=job-name={{ template "mysqldump.fullname" . }} --s To see the logs from the backup job run: -$ kubectl logs `kc get pods --selector=job-name=test-mysqldump --output=jsonpath={.items..metadata.name}` +$ kubectl logs `kubectl get pods --selector=job-name=test-mysqldump --output=jsonpath={.items..metadata.name}` mysqldump contents can be found in: {{- if .Values.persistentVolumeClaim }} @@ -19,7 +19,7 @@ $ kubectl get persistentvolumeclaim {{ .Values.persistentVolumeClaim }} {{- if .Values.persistence.enabled }} $ kubectl get persistentvolumeclaim {{ template "mysqldump.fullname" . }} {{- else }} -$ kubectl logs `kc get pods --selector=job-name=test-mysqldump --output=jsonpath={.items..metadata.name}` +$ kubectl logs `kubectl get pods --selector=job-name=test-mysqldump --output=jsonpath={.items..metadata.name}` {{- end -}} {{- end }} @@ -35,8 +35,8 @@ $ kubectl get jobs --selector=cronjob-name={{ template "mysqldump.fullname" . }} To see the logs from the most recent backup job run: -$ kubectl logs $(kc get pods --selector \ - job-name=$(kc get jobs --selector=cronjob-name={{ template "mysqldump.fullname" . }} \ +$ kubectl logs $(kubectl get pods --selector \ + job-name=$(kubectl get jobs --selector=cronjob-name={{ template "mysqldump.fullname" . }} \ --output=jsonpath='{.items[-1:].metadata.name}') \ --output=jsonpath={.items..metadata.name}) @@ -47,7 +47,7 @@ $ kubectl get persistentvolumeclaim {{ .Values.persistentVolumeClaim }} {{- if .Values.persistence.enabled }} $ kubectl get persistentvolumeclaim {{ template "mysqldump.fullname" . }} {{- else }} -$ kubectl logs `kc get pods --selector=job-name=test-mysqldump --output=jsonpath={.items..metadata.name}` +$ kubectl logs `kubectl get pods --selector=job-name=test-mysqldump --output=jsonpath={.items..metadata.name}` {{- end -}} {{- end }} diff --git a/stable/mysqldump/templates/configmap.yaml b/stable/mysqldump/templates/configmap.yaml index 33ba7d23767a..c36d43870ad3 100644 --- a/stable/mysqldump/templates/configmap.yaml +++ b/stable/mysqldump/templates/configmap.yaml @@ -103,6 +103,12 @@ data: exit 1 fi + {{ if .Values.additionalSteps }} + {{- range .Values.additionalSteps }} + {{ . }} + {{- end }} + {{- end }} + {{ if .Values.debug }} ls -alh ${BACKUP_DIR} {{ end }} diff --git a/stable/mysqldump/values.yaml b/stable/mysqldump/values.yaml index e5b1e157798b..c0783461d32e 100644 --- a/stable/mysqldump/values.yaml +++ b/stable/mysqldump/values.yaml @@ -40,6 +40,14 @@ debug: false successfulJobsHistoryLimit: 5 failedJobsHistoryLimit: 5 +# additional steps for mysqldump shell script +# will be inserted after all backup and upload jobs completed successfully. +# Use "${BACKUP_DIR}/${TIMESTAMP}_${MYSQL_DB}.sql.gz" as dump file name. +# see examples +additionalSteps: [] +# - gsutil cp "${BACKUP_DIR}/${TIMESTAMP}_${MYSQL_DB}.sql.gz" gs://mybucket/latest.sql.gz +# - echo "latest sql dump updated" + ## set persistentVolumeClaim to use a PVC that already exists. ## if set will override any settings under `persistence` otherwise ## if not set and `persistence.enabled` set to true, will create a PVC. From 19c1b41dae8342bd73dd891f92b6dd625d3dd3f5 Mon Sep 17 00:00:00 2001 From: Kit Ewbank Date: Sun, 3 Feb 2019 15:55:03 -0500 Subject: [PATCH 0043/1586] Support headless service/clusterIP and service port name for Kibana. (#11043) Signed-off-by: Kit Ewbank --- stable/kibana/Chart.yaml | 2 +- stable/kibana/README.md | 2 ++ stable/kibana/templates/service.yaml | 6 ++++++ stable/kibana/values.yaml | 2 ++ 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/stable/kibana/Chart.yaml b/stable/kibana/Chart.yaml index 860088d8b3b7..f4a3aa8eb5ff 100644 --- a/stable/kibana/Chart.yaml +++ b/stable/kibana/Chart.yaml @@ -1,5 +1,5 @@ name: kibana -version: 1.4.0 +version: 1.4.1 appVersion: 6.6.0 description: Kibana is an open source data visualization plugin for Elasticsearch icon: https://raw.githubusercontent.com/elastic/kibana/master/src/ui/public/icons/kibana-color.svg diff --git a/stable/kibana/README.md b/stable/kibana/README.md index c740610e0e8f..5bafd4de1182 100644 --- a/stable/kibana/README.md +++ b/stable/kibana/README.md @@ -70,12 +70,14 @@ The following table lists the configurable parameters of the kibana chart and th | `priorityClassName` | priorityClassName | `nil` | | `service.externalPort` | external port for the service | `443` | | `service.internalPort` | internal port for the service | `4180` | +| `service.portName` | service port name | None: | | `service.authProxyPort` | port to use when using sidecar authProxy | None: | | `service.externalIPs` | external IP addresses | None: | | `service.loadBalancerIP` | Load Balancer IP address | None: | | `service.loadBalancerSourceRanges` | Limit load balancer source IPs to list of CIDRs (where available)) | `[]` | | `service.nodePort` | NodePort value if service.type is NodePort | None: | | `service.type` | type of service | `ClusterIP` | +| `service.clusterIP` | static clusterIP or None for headless services | None: | | `service.annotations` | Kubernetes service annotations | None: | | `service.labels` | Kubernetes service labels | None: | | `tolerations` | List of node taints to tolerate | `[]` | diff --git a/stable/kibana/templates/service.yaml b/stable/kibana/templates/service.yaml index cb22fe0882e2..064d470f6515 100644 --- a/stable/kibana/templates/service.yaml +++ b/stable/kibana/templates/service.yaml @@ -24,6 +24,9 @@ spec: {{- end }} {{- end }} type: {{ .Values.service.type }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} ports: - port: {{ .Values.service.externalPort }} {{- if not .Values.authProxyEnabled }} @@ -35,6 +38,9 @@ spec: {{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} nodePort: {{ .Values.service.nodePort }} {{ end }} +{{- if .Values.service.portName }} + name: {{ .Values.service.portName }} +{{- end }} {{- if .Values.service.externalIPs }} externalIPs: {{ toYaml .Values.service.externalIPs | indent 4 }} diff --git a/stable/kibana/values.yaml b/stable/kibana/values.yaml index de34527191a3..6c40b7294a77 100644 --- a/stable/kibana/values.yaml +++ b/stable/kibana/values.yaml @@ -34,6 +34,8 @@ deployment: service: type: ClusterIP + # clusterIP: None + # portName: kibana-svc externalPort: 443 internalPort: 5601 # authProxyPort: 5602 To be used with authProxyEnabled and a proxy extraContainer From 153b7c3a01b57f313732138a18cd3c45fc4064b2 Mon Sep 17 00:00:00 2001 From: Mike Tougeron Date: Mon, 4 Feb 2019 01:25:16 -0800 Subject: [PATCH 0044/1586] terminationGracePeriodSeconds is part of the podSpec not container (#11080) Signed-off-by: Mike Tougeron --- stable/node-problem-detector/Chart.yaml | 2 +- stable/node-problem-detector/templates/daemonset.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/node-problem-detector/Chart.yaml b/stable/node-problem-detector/Chart.yaml index 1a11ea61d4a4..cc3078d1c86e 100644 --- a/stable/node-problem-detector/Chart.yaml +++ b/stable/node-problem-detector/Chart.yaml @@ -1,5 +1,5 @@ name: node-problem-detector -version: "1.3.0" +version: "1.3.1" appVersion: v0.6.1 home: https://github.com/kubernetes/node-problem-detector description: Installs the node-problem-detector daemonset for monitoring extra attributes on nodes diff --git a/stable/node-problem-detector/templates/daemonset.yaml b/stable/node-problem-detector/templates/daemonset.yaml index d795a9ddbb23..1b04ed5130d3 100644 --- a/stable/node-problem-detector/templates/daemonset.yaml +++ b/stable/node-problem-detector/templates/daemonset.yaml @@ -26,6 +26,7 @@ spec: spec: serviceAccountName: {{ template "node-problem-detector.serviceAccountName" . }} hostNetwork: {{ .Values.hostNetwork }} + terminationGracePeriodSeconds: 30 containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -50,7 +51,6 @@ spec: - name: custom-config mountPath: /custom-config readOnly: true - terminationGracePeriodSeconds: 30 resources: {{ toYaml .Values.resources | indent 12 }} {{- with .Values.affinity }} From a59133396d801c841d3a3ad12481cacf36d024df Mon Sep 17 00:00:00 2001 From: "David J. M. Karlsen" Date: Mon, 4 Feb 2019 12:09:00 +0100 Subject: [PATCH 0045/1586] [stable/elasticsearch] make readiness probes configurable (#11114) Signed-off-by: David J. M. Karlsen --- stable/elasticsearch/Chart.yaml | 2 +- stable/elasticsearch/README.md | 2 ++ stable/elasticsearch/templates/data-statefulset.yaml | 5 +---- stable/elasticsearch/templates/master-statefulset.yaml | 5 +---- stable/elasticsearch/values.yaml | 10 ++++++++++ 5 files changed, 15 insertions(+), 9 deletions(-) diff --git a/stable/elasticsearch/Chart.yaml b/stable/elasticsearch/Chart.yaml index 987059a42a0d..b692ddbc05d6 100755 --- a/stable/elasticsearch/Chart.yaml +++ b/stable/elasticsearch/Chart.yaml @@ -1,6 +1,6 @@ name: elasticsearch home: https://www.elastic.co/products/elasticsearch -version: 1.18.0 +version: 1.18.1 appVersion: 6.6.0 description: Flexible and powerful open source, distributed real-time search and analytics engine. diff --git a/stable/elasticsearch/README.md b/stable/elasticsearch/README.md index ffb1df3a587f..5fd040f6ecd0 100644 --- a/stable/elasticsearch/README.md +++ b/stable/elasticsearch/README.md @@ -112,6 +112,7 @@ The following table lists the configurable parameters of the elasticsearch chart | `master.persistence.size` | Master persistent volume size | `4Gi` | | `master.persistence.storageClass` | Master persistent volume Class | `nil` | | `master.persistence.accessMode` | Master persistent Access Mode | `ReadWriteOnce` | +| `master.readinessProbe` | Master container readiness probes | see `values.yaml` for defaults | | `master.antiAffinity` | Master anti-affinity policy | `soft` | | `master.nodeAffinity` | Master node affinity policy | `{}` | | `master.updateStrategy` | Master node update strategy policy | `{type: "onDelete"}` | @@ -128,6 +129,7 @@ The following table lists the configurable parameters of the elasticsearch chart | `data.persistence.size` | Data persistent volume size | `30Gi` | | `data.persistence.storageClass` | Data persistent volume Class | `nil` | | `data.persistence.accessMode` | Data persistent Access Mode | `ReadWriteOnce` | +| `data.readinessProbe` | Readiness probes for data-containers | see `values.yaml` for defaults | | `data.podAnnotations` | Data StatefulSet annotations | `{}` | | `data.nodeSelector` | Node labels for data pod assignment | `{}` | | `data.tolerations` | Data tolerations | `[]` | diff --git a/stable/elasticsearch/templates/data-statefulset.yaml b/stable/elasticsearch/templates/data-statefulset.yaml index 902dccde9c85..94dd00ab9ea0 100644 --- a/stable/elasticsearch/templates/data-statefulset.yaml +++ b/stable/elasticsearch/templates/data-statefulset.yaml @@ -132,10 +132,7 @@ spec: resources: {{ toYaml .Values.data.resources | indent 12 }} readinessProbe: - httpGet: - path: /_cluster/health?local=true - port: 9200 - initialDelaySeconds: 5 +{{ toYaml .Values.data.readinessProbe | indent 10 }} volumeMounts: - mountPath: /usr/share/elasticsearch/data name: data diff --git a/stable/elasticsearch/templates/master-statefulset.yaml b/stable/elasticsearch/templates/master-statefulset.yaml index 31179dec9e93..00ee76243161 100644 --- a/stable/elasticsearch/templates/master-statefulset.yaml +++ b/stable/elasticsearch/templates/master-statefulset.yaml @@ -127,10 +127,7 @@ spec: resources: {{ toYaml .Values.master.resources | indent 12 }} readinessProbe: - httpGet: - path: /_cluster/health?local=true - port: 9200 - initialDelaySeconds: 5 +{{ toYaml .Values.master.readinessProbe | indent 10 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} ports: diff --git a/stable/elasticsearch/values.yaml b/stable/elasticsearch/values.yaml index f3ec64f9e490..1e5618767d90 100644 --- a/stable/elasticsearch/values.yaml +++ b/stable/elasticsearch/values.yaml @@ -125,6 +125,11 @@ master: name: data size: "4Gi" # storageClass: "ssd" + readinessProbe: + httpGet: + path: /_cluster/health?local=true + port: 9200 + initialDelaySeconds: 5 antiAffinity: "soft" nodeAffinity: {} nodeSelector: {} @@ -166,6 +171,11 @@ data: name: data size: "30Gi" # storageClass: "ssd" + readinessProbe: + httpGet: + path: /_cluster/health?local=true + port: 9200 + initialDelaySeconds: 5 terminationGracePeriodSeconds: 3600 antiAffinity: "soft" nodeAffinity: {} From 2311cf15cf6ca76209d0d9860f21ce2dfd24a035 Mon Sep 17 00:00:00 2001 From: Matthieu Paret Date: Mon, 4 Feb 2019 14:49:34 +0100 Subject: [PATCH 0046/1586] [stable/elastic-stack] Add ability to disable kibana (#11117) * [Add] Possiblity to disable kibana Signed-off-by: --replace-all * Update requirement.lock and fix condition Signed-off-by: --replace-all --- stable/elastic-stack/Chart.yaml | 2 +- stable/elastic-stack/requirements.lock | 16 ++++++++-------- stable/elastic-stack/requirements.yaml | 1 + stable/elastic-stack/templates/NOTES.txt | 2 ++ stable/elastic-stack/values.yaml | 1 + 5 files changed, 13 insertions(+), 9 deletions(-) diff --git a/stable/elastic-stack/Chart.yaml b/stable/elastic-stack/Chart.yaml index a69467bdd6b9..bac272f19e0a 100644 --- a/stable/elastic-stack/Chart.yaml +++ b/stable/elastic-stack/Chart.yaml @@ -3,7 +3,7 @@ description: A Helm chart for ELK home: https://www.elastic.co/products icon: https://www.elastic.co/assets/bltb35193323e8f1770/logo-elastic-stack-lt.svg name: elastic-stack -version: 1.4.1 +version: 1.5.0 appVersion: 6.0 maintainers: - name: rendhalver diff --git a/stable/elastic-stack/requirements.lock b/stable/elastic-stack/requirements.lock index 2ba8362dc267..4ad3ef83dfcd 100644 --- a/stable/elastic-stack/requirements.lock +++ b/stable/elastic-stack/requirements.lock @@ -1,22 +1,22 @@ dependencies: - name: elasticsearch repository: https://kubernetes-charts.storage.googleapis.com/ - version: 1.17.0 + version: 1.18.1 - name: kibana repository: https://kubernetes-charts.storage.googleapis.com/ - version: 1.1.2 + version: 1.4.1 - name: filebeat repository: https://kubernetes-charts.storage.googleapis.com/ - version: 1.1.2 + version: 1.2.0 - name: logstash repository: https://kubernetes-charts.storage.googleapis.com/ - version: 1.4.2 + version: 1.5.0 - name: fluentd repository: https://kubernetes-charts.storage.googleapis.com/ version: 1.4.0 - name: fluent-bit repository: https://kubernetes-charts.storage.googleapis.com/ - version: 1.3.0 + version: 1.5.2 - name: fluentd-elasticsearch repository: https://kubernetes-charts.storage.googleapis.com/ version: 1.5.0 @@ -25,9 +25,9 @@ dependencies: version: 0.1.2 - name: elasticsearch-curator repository: https://kubernetes-charts.storage.googleapis.com/ - version: 1.0.1 + version: 1.1.0 - name: elasticsearch-exporter repository: https://kubernetes-charts.storage.googleapis.com/ version: 0.4.1 -digest: sha256:1fd4a059ff9264193884b83644fd057216c384cc5a0debfe8347e9433bd7d1e2 -generated: 2019-01-14T14:58:05.877505741-05:00 +digest: sha256:8455d84f9a92b252ce877037f85082eba25a7d5828a5f73dbfba19179232f3f1 +generated: 2019-02-04T12:54:51.901881528+01:00 diff --git a/stable/elastic-stack/requirements.yaml b/stable/elastic-stack/requirements.yaml index d4c872fcbf48..fb1bc76217a7 100644 --- a/stable/elastic-stack/requirements.yaml +++ b/stable/elastic-stack/requirements.yaml @@ -6,6 +6,7 @@ dependencies: - name: kibana version: ^1.1.0 repository: https://kubernetes-charts.storage.googleapis.com/ + condition: kibana.enabled - name: filebeat version: ^1.0.0 repository: https://kubernetes-charts.storage.googleapis.com/ diff --git a/stable/elastic-stack/templates/NOTES.txt b/stable/elastic-stack/templates/NOTES.txt index 96ae71d8eb06..740fa256983e 100644 --- a/stable/elastic-stack/templates/NOTES.txt +++ b/stable/elastic-stack/templates/NOTES.txt @@ -1,5 +1,6 @@ The elasticsearch cluster and associated extras have been installed. +{{- if .Values.kibana.enabled }} Kibana can be accessed: * Within your cluster, at the following DNS name at port 9200: @@ -29,3 +30,4 @@ Kibana can be accessed: echo "Visit http://127.0.0.1:5601 to use Kibana" kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME 5601:5601 {{- end }} +{{- end }} diff --git a/stable/elastic-stack/values.yaml b/stable/elastic-stack/values.yaml index 28480f37d19b..fad43f5b9e70 100644 --- a/stable/elastic-stack/values.yaml +++ b/stable/elastic-stack/values.yaml @@ -5,6 +5,7 @@ elasticsearch: enabled: true kibana: + enabled: true env: ELASTICSEARCH_URL: http://http.default.svc.cluster.local:9200 From 3fea91c9473f4139401616c3ccdd07adb7fe8fee Mon Sep 17 00:00:00 2001 From: Ricardo Hernandez <430024+richerve@users.noreply.github.com> Date: Mon, 4 Feb 2019 14:08:06 +0000 Subject: [PATCH 0047/1586] [stable/traefik] HorizontalPodAutoscaler (#10288) * stable/traefik: Add hpa object Signed-off-by: Ricardo Hernandez * stable/traefik: bump version Signed-off-by: Ricardo Hernandez * stable/traefik: document autoscaling value Signed-off-by: Ricardo Hernandez * stable/traefik: Remove trailing whitespace in values Signed-off-by: Ricardo Hernandez * Comment autoscaling value Signed-off-by: Ricardo Hernandez --- stable/traefik/Chart.yaml | 2 +- stable/traefik/README.md | 1 + stable/traefik/templates/hpa.yaml | 20 ++++++++++++++++++++ stable/traefik/values.yaml | 15 +++++++++++++++ 4 files changed, 37 insertions(+), 1 deletion(-) create mode 100644 stable/traefik/templates/hpa.yaml diff --git a/stable/traefik/Chart.yaml b/stable/traefik/Chart.yaml index 05b477c57cfd..57315195b925 100644 --- a/stable/traefik/Chart.yaml +++ b/stable/traefik/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: traefik -version: 1.59.2 +version: 1.60.0 appVersion: 1.7.7 description: A Traefik based Kubernetes ingress controller with Let's Encrypt support keywords: diff --git a/stable/traefik/README.md b/stable/traefik/README.md index 9b34a1c3592a..fa0895446657 100644 --- a/stable/traefik/README.md +++ b/stable/traefik/README.md @@ -216,6 +216,7 @@ The following table lists the configurable parameters of the Traefik chart and t | `tracing.datadog.localAgentHostPort` | Location of the Datadog agent where spans will be sent | `127.0.0.1:8126` | | `tracing.datadog.debug` | Enables Datadog debugging | `false` | | `tracing.datadog.globalTag` | Apply shared tag in a form of Key:Value to all the traces | `""` | +| `autoscaling` | HorizontalPodAutoscaler for the traefik Deployment | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: diff --git a/stable/traefik/templates/hpa.yaml b/stable/traefik/templates/hpa.yaml new file mode 100644 index 000000000000..973f093e99aa --- /dev/null +++ b/stable/traefik/templates/hpa.yaml @@ -0,0 +1,20 @@ +{{- if .Values.autoscaling }} +apiVersion: autoscaling/v2beta1 +kind: HorizontalPodAutoscaler +metadata: + name: {{ template "traefik.fullname" . }} + labels: + app: {{ template "traefik.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: {{ template "traefik.fullname" . }} + minReplicas: {{ .Values.autoscaling.minReplicas }} + maxReplicas: {{ .Values.autoscaling.maxReplicas }} + metrics: +{{ toYaml .Values.autoscaling.metrics | indent 4 }} +{{- end }} diff --git a/stable/traefik/values.yaml b/stable/traefik/values.yaml index a9d2da9c10d3..5130bdd11a94 100644 --- a/stable/traefik/values.yaml +++ b/stable/traefik/values.yaml @@ -374,3 +374,18 @@ tracing: # localAgentHostPort: "127.0.0.1:8126" # debug: false # globalTag: "" + +## Create HorizontalPodAutoscaler object. +## +# autoscaling: +# minReplicas: 1 +# maxReplicas: 10 +# metrics: +# - type: Resource +# resource: +# name: cpu +# targetAverageUtilization: 60 +# - type: Resource +# resource: +# name: memory +# targetAverageUtilization: 60 From 2d50b559445eccb75af97beffa1502417211d688 Mon Sep 17 00:00:00 2001 From: Tomas Pizarro Date: Mon, 4 Feb 2019 15:55:57 +0100 Subject: [PATCH 0048/1586] [stable/postgresql] Add support for the official postgres image env vars (#10757) * [stable/postgresql] Add supports for the oficial postgres image env vars Signed-off-by: tompizmor * Add more info to README Signed-off-by: tompizmor * Update README Signed-off-by: tompizmor * Update README Signed-off-by: tompizmor * Grammar and wording fixes in README file Signed-off-by: tompizmor * Update version change for chart Signed-off-by: tompizmor --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 186 ++++++++++-------- stable/postgresql/templates/NOTES.txt | 4 +- .../templates/statefulset-slaves.yaml | 24 ++- stable/postgresql/templates/statefulset.yaml | 40 ++-- stable/postgresql/values-production.yaml | 15 ++ stable/postgresql/values.yaml | 16 ++ 7 files changed, 178 insertions(+), 109 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 6630e77df439..fd721b6bcb11 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.9.5 +version: 3.10.0 appVersion: 10.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index 5bb0f07f3f7e..5f0f7b9797fe 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -45,88 +45,91 @@ The command removes all the Kubernetes components associated with the chart and The following tables lists the configurable parameters of the PostgreSQL chart and their default values. -| Parameter | Description | Default | -|-----------------------------------------------|------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------| -| `global.imageRegistry` | Global Docker Image registry | `nil` | -| `image.registry` | PostgreSQL Image registry | `docker.io` | -| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | -| `image.tag` | PostgreSQL Image tag | `{VERSION}` | -| `image.pullPolicy` | PostgreSQL Image pull policy | `Always` | -| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug values should be set | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `latest` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | -| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | -| `replication.enabled` | Would you like to enable replication | `false` | -| `replication.user` | Replication user | `repl_user` | -| `replication.password` | Replication user password | `repl_password` | -| `replication.slaveReplicas` | Number of slaves replicas | `1` | -| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | -| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | -| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | -| `existingSecret` | Name of existing secret to use for PostgreSQL passwords | `nil` | -| `postgresqlUsername` | PostgreSQL admin user | `postgres` | -| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | -| `postgresqlDatabase` | PostgreSQL database | `nil` | -| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | -| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | -| `pgHbaConfiguration` | Content of pg\_hba.conf | `nil (do not create pg_hba.conf)` | -| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`) | `nil` | -| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files | `nil` | -| `initdbScripts` | List of initdb scripts | `nil` | -| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | PostgreSQL port | `5432` | -| `service.nodePort` | Kubernetes Service nodePort | `nil` | -| `service.annotations` | Annotations for PostgreSQL service | {} | -| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` | `nil` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | -| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | -| `persistence.accessMode` | PVC Access Mode for PostgreSQL volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | -| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | -| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | -| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | -| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | -| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | -| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | -| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `livenessProbe.enabled` | Would you like a livessProbed to be enabled | `true` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | -| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `metrics.enabled` | Start a prometheus exporter | `false` | -| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | -| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | -| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{}` | -| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | -| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` | -| `metrics.image.repository` | PostgreSQL Image name | `wrouesnel/postgres_exporter` | -| `metrics.image.tag` | PostgreSQL Image tag | `{VERSION}` | -| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `extraEnv` | Any extra environment variables you would like to pass on to the pod | `{}` | -| `updateStrategy` | Update strategy policy | `{type: "onDelete"}` | +| Parameter | Description | Default | +| --------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------- | +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `image.registry` | PostgreSQL Image registry | `docker.io` | +| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | +| `image.tag` | PostgreSQL Image tag | `{VERSION}` | +| `image.pullPolicy` | PostgreSQL Image pull policy | `Always` | +| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug values should be set | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `latest` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | +| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | +| `replication.enabled` | Would you like to enable replication | `false` | +| `replication.user` | Replication user | `repl_user` | +| `replication.password` | Replication user password | `repl_password` | +| `replication.slaveReplicas` | Number of slaves replicas | `1` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | +| `existingSecret` | Name of existing secret to use for PostgreSQL passwords | `nil` | +| `postgresqlUsername` | PostgreSQL admin user | `postgres` | +| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | +| `postgresqlDatabase` | PostgreSQL database | `nil` | +| `postgresqlDataDir` | PostgreSQL data dir folder | `/bitnami/postgresql` (same value as persistence.mountPath) | +| `postgresqlInitdbArgs` | PostgreSQL initdb extra arguments | `nil` | +| `postgresqlInitdbWalDir` | PostgreSQL location for transaction log | `nil` | +| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | +| `postgresqlExtendedConf` | Extended Runtime Config Parameters (appended to main or default configuration) | `nil` | +| `pgHbaConfiguration` | Content of pg\_hba.conf | `nil (do not create pg_hba.conf)` | +| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`) | `nil` | +| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files | `nil` | +| `initdbScripts` | List of initdb scripts | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | PostgreSQL port | `5432` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.annotations` | Annotations for PostgreSQL service | {} | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | +| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | +| `persistence.accessMode` | PVC Access Mode for PostgreSQL volume | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | +| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | +| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | +| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | +| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | +| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `livenessProbe.enabled` | Would you like a livessProbed to be enabled | `true` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `service.clusterIP` | Static clusterIP or None for headless services | `nil` | +| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{}` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | +| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Image name | `wrouesnel/postgres_exporter` | +| `metrics.image.tag` | PostgreSQL Image tag | `{VERSION}` | +| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `extraEnv` | Any extra environment variables you would like to pass on to the pod | `{}` | +| `updateStrategy` | Update strategy policy | `{type: "onDelete"}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -212,6 +215,25 @@ With NetworkPolicy enabled, traffic will be limited to just port 5432. For more precise policy, set `networkPolicy.allowExternal=false`. This will only allow pods with the generated client label to connect to PostgreSQL. This label will be displayed in the output of a successful install. +## Deploy chart using Docker Official PostgreSQL Image + +From chart version 4.0.0, it is possible to use this chart with the Docker Official PostgreSQL image. +Besides specifying the new Docker repository and tag, it is important to modify the PostgreSQL data directory and volume mount point. Basically, the PostgreSQL data dir cannot be the mount point directly, it has to be a subdirectory. + +``` +helm install --name postgres \ + --set image.repository=postgres \ + --set image.tag=10.6 \ + --set postgresqlDataDir=/data/pgdata \ + --set persistence.mountPath=/data/ \ + stable/postgresql +``` + +## Differences between Bitnami PostgreSQL image and [Docker Official](https://hub.docker.com/_/postgres) image + +- The Docker Official PostgreSQL image does not support replication. If you pass any replication environment variable, this would be ignored. The only environment variables supported by the Docker Official image are POSTGRES_USER, POSTGRES_DB, POSTGRES_PASSWORD, POSTGRES_INITDB_ARGS, POSTGRES_INITDB_WALDIR and PGDATA. All the remaining environment variables are specific to the Bitnami PostgreSQL image. +- The Bitnami PostgreSQL image is non-root by default. This requires that you run the pod with `securityContext` and updates the permissions of the volume with an `initContainer`. A key benefit of this configuration is that the pod follows security best practices and is prepared to run on Kubernetes distributions with hard security constraints like OpenShift. + ## Upgrade ### 3.0.0 diff --git a/stable/postgresql/templates/NOTES.txt b/stable/postgresql/templates/NOTES.txt index 41c22104910e..31a4c1762047 100644 --- a/stable/postgresql/templates/NOTES.txt +++ b/stable/postgresql/templates/NOTES.txt @@ -25,11 +25,11 @@ PostgreSQL can be accessed via port 5432 on the following DNS name from within y {{- end }} To get the password for "{{ .Values.postgresqlUsername }}" run: - export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "postgresql.fullname" . }}{{ end }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) + export POSTGRES_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "postgresql.fullname" . }}{{ end }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) To connect to your database run the following command: - kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image bitnami/postgresql --env="PGPASSWORD=$POSTGRESQL_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} + kubectl run {{ template "postgresql.fullname" . }}-client --rm --tty -i --restart='Never' --namespace {{ .Release.Namespace }} --image bitnami/postgresql --env="PGPASSWORD=$POSTGRES_PASSWORD" {{- if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} --labels="{{ template "postgresql.fullname" . }}-client=true" {{- end }} --command -- psql --host {{ template "postgresql.fullname" . }} -U {{ .Values.postgresqlUsername }} {{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml index 057ed664cfa8..b3eb95aeda2a 100644 --- a/stable/postgresql/templates/statefulset-slaves.yaml +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -64,14 +64,14 @@ spec: - -c - | chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /bitnami - if [ -d /bitnami/postgresql/data ]; then - chmod 0700 /bitnami/postgresql/data; + if [ -d {{ .Values.persistence.mountPath }}/data ]; then + chmod 0700 {{ .Values.persistence.mountPath }}/data; fi securityContext: runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} volumeMounts: - name: data - mountPath: /bitnami/postgresql + mountPath: {{ .Values.persistence.mountPath }} {{- end }} containers: - name: {{ template "postgresql.fullname" . }} @@ -86,25 +86,29 @@ spec: - name: NAMI_DEBUG value: "1" {{- end }} - - name: POSTGRESQL_REPLICATION_MODE + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.persistence.mountPath | quote }} + {{- end }} + - name: POSTGRES_REPLICATION_MODE value: "slave" - - name: POSTGRESQL_REPLICATION_USER + - name: POSTGRES_REPLICATION_USER value: {{ .Values.replication.user | quote }} {{- if .Values.usePasswordFile }} - - name: POSTGRESQL_REPLICATION_PASSWORD_FILE + - name: POSTGRES_REPLICATION_PASSWORD_FILE value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" {{- else }} - - name: POSTGRESQL_REPLICATION_PASSWORD + - name: POSTGRES_REPLICATION_PASSWORD valueFrom: secretKeyRef: name: {{ template "postgresql.secretName" . }} key: postgresql-replication-password {{- end }} - - name: POSTGRESQL_CLUSTER_APP_NAME + - name: POSTGRES_CLUSTER_APP_NAME value: {{ .Values.replication.applicationName }} - - name: POSTGRESQL_MASTER_HOST + - name: POSTGRES_MASTER_HOST value: {{ template "postgresql.fullname" . }} - - name: POSTGRESQL_MASTER_PORT_NUMBER + - name: POSTGRES_MASTER_PORT_NUMBER value: {{ .Values.service.port | quote }} ports: - name: postgresql diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index d85826fc9940..80d9c2855164 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -68,14 +68,14 @@ spec: - -c - | chown -R {{ .Values.securityContext.runAsUser }}:{{ .Values.securityContext.fsGroup }} /bitnami - if [ -d /bitnami/postgresql/data ]; then - chmod 0700 /bitnami/postgresql/data; + if [ -d {{ .Values.persistence.mountPath }}/data ]; then + chmod 0700 {{ .Values.persistence.mountPath }}/data; fi securityContext: runAsUser: {{ .Values.volumePermissions.securityContext.runAsUser }} volumeMounts: - name: data - mountPath: /bitnami/postgresql + mountPath: {{ .Values.persistence.mountPath }} {{- end }} containers: - name: {{ template "postgresql.fullname" . }} @@ -90,44 +90,56 @@ spec: - name: NAMI_DEBUG value: "1" {{- end }} + {{- if .Values.postgresqlInitdbArgs }} + - name: POSTGRES_INITDB_ARGS + value: {{ .Values.postgresqlInitdbArgs | quote }} + {{- end }} + {{- if .Values.postgresqlInitdbWalDir }} + - name: POSTGRES_INITDB_WALDIR + value: {{ .Values.postgresqlInitdbWalDir | quote }} + {{- end }} + {{- if .Values.persistence.mountPath }} + - name: PGDATA + value: {{ .Values.postgresqlDataDir | quote }} + {{- end }} {{- if .Values.replication.enabled }} - - name: POSTGRESQL_REPLICATION_MODE + - name: POSTGRES_REPLICATION_MODE value: "master" - - name: POSTGRESQL_REPLICATION_USER + - name: POSTGRES_REPLICATION_USER value: {{ .Values.replication.user | quote }} {{- if .Values.usePasswordFile }} - - name: POSTGRESQL_REPLICATION_PASSWORD_FILE + - name: POSTGRES_REPLICATION_PASSWORD_FILE value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" {{- else }} - - name: POSTGRESQL_REPLICATION_PASSWORD + - name: POSTGRES_REPLICATION_PASSWORD valueFrom: secretKeyRef: name: {{ template "postgresql.secretName" . }} key: postgresql-replication-password {{- end }} {{- if not (eq .Values.replication.synchronousCommit "off")}} - - name: POSTGRESQL_SYNCHRONOUS_COMMIT_MODE + - name: POSTGRES_SYNCHRONOUS_COMMIT_MODE value: {{ .Values.replication.synchronousCommit | quote }} - - name: POSTGRESQL_NUM_SYNCHRONOUS_REPLICAS + - name: POSTGRES_NUM_SYNCHRONOUS_REPLICAS value: {{ .Values.replication.numSynchronousReplicas | quote }} {{- end }} - - name: POSTGRESQL_CLUSTER_APP_NAME + - name: POSTGRES_CLUSTER_APP_NAME value: {{ .Values.replication.applicationName }} {{- end }} - - name: POSTGRESQL_USERNAME + - name: POSTGRES_USER value: {{ .Values.postgresqlUsername | quote }} {{- if .Values.usePasswordFile }} - - name: POSTGRESQL_PASSWORD_FILE + - name: POSTGRES_PASSWORD_FILE value: "/opt/bitnami/postgresql/secrets/postgresql-password" {{- else }} - - name: POSTGRESQL_PASSWORD + - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: name: {{ template "postgresql.secretName" . }} key: postgresql-password {{- end }} {{- if .Values.postgresqlDatabase }} - - name: POSTGRESQL_DATABASE + - name: POSTGRES_DB value: {{ .Values.postgresqlDatabase | quote }} {{- end }} {{- if .Values.extraEnv }} diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index f53542fb3e89..586fafdbae92 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -84,6 +84,21 @@ postgresqlUsername: postgres ## # postgresqlDatabase: +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + ## PostgreSQL password using existing secret ## existingSecret: secret diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index e25704a56a36..a79b9db97aaa 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -90,6 +90,22 @@ postgresqlUsername: postgres ## # postgresqlDatabase: +## PostgreSQL data dir +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +postgresqlDataDir: /bitnami/postgresql + +## Specify extra initdb args +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbArgs: + +## Specify a custom location for the PostgreSQL transaction log +## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md +## +# postgresqlInitdbWalDir: + + ## PostgreSQL configuration ## Specify runtime configuration parameters as a dict, using camelCase, e.g. ## {"sharedBuffers": "500MB"} From 81427a490390c75bdfb40e695b1129ac487bc91b Mon Sep 17 00:00:00 2001 From: Daniel Shackelford Date: Mon, 4 Feb 2019 14:15:22 -0500 Subject: [PATCH 0049/1586] Add source for docker image (#11072) * Add source for docker image The existing sources do not produce an image that works with this chart. From what I can tell, the image was built from the fluentd-es image maintained in the Kubernetes repo. Signed-off-by: Daniel Shackelford * * Bumped chart version Signed-off-by: Daniel Shackelford --- stable/fluentd/Chart.yaml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/stable/fluentd/Chart.yaml b/stable/fluentd/Chart.yaml index a55206c12534..71441cbb4b4d 100644 --- a/stable/fluentd/Chart.yaml +++ b/stable/fluentd/Chart.yaml @@ -2,10 +2,11 @@ apiVersion: v1 description: A Fluentd Elasticsearch Helm chart for Kubernetes. icon: https://raw.githubusercontent.com/fluent/fluentd-docs/master/public/logo/Fluentd_square.png name: fluentd -version: 1.4.0 +version: 1.5.0 appVersion: v2.3.1 home: https://www.fluentd.org/ sources: +- https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/fluentd-elasticsearch/fluentd-es-image - https://quay.io/repository/coreos/fluentd-kubernetes - https://github.com/coreos/fluentd-kubernetes-daemonset - https://www.elastic.co/guide/en/elasticsearch/reference/current/index.html From af153f76bf758c17c9b7da5fa744f5ab4d7653b1 Mon Sep 17 00:00:00 2001 From: Vladimir Date: Mon, 4 Feb 2019 21:42:54 +0200 Subject: [PATCH 0050/1586] Add nodeselector, affinity, podAnnotations for efs-provisioner (#10205) Signed-off-by: Vladimir Syromyatnikov --- stable/efs-provisioner/Chart.yaml | 2 +- stable/efs-provisioner/README.md | 21 +++++++++++++++---- .../efs-provisioner/templates/deployment.yaml | 12 +++++++++++ stable/efs-provisioner/values.yaml | 13 ++++++++++++ 4 files changed, 43 insertions(+), 5 deletions(-) diff --git a/stable/efs-provisioner/Chart.yaml b/stable/efs-provisioner/Chart.yaml index 98d944d334dd..fc52a83b682b 100644 --- a/stable/efs-provisioner/Chart.yaml +++ b/stable/efs-provisioner/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: efs-provisioner description: A Helm chart for the AWS EFS external storage provisioner -version: 0.1.5 +version: 0.2.0 appVersion: v2.1.0-k8s1.11 home: https://github.com/kubernetes-incubator/external-storage/tree/master/aws/efs sources: diff --git a/stable/efs-provisioner/README.md b/stable/efs-provisioner/README.md index 4573e27c5a71..e8e8c9918f39 100644 --- a/stable/efs-provisioner/README.md +++ b/stable/efs-provisioner/README.md @@ -1,11 +1,11 @@ # Helm chart for 'efs-provisioner' -The Kubernetes project provides an AWS [EFS provisioner](https://github.com/kubernetes-incubator/external-storage/tree/master/aws/efs) +The Kubernetes project provides an AWS [EFS provisioner](https://github.com/kubernetes-incubator/external-storage/tree/master/aws/efs) that is used to fulfill PersistentVolumeClaims with EFS PersistentVolumes. -"The efs-provisioner allows you to mount EFS storage as PersistentVolumes in kubernetes. -It consists of a container that has access to an AWS EFS resource. The container reads -a configmap which contains the EFS filesystem ID, the AWS region and the name you want +"The efs-provisioner allows you to mount EFS storage as PersistentVolumes in kubernetes. +It consists of a container that has access to an AWS EFS resource. The container reads +a configmap which contains the EFS filesystem ID, the AWS region and the name you want to use for your efs-provisioner. This name will be used later when you create a storage class." This chart deploys the EFS Provisioner and a StorageClass for EFS volumes (optionally as the default). @@ -96,6 +96,19 @@ rbac: create: true serviceAccountName: "" +## Annotations to be added to deployment +## +podAnnotations: {} + # iam.amazonaws.com/role: efs-provisioner-role + +## Node labels for pod assignment +## +nodeSelector: {} + +# Affinity for pod assignment +# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinity: {} + ## Configure resources ## resources: {} diff --git a/stable/efs-provisioner/templates/deployment.yaml b/stable/efs-provisioner/templates/deployment.yaml index acccd0e977e7..668d91b7cb83 100644 --- a/stable/efs-provisioner/templates/deployment.yaml +++ b/stable/efs-provisioner/templates/deployment.yaml @@ -32,6 +32,10 @@ spec: type: Recreate template: metadata: + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8}} + {{- end }} labels: app: {{ template "efs-provisioner.name" . }} release: "{{ .Release.Name }}" @@ -73,3 +77,11 @@ spec: server: {{ .Values.efsProvisioner.efsFileSystemId }}.efs.{{ .Values.efsProvisioner.awsRegion }}.amazonaws.com path: / {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} diff --git a/stable/efs-provisioner/values.yaml b/stable/efs-provisioner/values.yaml index fb0891fc86a8..394a9195bd1e 100644 --- a/stable/efs-provisioner/values.yaml +++ b/stable/efs-provisioner/values.yaml @@ -54,6 +54,19 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" +## Annotations to be added to deployment +## +podAnnotations: {} + # iam.amazonaws.com/role: efs-provisioner-role + +## Node labels for pod assignment +## +nodeSelector: {} + +# Affinity for pod assignment +# Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity +affinity: {} + ## Configure resources ## resources: {} From 27b0c3ae9f644dbe0cce05c7c72a79db31f90dd9 Mon Sep 17 00:00:00 2001 From: Maxime Guyot Date: Mon, 4 Feb 2019 20:59:46 +0100 Subject: [PATCH 0051/1586] [stable/oauth2-proxy] Switch to pusher/oauth2_proxy (#10740) Signed-off-by: Maxime Guyot --- stable/oauth2-proxy/Chart.yaml | 14 +++++++------- stable/oauth2-proxy/OWNERS | 4 ++++ stable/oauth2-proxy/README.md | 8 +++----- stable/oauth2-proxy/templates/NOTES.txt | 4 +++- stable/oauth2-proxy/values.yaml | 4 ++-- 5 files changed, 19 insertions(+), 15 deletions(-) create mode 100644 stable/oauth2-proxy/OWNERS diff --git a/stable/oauth2-proxy/Chart.yaml b/stable/oauth2-proxy/Chart.yaml index 504432e39c5d..2d0549e58c06 100644 --- a/stable/oauth2-proxy/Chart.yaml +++ b/stable/oauth2-proxy/Chart.yaml @@ -1,12 +1,9 @@ name: oauth2-proxy -version: 0.6.0 -# This chart is deprecated and no longer maintained as it's upstream has been abandoned. -# For details deprecation, including how to un-deprecate a chart see the PROCESSES.md file. -deprecated: true +version: 0.7.0 apiVersion: v1 -appVersion: 2.2 +appVersion: 3.0.0 home: http://www.videntity.com/ -description: DEPRECATED A reverse proxy that provides authentication with Google, Github or other providers +description: A reverse proxy that provides authentication with Google, Github or other providers keywords: - kubernetes - oauth @@ -14,6 +11,9 @@ keywords: - authentication - google - github +maintainers: + - name: miouge1 + email: maxime@root314.com sources: -- https://github.com/bitly/oauth2_proxy +- https://github.com/pusher/oauth2_proxy engine: gotpl diff --git a/stable/oauth2-proxy/OWNERS b/stable/oauth2-proxy/OWNERS new file mode 100644 index 000000000000..48b09f34c54a --- /dev/null +++ b/stable/oauth2-proxy/OWNERS @@ -0,0 +1,4 @@ +approvers: +- miouge1 +reviewers: +- miouge1 diff --git a/stable/oauth2-proxy/README.md b/stable/oauth2-proxy/README.md index 092a0c846e0a..3c70a2aa60e9 100644 --- a/stable/oauth2-proxy/README.md +++ b/stable/oauth2-proxy/README.md @@ -1,8 +1,6 @@ # oauth2-proxy -**N.B., this chart is deprecated and is no longer maintained as it's upstream [has been abandoned](https://github.com/bitly/oauth2_proxy/issues/628#issuecomment-417121636).** - -[oauth2-proxy](https://github.com/bitly/oauth2_proxy) is a reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. +[oauth2-proxy](https://github.com/pusher/oauth2_proxy) is a reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. **Note - at this time, there is a known incompatibility between `oauth2-proxy` version 2.2 (which is its latest release) and `nginx-ingress` versions >= 0.9beta12. To utilize this chart at this time please use nginx-ingress version 0.9beta11** @@ -45,11 +43,11 @@ Parameter | Description | Default `affinity` | node/pod affinities | None `authenticatedEmailsFile.enabled` | Enables authorize individual email addresses | `false` `authenticatedEmailsFile.template` | Name of the configmap what is handled outside of that chart | `""` -`authenticatedEmailsFile.restricted_access | (email addresses)[https://github.com/bitly/oauth2_proxy#email-authentication] list config | `""` +`authenticatedEmailsFile.restricted_access | (email addresses)[https://github.com/pusher/oauth2_proxy#email-authentication] list config | `""` `config.clientID` | oauth client ID | `""` `config.clientSecret` | oauth client secret | `""` `config.cookieSecret` | server specific cookie for the secret; create a new one with `python -c 'import os,base64; print base64.b64encode(os.urandom(16))'` | `""` -`config.configFile` | custom [oauth2_proxy.cfg](https://github.com/bitly/oauth2_proxy/blob/master/contrib/oauth2_proxy.cfg.example) contents for settings not overridable via environment nor command line | `""` +`config.configFile` | custom [oauth2_proxy.cfg](https://github.com/pusher/oauth2_proxy/blob/master/contrib/oauth2_proxy.cfg.example) contents for settings not overridable via environment nor command line | `""` `extraArgs` | key:value list of extra arguments to give the binary | `{}` `image.pullPolicy` | Image pull policy | `IfNotPresent` `image.repository` | Image repository | `a5huynh/oauth2_proxy` diff --git a/stable/oauth2-proxy/templates/NOTES.txt b/stable/oauth2-proxy/templates/NOTES.txt index abca7aa5d997..10d2de847d4a 100644 --- a/stable/oauth2-proxy/templates/NOTES.txt +++ b/stable/oauth2-proxy/templates/NOTES.txt @@ -1 +1,3 @@ -Note this chart is deprecated and is no longer maintained because upstream was abandoned. +To verify that oauth2-proxy has started, run: + + kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "oauth2-proxy.fullname" . }}" diff --git a/stable/oauth2-proxy/values.yaml b/stable/oauth2-proxy/values.yaml index 57c2af995e07..57c57635cd3a 100644 --- a/stable/oauth2-proxy/values.yaml +++ b/stable/oauth2-proxy/values.yaml @@ -14,8 +14,8 @@ config: configFile: "" image: - repository: "a5huynh/oauth2_proxy" - tag: "2.2" + repository: "quay.io/pusher/oauth2_proxy" + tag: "v3.0.0" pullPolicy: "IfNotPresent" # Optionally specify an array of imagePullSecrets. From 6dd1f2408d74aca4cefb75966687367096cde1a1 Mon Sep 17 00:00:00 2001 From: Naseem Date: Mon, 4 Feb 2019 15:07:30 -0500 Subject: [PATCH 0052/1586] Allow overriding of parser for tail input (#10906) * Allow overriding of parser for tail input Signed-off-by: Naseem Ullah * Update minor version Signed-off-by: Naseem Ullah --- stable/fluent-bit/Chart.yaml | 2 +- stable/fluent-bit/README.md | 3 ++- stable/fluent-bit/templates/config.yaml | 2 +- stable/fluent-bit/values.yaml | 1 + 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/stable/fluent-bit/Chart.yaml b/stable/fluent-bit/Chart.yaml index 5a5263a8d5b4..e3352eb8309b 100755 --- a/stable/fluent-bit/Chart.yaml +++ b/stable/fluent-bit/Chart.yaml @@ -1,5 +1,5 @@ name: fluent-bit -version: 1.5.2 +version: 1.6.0 appVersion: 1.0.4 description: Fast and Lightweight Log/Data Forwarder for Linux, BSD and OSX keywords: diff --git a/stable/fluent-bit/README.md b/stable/fluent-bit/README.md index 96003d37eb5b..a76d75d1b0c4 100644 --- a/stable/fluent-bit/README.md +++ b/stable/fluent-bit/README.md @@ -99,9 +99,10 @@ The following table lists the configurable parameters of the Fluent-Bit chart an | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `nil` | | `input.tail.memBufLimit` | Specify Mem_Buf_Limit in tail input | `5MB` | +| `input.tail.parser` | Specify Parser in tail input. | `docker` | | `input.tail.path` | Specify log file(s) through the use of common wildcards. | `/var/log/containers/*.log` | | `input.systemd.enabled` | [Enable systemd input](https://fluentbit.io/documentation/current/input/systemd.html) | `false` | -| `input.systemd.filters.systemdUnit | Please see https://fluentbit.io/documentation/current/input/systemd.html | `[docker.service, kubelet.service`, `node-problem-detector.service]` | +| `input.systemd.filters.systemdUnit` | Please see https://fluentbit.io/documentation/current/input/systemd.html | `[docker.service, kubelet.service`, `node-problem-detector.service]` | | `input.systemd.maxEntries` | Please see https://fluentbit.io/documentation/current/input/systemd.html | `1000` | | `input.systemd.readFromTail` | Please see https://fluentbit.io/documentation/current/input/systemd.html | `true`| | `input.systemd.tag` | Please see https://fluentbit.io/documentation/current/input/systemd.html | `host.*`| diff --git a/stable/fluent-bit/templates/config.yaml b/stable/fluent-bit/templates/config.yaml index 64ca48b1774e..ef5f8055d5ad 100644 --- a/stable/fluent-bit/templates/config.yaml +++ b/stable/fluent-bit/templates/config.yaml @@ -28,7 +28,7 @@ data: [INPUT] Name tail Path {{ .Values.input.tail.path }} - Parser docker + Parser {{ .Values.input.tail.parser }} Tag {{ .Values.filter.kubeTag }}.* Refresh_Interval 5 Mem_Buf_Limit {{ .Values.input.tail.memBufLimit }} diff --git a/stable/fluent-bit/values.yaml b/stable/fluent-bit/values.yaml index 33f92f12c20d..dfda08dd7570 100644 --- a/stable/fluent-bit/values.yaml +++ b/stable/fluent-bit/values.yaml @@ -181,6 +181,7 @@ affinity: {} input: tail: memBufLimit: 5MB + parser: docker path: /var/log/containers/*.log systemd: enabled: false From d3bd042ace6fb53b9f0066e1af0a49aff3e6067b Mon Sep 17 00:00:00 2001 From: ahmadali shafiee Date: Mon, 4 Feb 2019 23:56:19 +0330 Subject: [PATCH 0053/1586] [stable/metabase] release 0.31.2 (#10780) * [stable/metabase] release 0.31.2 Signed-off-by: ahmadali shafiee * update readme Signed-off-by: ahmadali shafiee --- stable/metabase/Chart.yaml | 4 ++-- stable/metabase/README.md | 2 +- stable/metabase/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/metabase/Chart.yaml b/stable/metabase/Chart.yaml index 6ee24d86c755..6e64a2a30d5d 100644 --- a/stable/metabase/Chart.yaml +++ b/stable/metabase/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v1 description: The easy, open source way for everyone in your company to ask questions and learn from data. name: metabase -version: 0.4.4 -appVersion: v0.30.1 +version: 0.4.5 +appVersion: v0.31.2 maintainers: - name: pmint93 email: phamminhthanh69@gmail.com diff --git a/stable/metabase/README.md b/stable/metabase/README.md index efabfec95553..c7914f36f8f1 100644 --- a/stable/metabase/README.md +++ b/stable/metabase/README.md @@ -46,7 +46,7 @@ The following table lists the configurable parameters of the Metabase chart and |------------------------|------------------------------------------------------------|-------------------| | replicaCount | desired number of controller pods | 1 | | image.repository | controller container image repository | metabase/metabase | -| image.tag | controller container image tag | v0.30.1 | +| image.tag | controller container image tag | v0.31.2 | | image.pullPolicy | controller container image pull policy | IfNotPresent | | listen.host | Listening on a specific network host | 0.0.0.0 | | listen.port | Listening on a specific network port | 3000 | diff --git a/stable/metabase/values.yaml b/stable/metabase/values.yaml index 9fec98a11f57..1960a8d5ba71 100644 --- a/stable/metabase/values.yaml +++ b/stable/metabase/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: repository: metabase/metabase - tag: v0.30.1 + tag: v0.31.2 pullPolicy: IfNotPresent # Config Jetty web server From 4564a083978b4ad50f45c6267bb0c0ede3bd37cf Mon Sep 17 00:00:00 2001 From: Peter Bos Date: Mon, 4 Feb 2019 21:39:54 +0100 Subject: [PATCH 0054/1586] [stable_nginx-ingress] healthz endpoint as hostport (#10612) Signed-off-by: peter.bos Signed-off-by: peter bos --- stable/nginx-ingress/Chart.yaml | 2 +- stable/nginx-ingress/README.md | 1 + stable/nginx-ingress/templates/controller-daemonset.yaml | 3 +++ stable/nginx-ingress/values.yaml | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index 8eda402b4388..871e012967b8 100644 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,5 +1,5 @@ name: nginx-ingress -version: 1.2.3 +version: 1.3.0 appVersion: 0.22.0 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. diff --git a/stable/nginx-ingress/README.md b/stable/nginx-ingress/README.md index f7c763b57270..11be03a69263 100644 --- a/stable/nginx-ingress/README.md +++ b/stable/nginx-ingress/README.md @@ -68,6 +68,7 @@ Parameter | Description | Default `controller.daemonset.useHostPort` | If `controller.kind` is `DaemonSet`, this will enable `hostPort` for TCP/80 and TCP/443 | false `controller.daemonset.hostPorts.http` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"80"` `controller.daemonset.hostPorts.https` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"443"` +`controller.daemonset.hostPorts.stats` | If `controller.daemonset.useHostPort` is `true` and this is non-empty, it sets the hostPort | `"18080"` `controller.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` `controller.affinity` | node/pod affinities (requires Kubernetes >=1.6) | `{}` `controller.minReadySeconds` | how many seconds a pod needs to be ready before killing the next, during update | `0` diff --git a/stable/nginx-ingress/templates/controller-daemonset.yaml b/stable/nginx-ingress/templates/controller-daemonset.yaml index f4c0223f0a51..a05062edf8bd 100644 --- a/stable/nginx-ingress/templates/controller-daemonset.yaml +++ b/stable/nginx-ingress/templates/controller-daemonset.yaml @@ -125,6 +125,9 @@ spec: - name: stats containerPort: 18080 protocol: TCP + {{- if .Values.controller.daemonset.useHostPort }} + hostPort: {{ .Values.controller.daemonset.hostPorts.stats }} + {{- end }} {{- if .Values.controller.metrics.enabled }} - name: metrics containerPort: 10254 diff --git a/stable/nginx-ingress/values.yaml b/stable/nginx-ingress/values.yaml index 0886b0688163..90da17387f9c 100644 --- a/stable/nginx-ingress/values.yaml +++ b/stable/nginx-ingress/values.yaml @@ -31,6 +31,8 @@ controller: hostPorts: http: 80 https: 443 + ## healthz endpoint + stats: 18080 ## Required only if defaultBackend.enabled = false ## Must be / From 23e148cea7a81512d4a6e4ef04442717230e7f61 Mon Sep 17 00:00:00 2001 From: Michele Cantelli Date: Tue, 5 Feb 2019 00:09:18 +0100 Subject: [PATCH 0055/1586] [stable/seq] Fixing data volume mounting (#9728) * Fixing data volume mounting Signed-off-by: Michele Cantelli * Fixing volumeMounts section Signed-off-by: Michele Cantelli --- stable/seq/Chart.yaml | 2 +- stable/seq/templates/deployment.yaml | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stable/seq/Chart.yaml b/stable/seq/Chart.yaml index a95fd2ef772c..cd83f73a23bc 100644 --- a/stable/seq/Chart.yaml +++ b/stable/seq/Chart.yaml @@ -1,5 +1,5 @@ name: seq -version: 0.1.1 +version: 0.1.2 appVersion: 5.0.832-pre description: Seq is the easiest way for development teams to capture, search and visualize structured log events! This page will walk you through the very quick setup process. keywords: diff --git a/stable/seq/templates/deployment.yaml b/stable/seq/templates/deployment.yaml index 45e5b7c2e7e4..df67bc963936 100644 --- a/stable/seq/templates/deployment.yaml +++ b/stable/seq/templates/deployment.yaml @@ -1,4 +1,4 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "seq.fullname" . }} @@ -40,13 +40,13 @@ spec: httpGet: path: / port: ui + volumeMounts: + - name: seq-data + mountPath: {{ .Values.persistence.path }} + subPath: {{ .Values.persistence.subPath }} resources: {{ toYaml .Values.resources | indent 12 }} {{- with .Values.nodeSelector }} - volumeMounts: - - name: seq-data - mountPath: {{ .Values.persistence.path }} - subPath: {{ .Values.persistence.subPath }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} @@ -58,7 +58,7 @@ spec: tolerations: {{ toYaml . | indent 8 }} {{- end }} - volumes: + volumes: - name: seq-data {{- if .Values.persistence.enabled }} persistentVolumeClaim: From 471f21f11f9006c3a0c3df55704a4751d519d5bb Mon Sep 17 00:00:00 2001 From: Nik Voss Date: Tue, 5 Feb 2019 12:48:49 +0100 Subject: [PATCH 0056/1586] [stable/elasticsearch] Add ability to disable sysctl init container. (#11122) * Add ability to disable sysctl init container. Signed-off-by: Niklas Voss * Bumped elasticsearch chart version. Signed-off-by: Niklas Voss * Add sysctlInitContainer.enabled value to README.md Signed-off-by: Niklas Voss * Bump minor version. Signed-off-by: Niklas Voss * Improve sysctlInitContainer.enabled description. Signed-off-by: Niklas Voss --- stable/elasticsearch/Chart.yaml | 2 +- stable/elasticsearch/README.md | 1 + stable/elasticsearch/templates/client-deployment.yaml | 4 ++++ stable/elasticsearch/templates/data-statefulset.yaml | 2 ++ stable/elasticsearch/templates/master-statefulset.yaml | 2 ++ stable/elasticsearch/values.yaml | 5 +++++ 6 files changed, 15 insertions(+), 1 deletion(-) diff --git a/stable/elasticsearch/Chart.yaml b/stable/elasticsearch/Chart.yaml index b692ddbc05d6..3cca7692467e 100755 --- a/stable/elasticsearch/Chart.yaml +++ b/stable/elasticsearch/Chart.yaml @@ -1,6 +1,6 @@ name: elasticsearch home: https://www.elastic.co/products/elasticsearch -version: 1.18.1 +version: 1.19.0 appVersion: 6.6.0 description: Flexible and powerful open source, distributed real-time search and analytics engine. diff --git a/stable/elasticsearch/README.md b/stable/elasticsearch/README.md index 5fd040f6ecd0..40d093dfafc6 100644 --- a/stable/elasticsearch/README.md +++ b/stable/elasticsearch/README.md @@ -137,6 +137,7 @@ The following table lists the configurable parameters of the elasticsearch chart | `data.antiAffinity` | Data anti-affinity policy | `soft` | | `data.nodeAffinity` | Data node affinity policy | `{}` | | `data.updateStrategy` | Data node update strategy policy | `{type: "onDelete"}` | +| `sysctlInitContainer.enabled` | If true, the sysctl init container is enabled (does not stop extraInitContainers from running) | `true` | | `extraInitContainers` | Additional init container passed through the tpl | `` | | `podSecurityPolicy.annotations` | Specify pod annotations in the pod security policy | `{}` | | `podSecurityPolicy.enabled` | Specify if a pod security policy must be created | `false` | diff --git a/stable/elasticsearch/templates/client-deployment.yaml b/stable/elasticsearch/templates/client-deployment.yaml index 5f295694ee01..9c52279a356f 100644 --- a/stable/elasticsearch/templates/client-deployment.yaml +++ b/stable/elasticsearch/templates/client-deployment.yaml @@ -63,7 +63,9 @@ spec: tolerations: {{ toYaml .Values.client.tolerations | indent 8 }} {{- end }} +{{- if or .Values.extraInitContainers .Values.sysctlInitContainer.enabled }} initContainers: +{{- if .Values.enableSysctlInitContainer }} # see https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html # and https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration-memory.html#mlockall - name: "sysctl" @@ -74,8 +76,10 @@ spec: command: ["sysctl", "-w", "vm.max_map_count=262144"] securityContext: privileged: true +{{- end }} {{- if .Values.extraInitContainers }} {{ tpl .Values.extraInitContainers . | indent 6 }} +{{- end }} {{- end }} containers: - name: elasticsearch diff --git a/stable/elasticsearch/templates/data-statefulset.yaml b/stable/elasticsearch/templates/data-statefulset.yaml index 94dd00ab9ea0..c8ad366f5426 100644 --- a/stable/elasticsearch/templates/data-statefulset.yaml +++ b/stable/elasticsearch/templates/data-statefulset.yaml @@ -66,6 +66,7 @@ spec: {{ toYaml .Values.data.tolerations | indent 8 }} {{- end }} initContainers: +{{- if .Values.sysctlInitContainer.enabled }} # see https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html # and https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration-memory.html#mlockall - name: "sysctl" @@ -76,6 +77,7 @@ spec: command: ["sysctl", "-w", "vm.max_map_count=262144"] securityContext: privileged: true +{{- end }} - name: "chown" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} diff --git a/stable/elasticsearch/templates/master-statefulset.yaml b/stable/elasticsearch/templates/master-statefulset.yaml index 00ee76243161..1d43adad8958 100644 --- a/stable/elasticsearch/templates/master-statefulset.yaml +++ b/stable/elasticsearch/templates/master-statefulset.yaml @@ -66,6 +66,7 @@ spec: {{ toYaml .Values.master.tolerations | indent 8 }} {{- end }} initContainers: +{{- if .Values.sysctlInitContainer.enabled }} # see https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html # and https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration-memory.html#mlockall - name: "sysctl" @@ -76,6 +77,7 @@ spec: command: ["sysctl", "-w", "vm.max_map_count=262144"] securityContext: privileged: true +{{- end }} - name: "chown" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} diff --git a/stable/elasticsearch/values.yaml b/stable/elasticsearch/values.yaml index 1e5618767d90..8c8f12ed337e 100644 --- a/stable/elasticsearch/values.yaml +++ b/stable/elasticsearch/values.yaml @@ -209,5 +209,10 @@ data: drain: # drain the node before stopping it and re-integrate it into the cluster after start enabled: true +## Sysctl init container to setup vm.max_map_count +# see https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html +# and https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration-memory.html#mlockall +sysctlInitContainer: + enabled: true ## Additional init containers extraInitContainers: | From 55f2637ad79ca8b904881903961998cf84a6ff07 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 5 Feb 2019 14:37:52 +0100 Subject: [PATCH 0057/1586] [stable/redis] Make volumePermissions init container optional (#11029) * [stable/redis] Make volumePermissions init container optional Signed-off-by: Javier J. Salmeron Garcia * Bump chart to major version Signed-off-by: Javier J. Salmeron Garcia * Update readme for upgrading Signed-off-by: Javier J. Salmeron Garcia --- stable/redis/Chart.yaml | 2 +- stable/redis/README.md | 7 +++++++ stable/redis/templates/redis-master-statefulset.yaml | 2 +- stable/redis/values-production.yaml | 1 + stable/redis/values.yaml | 1 + 5 files changed, 11 insertions(+), 2 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index eb1657b94d6a..7a0801888a4e 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,5 +1,5 @@ name: redis -version: 5.5.0 +version: 6.0.0 appVersion: 4.0.12 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/README.md b/stable/redis/README.md index bbb662c16127..7290f48e57b2 100644 --- a/stable/redis/README.md +++ b/stable/redis/README.md @@ -167,6 +167,7 @@ The following table lists the configurable parameters of the Redis chart and the | `master.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (redis master pod) | `1` | | `master.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `5` | | `master.priorityClassName` | Redis Master pod priorityClassName | {} | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the registry (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | | `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | | `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | | `volumePermissions.image.tag` | Init container volume-permissions image tag | `latest` | @@ -276,3 +277,9 @@ sysctlImage: sysctl -w net.core.somaxconn=10000 echo never > /host-sys/kernel/mm/transparent_hugepage/enabled ``` + +## Upgrade + +## To 6.0.0 + +Previous versions of the chart were using an init-container to change the permissions of the volumes. This was done in case the `securityContext` directive in the template was not enough for that (for example, with cephFS). In this new version of the chart, this container is disabled by default (which should not affect most of the deployments). If your installation still requires that init container, execute `helm upgrade` with the `--set volumePermissions.enabled=true`. diff --git a/stable/redis/templates/redis-master-statefulset.yaml b/stable/redis/templates/redis-master-statefulset.yaml index af1cf571d95f..d2089e428461 100644 --- a/stable/redis/templates/redis-master-statefulset.yaml +++ b/stable/redis/templates/redis-master-statefulset.yaml @@ -152,7 +152,7 @@ spec: - name: config mountPath: /opt/bitnami/redis/etc {{- end }} - {{- $needsVolumePermissions := and ( and .Values.master.persistence.enabled (not .Values.persistence.existingClaim) ) .Values.master.securityContext.enabled }} + {{- $needsVolumePermissions := and .Values.volumePermissions.enabled (and ( and .Values.master.persistence.enabled (not .Values.persistence.existingClaim) ) .Values.master.securityContext.enabled) }} {{- if or $needsVolumePermissions .Values.sysctlImage.enabled }} initContainers: {{- if $needsVolumePermissions }} diff --git a/stable/redis/values-production.yaml b/stable/redis/values-production.yaml index 09d83bcd08f7..30e87804be09 100644 --- a/stable/redis/values-production.yaml +++ b/stable/redis/values-production.yaml @@ -364,6 +364,7 @@ metrics: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup ## volumePermissions: + enabled: false image: registry: docker.io repository: bitnami/minideb diff --git a/stable/redis/values.yaml b/stable/redis/values.yaml index adcb31daba6b..c6dedfba8fb2 100644 --- a/stable/redis/values.yaml +++ b/stable/redis/values.yaml @@ -365,6 +365,7 @@ metrics: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup ## volumePermissions: + enabled: false image: registry: docker.io repository: bitnami/minideb From 5b98227445dfcca055b8d2d6e089c64f69e94d8d Mon Sep 17 00:00:00 2001 From: Andy Snowden Date: Tue, 5 Feb 2019 13:59:42 -0500 Subject: [PATCH 0058/1586] Bump memcached version, add tolerations and affinity support (#11134) Signed-off-by: Andy Snowden --- stable/memcached/Chart.yaml | 4 ++-- stable/memcached/README.md | 3 +++ stable/memcached/templates/statefulset.yaml | 8 ++++++++ stable/memcached/values.yaml | 11 ++++++++++- 4 files changed, 23 insertions(+), 3 deletions(-) diff --git a/stable/memcached/Chart.yaml b/stable/memcached/Chart.yaml index 90e5ffc2e947..a9409889e469 100644 --- a/stable/memcached/Chart.yaml +++ b/stable/memcached/Chart.yaml @@ -1,6 +1,6 @@ name: memcached -version: 2.5.0 -appVersion: 1.5.6 +version: 2.6.0 +appVersion: 1.5.12 description: Free & open source, high-performance, distributed memory object caching system. keywords: diff --git a/stable/memcached/README.md b/stable/memcached/README.md index 7b9ec3468843..ee87509a4d1c 100644 --- a/stable/memcached/README.md +++ b/stable/memcached/README.md @@ -54,6 +54,9 @@ The following table lists the configurable parameters of the Memcached chart and | `extraVolumes` | Volume definitions to add as string | Un-set | | `kind` | Install as StatefulSet or Deployment | StatefulSet | | `podAnnotations` | Map of annotations to add to the pod(s) | `{}` | +| `nodeSelector` | Simple pod scheduling control | `{}` | +| `tolerations` | Allow or deny specific node taints | `{}` | +| `affinity` | Advanced pod scheduling control | `{}` | The above parameters map to `memcached` params. For more information please refer to the [Memcached documentation](https://github.com/memcached/memcached/wiki/ConfiguringServer). diff --git a/stable/memcached/templates/statefulset.yaml b/stable/memcached/templates/statefulset.yaml index 007c71fb2673..4b79fda728a3 100644 --- a/stable/memcached/templates/statefulset.yaml +++ b/stable/memcached/templates/statefulset.yaml @@ -91,3 +91,11 @@ spec: nodeSelector: {{ toYaml . | trim | indent 8}} {{- end }} +{{- with .Values.tolerations }} + tolerations: +{{ toYaml . | trim | indent 8}} +{{- end }} +{{- with .Values.affinity }} + affinity: +{{ toYaml . | trim | indent 8}} +{{- end }} \ No newline at end of file diff --git a/stable/memcached/values.yaml b/stable/memcached/values.yaml index a2c332679d70..c617f2e7d71d 100644 --- a/stable/memcached/values.yaml +++ b/stable/memcached/values.yaml @@ -1,7 +1,7 @@ ## Memcached image and tag ## ref: https://hub.docker.com/r/library/memcached/tags/ ## -image: memcached:1.5.6-alpine +image: memcached:1.5.12-alpine ## Specify a imagePullPolicy ## 'Always' if imageTag is 'latest', else set to 'IfNotPresent' @@ -44,8 +44,17 @@ resources: memory: 64Mi cpu: 50m +## Key:value pair for assigning pod to specific sets of nodes +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ nodeSelector: {} +## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ +tolerations: {} + +## Advanced scheduling controls +## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ +affinity: {} + metrics: ## Expose memcached metrics in Prometheus format enabled: false From b1d682047f56b0aef2deeeb381ae8bf702a83099 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 5 Feb 2019 22:41:15 +0100 Subject: [PATCH 0059/1586] ghost: update to `2.13.2` (#11169) Signed-off-by: Bitnami Containers --- stable/ghost/Chart.yaml | 4 ++-- stable/ghost/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index cb629baa23cd..1be252ad7985 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,6 +1,6 @@ name: ghost -version: 6.3.6 -appVersion: 2.13.1 +version: 6.3.7 +appVersion: 2.13.2 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: - ghost diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index da0eedfde3f9..985e354b5181 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/ghost - tag: 2.13.1 + tag: 2.13.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 410d69c810b6dc9f3f31291a65818808834510af Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 5 Feb 2019 22:53:33 +0100 Subject: [PATCH 0060/1586] mongodb: update to `4.0.6` (#11148) Signed-off-by: Bitnami Containers --- stable/mongodb/Chart.yaml | 4 ++-- stable/mongodb/values-production.yaml | 2 +- stable/mongodb/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index d66cbc239804..f762d1cdbcc7 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,6 +1,6 @@ name: mongodb -version: 5.3.1 -appVersion: 4.0.5 +version: 5.3.2 +appVersion: 4.0.6 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: - mongodb diff --git a/stable/mongodb/values-production.yaml b/stable/mongodb/values-production.yaml index 051b3bf2d032..5e357d9f6eac 100644 --- a/stable/mongodb/values-production.yaml +++ b/stable/mongodb/values-production.yaml @@ -14,7 +14,7 @@ image: ## Bitnami MongoDB image tag ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ ## - tag: 4.0.5 + tag: 4.0.6 ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/stable/mongodb/values.yaml b/stable/mongodb/values.yaml index 822230053160..d24a6527a1f7 100644 --- a/stable/mongodb/values.yaml +++ b/stable/mongodb/values.yaml @@ -14,7 +14,7 @@ image: ## Bitnami MongoDB image tag ## ref: https://hub.docker.com/r/bitnami/mongodb/tags/ ## - tag: 4.0.5 + tag: 4.0.6 ## Specify a imagePullPolicy ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 26198b17da2b6ac6c9ab1dfbd4a04bf259bfc6ab Mon Sep 17 00:00:00 2001 From: andyrhee Date: Tue, 5 Feb 2019 14:07:34 -0800 Subject: [PATCH 0061/1586] Add missing port-forward example for spin-gate in the NOTES.txt (#11141) Signed-off-by: Andy Rhee --- stable/spinnaker/Chart.yaml | 2 +- stable/spinnaker/templates/NOTES.txt | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/stable/spinnaker/Chart.yaml b/stable/spinnaker/Chart.yaml index 87dc63be745f..a75b4c0894bd 100644 --- a/stable/spinnaker/Chart.yaml +++ b/stable/spinnaker/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence. name: spinnaker -version: 1.6.0 +version: 1.6.1 appVersion: 1.11.6 home: http://spinnaker.io/ sources: diff --git a/stable/spinnaker/templates/NOTES.txt b/stable/spinnaker/templates/NOTES.txt index fdf24a4d340c..8df7663dd7b0 100644 --- a/stable/spinnaker/templates/NOTES.txt +++ b/stable/spinnaker/templates/NOTES.txt @@ -2,6 +2,9 @@ export DECK_POD=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "cluster=spin-deck" -o jsonpath="{.items[0].metadata.name}") kubectl port-forward --namespace {{ .Release.Namespace }} $DECK_POD 9000 + export GATE_POD=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "cluster=spin-gate" -o jsonpath="{.items[0].metadata.name}") + kubectl port-forward --namespace {{ .Release.Namespace }} $GATE_POD 8084 + 2. Visit the Spinnaker UI by opening your browser to: http://127.0.0.1:9000 To customize your Spinnaker installation. Create a shell in your Halyard pod: From ba56f29ed9c35a27329068813e814dec1452df5d Mon Sep 17 00:00:00 2001 From: Yurii Rochniak Date: Wed, 6 Feb 2019 00:15:13 +0200 Subject: [PATCH 0062/1586] [stable/oauth2-proxy] Allow defining a custom secret (#11165) * [stable/oauth2-proxy] Allow defining a custom secret Signed-off-by: Yurii Rochniak * Bump Chart version & update README Signed-off-by: Yurii Rochniak * [stable/oauth2-proxy] Fix variable scope Signed-off-by: Yurii Rochniak * Adjust default value in README Signed-off-by: Yurii Rochniak --- stable/oauth2-proxy/Chart.yaml | 2 +- stable/oauth2-proxy/README.md | 3 ++- stable/oauth2-proxy/templates/_helpers.tpl | 11 +++++++++++ stable/oauth2-proxy/templates/deployment.yaml | 6 +++--- stable/oauth2-proxy/templates/secret.yaml | 2 ++ stable/oauth2-proxy/values.yaml | 3 +++ 6 files changed, 22 insertions(+), 5 deletions(-) diff --git a/stable/oauth2-proxy/Chart.yaml b/stable/oauth2-proxy/Chart.yaml index 2d0549e58c06..f3eb1bf082a2 100644 --- a/stable/oauth2-proxy/Chart.yaml +++ b/stable/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 0.7.0 +version: 0.8.0 apiVersion: v1 appVersion: 3.0.0 home: http://www.videntity.com/ diff --git a/stable/oauth2-proxy/README.md b/stable/oauth2-proxy/README.md index 3c70a2aa60e9..7af5970cc13a 100644 --- a/stable/oauth2-proxy/README.md +++ b/stable/oauth2-proxy/README.md @@ -48,6 +48,7 @@ Parameter | Description | Default `config.clientSecret` | oauth client secret | `""` `config.cookieSecret` | server specific cookie for the secret; create a new one with `python -c 'import os,base64; print base64.b64encode(os.urandom(16))'` | `""` `config.configFile` | custom [oauth2_proxy.cfg](https://github.com/pusher/oauth2_proxy/blob/master/contrib/oauth2_proxy.cfg.example) contents for settings not overridable via environment nor command line | `""` +`config.existingSecret` | existing Kubernetes secret to use for OAuth2 credentials. See [secret template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/secret.yaml) for the required values | `nil` `extraArgs` | key:value list of extra arguments to give the binary | `{}` `image.pullPolicy` | Image pull policy | `IfNotPresent` `image.repository` | Image repository | `a5huynh/oauth2_proxy` @@ -59,7 +60,7 @@ Parameter | Description | Default `podLabels` | additional labesl to add to each pod | `{}` `replicaCount` | desired number of pods | `1` `resources` | pod resource requests & limits | `{}` -`priorityClassName` | priorityClassName | `nil` +`priorityClassName` | priorityClassName | `nil` `service.port` | port for the service | `80` `service.type` | type of service | `ClusterIP` `tolerations` | List of node taints to tolerate | `[]` diff --git a/stable/oauth2-proxy/templates/_helpers.tpl b/stable/oauth2-proxy/templates/_helpers.tpl index 36cbfe1b2710..c263df0a803b 100644 --- a/stable/oauth2-proxy/templates/_helpers.tpl +++ b/stable/oauth2-proxy/templates/_helpers.tpl @@ -30,3 +30,14 @@ Create chart name and version as used by the chart label. {{- define "oauth2-proxy.chart" -}} {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} + +{{/* +Get the secret name. +*/}} +{{- define "oauth2-proxy.secretName" -}} +{{- if .Values.config.existingSecret -}} +{{- printf "%s" .Values.config.existingSecret -}} +{{- else -}} +{{- printf "%s" (include "oauth2-proxy.fullname" .) -}} +{{- end -}} +{{- end -}} diff --git a/stable/oauth2-proxy/templates/deployment.yaml b/stable/oauth2-proxy/templates/deployment.yaml index fa3eeac5e4c1..ce057c5a4b68 100644 --- a/stable/oauth2-proxy/templates/deployment.yaml +++ b/stable/oauth2-proxy/templates/deployment.yaml @@ -55,17 +55,17 @@ spec: - name: OAUTH2_PROXY_CLIENT_ID valueFrom: secretKeyRef: - name: {{ template "oauth2-proxy.fullname" . }} + name: {{ template "oauth2-proxy.secretName" . }} key: client-id - name: OAUTH2_PROXY_CLIENT_SECRET valueFrom: secretKeyRef: - name: {{ template "oauth2-proxy.fullname" . }} + name: {{ template "oauth2-proxy.secretName" . }} key: client-secret - name: OAUTH2_PROXY_COOKIE_SECRET valueFrom: secretKeyRef: - name: {{ template "oauth2-proxy.fullname" . }} + name: {{ template "oauth2-proxy.secretName" . }} key: cookie-secret ports: - containerPort: 4180 diff --git a/stable/oauth2-proxy/templates/secret.yaml b/stable/oauth2-proxy/templates/secret.yaml index 8347d5c239bb..858fe9f41793 100644 --- a/stable/oauth2-proxy/templates/secret.yaml +++ b/stable/oauth2-proxy/templates/secret.yaml @@ -1,3 +1,4 @@ +{{- if not .Values.config.existingSecret }} apiVersion: v1 kind: Secret metadata: @@ -12,3 +13,4 @@ data: cookie-secret: {{ .Values.config.cookieSecret | b64enc | quote }} client-secret: {{ .Values.config.clientSecret | b64enc | quote }} client-id: {{ .Values.config.clientID | b64enc | quote }} +{{- end -}} diff --git a/stable/oauth2-proxy/values.yaml b/stable/oauth2-proxy/values.yaml index 57c57635cd3a..681c1e79c7bb 100644 --- a/stable/oauth2-proxy/values.yaml +++ b/stable/oauth2-proxy/values.yaml @@ -12,6 +12,9 @@ config: # pass_basic_auth = false # pass_access_token = true configFile: "" + # Use an existing secret for OAuth2 credentials + # Example: + # existingSecret: secret image: repository: "quay.io/pusher/oauth2_proxy" From a7b1d4e54faf24c863a7c72cf424c9d24b2c56d5 Mon Sep 17 00:00:00 2001 From: Tammo van Lessen Date: Wed, 6 Feb 2019 00:33:49 +0100 Subject: [PATCH 0063/1586] Fix sidecar label defaults in README. (#11063) the default values listed in the README's values table were not correct for sidecar.dashboards.label and sidecar.datasources.label. I copied the correct values from the values.yaml and pasted it into the corresponding cell in the table. Signed-off-by: Tammo van Lessen --- stable/grafana/Chart.yaml | 2 +- stable/grafana/README.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index ed591ed5b606..db73758b9887 100755 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 1.26.0 +version: 1.26.1 appVersion: 5.4.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/README.md b/stable/grafana/README.md index 5981a7b5fb5e..cc1f3b80f94e 100644 --- a/stable/grafana/README.md +++ b/stable/grafana/README.md @@ -77,10 +77,10 @@ The command removes all the Kubernetes components associated with the chart and | `annotations` | Deployment annotations | `{}` | | `podAnnotations` | Pod annotations | `{}` | | `sidecar.dashboards.enabled` | Enabled the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | -| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `false` | +| `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | | `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | | `sidecar.datasources.enabled` | Enabled the cluster wide search for datasources and adds/updates/deletes them in grafana |`false` | -| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `false` | +| `sidecar.datasources.label` | Label that config maps with datasources should have to be added | `grafana_datasource` | | `sidecar.datasources.searchNamespace` | If specified, the sidecar will search for datasources config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | | `smtp.existingSecret` | The name of an existing secret containing the SMTP credentials. | `""` | | `smtp.userKey` | The key in the existing SMTP secret containing the username. | `"user"` | From 08c82581a13ddc1409fffdd22dbc2c90db738c95 Mon Sep 17 00:00:00 2001 From: Yui Terashima Date: Wed, 6 Feb 2019 18:14:01 +0900 Subject: [PATCH 0064/1586] [stable/envoy] Fix template for config files (#11180) - Fix an argument mis-match on applying template for envoy.yaml file Signed-off-by: Yui Terashima --- stable/envoy/Chart.yaml | 2 +- stable/envoy/templates/configmap.yaml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/envoy/Chart.yaml b/stable/envoy/Chart.yaml index aed605ad8843..cd54a0f48efa 100755 --- a/stable/envoy/Chart.yaml +++ b/stable/envoy/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Envoy is an open source edge and service proxy, designed for cloud-native applications. name: envoy -version: 1.4.0 +version: 1.4.1 appVersion: 1.9.0 keywords: - envoy diff --git a/stable/envoy/templates/configmap.yaml b/stable/envoy/templates/configmap.yaml index ace20dcc0ffe..f55a4eda7d14 100644 --- a/stable/envoy/templates/configmap.yaml +++ b/stable/envoy/templates/configmap.yaml @@ -14,5 +14,6 @@ data: {{- end -}} {{- range $key, $value := .Values.templates }} {{ $key }}: |- -{{ $value | default "" | tpl . | indent 4 }} +{{ $valueWithDefault := default "" $value -}} +{{ tpl $valueWithDefault $ | indent 4 }} {{- end -}} From 2cacf4e208bf3fda8fc86a882b3cbdb7ce9be954 Mon Sep 17 00:00:00 2001 From: Naseem Date: Wed, 6 Feb 2019 09:49:57 -0500 Subject: [PATCH 0065/1586] Allow adding additional global config options (#11160) Signed-off-by: Naseem Ullah --- stable/elastalert/Chart.yaml | 2 +- stable/elastalert/README.md | 1 + stable/elastalert/templates/config.yaml | 1 + stable/elastalert/values.yaml | 8 ++++++++ 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/stable/elastalert/Chart.yaml b/stable/elastalert/Chart.yaml index c7f1f6ba3895..549a72181124 100644 --- a/stable/elastalert/Chart.yaml +++ b/stable/elastalert/Chart.yaml @@ -1,6 +1,6 @@ description: ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch. name: elastalert -version: 0.10.0 +version: 0.11.0 appVersion: 0.1.38 home: https://github.com/Yelp/elastalert icon: https://static-www.elastic.co/assets/blteb1c97719574938d/logo-elastic-elasticsearch-lt.svg diff --git a/stable/elastalert/README.md b/stable/elastalert/README.md index cba71710a212..aac9f6b447e4 100644 --- a/stable/elastalert/README.md +++ b/stable/elastalert/README.md @@ -68,6 +68,7 @@ The command removes all the Kubernetes components associated with the chart and | `elasticsearch.caCerts` | path to a CA cert bundle to use to verify SSL connections | /certs/ca.pem | | `elasticsearch.certsVolumes` | certs volumes, required to mount ssl certificates when elasticsearch has tls enabled | `NULL` | | `elasticsearch.certsVolumeMounts` | mount certs volumes, required to mount ssl certificates when elasticsearch has tls enabled | `NULL` | +| `extraConfigOptions` | Additional options to propagate to all rules, cannot be `alert`, `type`, `name` or `index` | `{}` | | `resources` | Container resource requests and limits | {} | | `rules` | Rule and alert configuration for Elastalert | {} example shown in values.yaml | | `runIntervalMins` | Default interval between alert checks, in minutes | 1 | diff --git a/stable/elastalert/templates/config.yaml b/stable/elastalert/templates/config.yaml index 66279f4f9b7a..a6de66f54efb 100644 --- a/stable/elastalert/templates/config.yaml +++ b/stable/elastalert/templates/config.yaml @@ -42,3 +42,4 @@ data: {{- end }} alert_time_limit: minutes: {{ .Values.alertRetryLimitMins }} +{{ toYaml .Values.extraConfigOptions | indent 4 }} diff --git a/stable/elastalert/values.yaml b/stable/elastalert/values.yaml index efb3be285104..53b074ad6404 100644 --- a/stable/elastalert/values.yaml +++ b/stable/elastalert/values.yaml @@ -64,6 +64,14 @@ elasticsearch: # mountPath: /certs # readOnly: true +extraConfigOptions: {} + # # Options to propagate to all rules, e.g. a common slack_webhook_url or kibana_url + # # Please note at the time of implementing this value, it will not work for required_locals + # # Which MUST be set at the rule level, these are: ['alert', 'type', 'name', 'index'] + # generate_kibana_link: true + # kibana_url: https://kibana.yourdomain.com + # slack_webhook_url: dummy + # Command and args override for container e.g. (https://kubernetes.io/docs/tasks/inject-data-application/define-command-argument-container/) # command: ["YOUR_CUSTOM_COMMAND"] # args: ["YOUR", "CUSTOM", "ARGS"] From 619a86b346335e72adad053fc6b10d91ffce03a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Wed, 6 Feb 2019 16:45:58 +0100 Subject: [PATCH 0066/1586] [stable/wordpress] Enable configuration of AllowOverride (#11155) * [stable/wordpress] Enable configuration of AllowOverride Signed-off-by: Javier J. Salmeron Garcia * Add custom htaccess cm Signed-off-by: Javier J. Salmeron Garcia * Add helper Signed-off-by: Javier J. Salmeron Garcia * Update allowOverride values Signed-off-by: Javier J. Salmeron Garcia --- stable/wordpress/Chart.yaml | 2 +- stable/wordpress/README.md | 22 ++++++++++++++++++++++ stable/wordpress/templates/_helpers.tpl | 7 +++++++ stable/wordpress/templates/deployment.yaml | 12 ++++++++++++ stable/wordpress/values-production.yaml | 6 ++++++ stable/wordpress/values.yaml | 6 ++++++ 6 files changed, 54 insertions(+), 1 deletion(-) diff --git a/stable/wordpress/Chart.yaml b/stable/wordpress/Chart.yaml index 4f8ae5dfd0f6..6e5e874aef61 100644 --- a/stable/wordpress/Chart.yaml +++ b/stable/wordpress/Chart.yaml @@ -1,5 +1,5 @@ name: wordpress -version: 5.1.3 +version: 5.2.0 appVersion: 5.0.3 description: Web publishing platform for building blogs and websites. icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png diff --git a/stable/wordpress/README.md b/stable/wordpress/README.md index d497839bce97..d8f7d0bd4e8a 100644 --- a/stable/wordpress/README.md +++ b/stable/wordpress/README.md @@ -63,6 +63,8 @@ The following table lists the configurable parameters of the WordPress chart and | `wordpressBlogName` | Blog name | `User's Blog!` | | `wordpressTablePrefix` | Table prefix | `wp_` | | `allowEmptyPassword` | Allow DB blank passwords | `true` | +| `allowOverrideNone` | Set Apache AllowOverride directive to None | `no` | +| `customHTAccessCM` | Configmap with custom wordpress-htaccess.conf directives | `nil` | | `smtpHost` | SMTP host | `nil` | | `smtpPort` | SMTP port | `nil` | | `smtpUser` | SMTP user | `nil` | @@ -264,6 +266,26 @@ readinessProbeHeaders: Any number of name/value pairs may be specified; they are all copied into the liveness or readiness probe definition. +## Disabling `.htaccess` + +For performance and security reasons, it is a good practice to configure Apache with `AllowOverride None`. Instead of using `.htaccess` files, Apache will load the same dircetives at boot time. These directives are located in `/opt/bitnami/wordpress/wordpress-htaccess.conf`. The container image includes by default these directives all of the default `.htaccess` files in WordPress (together with the default plugins). To enable this feature, install the chart with the following value: + +``` +helm install stable/wordpress --set allowOverrideNone=yes +``` + +However, some plugins may include `.htaccess` directives that will not be loaded when `AllowOverride` is set to `None`. A way to make them work would be to create your own `wordpress-htaccess.conf` file with all the required dircectives to make the plugin work. After creating it, then create a ConfigMap with it. + +``` +kubectl create cm custom-htaccess --from-file=/path/to/wordpress-htaccess.conf +``` + +Then, install the chart: + +``` +helm install stable/wordpress --set allowOverrideNone=yes --set customHTAccessCM=custom-htaccess +``` + ## Upgrading ### To 3.0.0 diff --git a/stable/wordpress/templates/_helpers.tpl b/stable/wordpress/templates/_helpers.tpl index 09a111822113..7b0595efc7fb 100644 --- a/stable/wordpress/templates/_helpers.tpl +++ b/stable/wordpress/templates/_helpers.tpl @@ -53,6 +53,13 @@ Create chart name and version as used by the chart label. {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "wordpress.customHTAcessCM" -}} +{{- printf "%s" .Values.customHTAcessCM -}} +{{- end -}} + {{/* Return the proper image name (for the metrics image) */}} diff --git a/stable/wordpress/templates/deployment.yaml b/stable/wordpress/templates/deployment.yaml index 845e81f14673..2b0380e76117 100644 --- a/stable/wordpress/templates/deployment.yaml +++ b/stable/wordpress/templates/deployment.yaml @@ -97,6 +97,8 @@ spec: value: {{ .Values.wordpressFirstName | quote }} - name: WORDPRESS_LAST_NAME value: {{ .Values.wordpressLastName | quote }} + - name: WORDPRESS_HTACCESS_OVERRIDE_NONE + value: {{ .Values.allowOverrideNone | quote }} - name: WORDPRESS_BLOG_NAME value: {{ .Values.wordpressBlogName | quote }} - name: WORDPRESS_TABLE_PREFIX @@ -171,6 +173,11 @@ spec: - mountPath: /bitnami/php name: wordpress-data subPath: php + {{- if and .Values.allowOverrideNone .Values.customHTAccessCM}} + - mountPath: /opt/bitnami/wordpress + name: custom-htaccess + subPath: wordpress-htaccess.conf + {{- end }} resources: {{ toYaml .Values.resources | indent 10 }} {{- if .Values.metrics.enabled }} @@ -197,6 +204,11 @@ spec: {{ toYaml .Values.metrics.resources | indent 10 }} {{- end }} volumes: + {{- if and .Values.allowOverrideNone .Values.customHTAccessCM}} + - name: custom-htaccess + configMap: + name: {{ template "wordpress.customHTAccessCM" . }} + {{- end }} - name: wordpress-data {{- if .Values.persistence.enabled }} persistentVolumeClaim: diff --git a/stable/wordpress/values-production.yaml b/stable/wordpress/values-production.yaml index 3559457891f5..ce40068972c2 100644 --- a/stable/wordpress/values-production.yaml +++ b/stable/wordpress/values-production.yaml @@ -59,6 +59,12 @@ wordpressTablePrefix: wp_ ## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables allowEmptyPassword: "yes" +## Set Apache allowOverride to None +allowOverrideNone: yes + +# ConfigMap with custom wordpress-htaccess.conf file (requires allowOverrideNone to true) +customHTAccessCM: + ## SMTP mail delivery configuration ## ref: https://github.com/bitnami/bitnami-docker-wordpress/#smtp-configuration ## diff --git a/stable/wordpress/values.yaml b/stable/wordpress/values.yaml index 2e3462d68090..822d59da1c4c 100644 --- a/stable/wordpress/values.yaml +++ b/stable/wordpress/values.yaml @@ -63,6 +63,12 @@ wordpressTablePrefix: wp_ ## ref: https://github.com/bitnami/bitnami-docker-wordpress#environment-variables allowEmptyPassword: true +## Set Apache allowOverride to None +allowOverrideNone: no + +# ConfigMap with custom wordpress-htaccess.conf file (requires allowOverrideNone to true) +customHTAccessCM: + ## SMTP mail delivery configuration ## ref: https://github.com/bitnami/bitnami-docker-wordpress/#smtp-configuration ## From 14c70d8c5a113778346d330e4e1ca0770062263c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20de=20Saint=20Martin?= Date: Wed, 6 Feb 2019 16:55:35 +0100 Subject: [PATCH 0067/1586] [stable/postgresql] Update metrics image to v0.4.7. (#11183) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Cédric de Saint Martin --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 2 +- stable/postgresql/values-production.yaml | 2 +- stable/postgresql/values.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index fd721b6bcb11..6bb649cb3b9f 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.10.0 +version: 3.10.1 appVersion: 10.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index 5f0f7b9797fe..3dd1ed021b2d 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -125,7 +125,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a | `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | | `metrics.image.registry` | PostgreSQL Image registry | `docker.io` | | `metrics.image.repository` | PostgreSQL Image name | `wrouesnel/postgres_exporter` | -| `metrics.image.tag` | PostgreSQL Image tag | `{VERSION}` | +| `metrics.image.tag` | PostgreSQL Image tag | `v0.4.7` | | `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | | `extraEnv` | Any extra environment variables you would like to pass on to the pod | `{}` | diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index 586fafdbae92..a05866060206 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -267,7 +267,7 @@ metrics: image: registry: docker.io repository: wrouesnel/postgres_exporter - tag: v0.4.6 + tag: v0.4.7 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index a79b9db97aaa..d886a1fb3b1d 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -274,7 +274,7 @@ metrics: image: registry: docker.io repository: wrouesnel/postgres_exporter - tag: v0.4.6 + tag: v0.4.7 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 762526ea07a67a5c37bb681a29523f8692c2561a Mon Sep 17 00:00:00 2001 From: Maxime Guyot Date: Wed, 6 Feb 2019 17:03:09 +0100 Subject: [PATCH 0068/1586] Add README.md to fluentd (#11182) Signed-off-by: Maxime Guyot --- stable/fluentd/Chart.yaml | 4 +- stable/fluentd/OWNERS | 2 + stable/fluentd/README.md | 79 +++++++++++++++++++++++++++++++++++++++ 3 files changed, 84 insertions(+), 1 deletion(-) create mode 100644 stable/fluentd/README.md diff --git a/stable/fluentd/Chart.yaml b/stable/fluentd/Chart.yaml index 71441cbb4b4d..ac940edf6c8c 100644 --- a/stable/fluentd/Chart.yaml +++ b/stable/fluentd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: A Fluentd Elasticsearch Helm chart for Kubernetes. icon: https://raw.githubusercontent.com/fluent/fluentd-docs/master/public/logo/Fluentd_square.png name: fluentd -version: 1.5.0 +version: 1.5.1 appVersion: v2.3.1 home: https://www.fluentd.org/ sources: @@ -13,3 +13,5 @@ sources: maintainers: - name: rendhalver email: pete.brown@powerhrg.com +- name: miouge1 + email: maxime@root314.com diff --git a/stable/fluentd/OWNERS b/stable/fluentd/OWNERS index 5cb6ab0551d0..ac74ba548bd9 100644 --- a/stable/fluentd/OWNERS +++ b/stable/fluentd/OWNERS @@ -1,4 +1,6 @@ approvers: - rendhalver +- miouge1 reviewers: - rendhalver +- miouge1 diff --git a/stable/fluentd/README.md b/stable/fluentd/README.md new file mode 100644 index 000000000000..61deaba5284f --- /dev/null +++ b/stable/fluentd/README.md @@ -0,0 +1,79 @@ +# fluentd + +[Fluentd](https://www.fluentd.org/) collects events from various data sources and writes them to files, RDBMS, NoSQL, IaaS, SaaS, Hadoop and so on. Fluentd helps you unify your logging infrastructure (Learn more about the Unified Logging Layer). + +## TL;DR; + +```console +$ helm install stable/fluentd +``` + +## Introduction + +This chart bootstraps an fluentd deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install stable/fluentd --name my-release +``` + +The command deploys fluentd on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the fluentd chart and their default values. + +Parameter | Description | Default +--- | --- | --- +`affinity` | node/pod affinities | `{}` +`configMaps` | Fluentd configuration | See [values.yaml](values.yaml) +`output.host` | output host | `elasticsearch-client.default.svc.cluster.local` +`output.port` | output port | `9200` +`output.scheme` | output port | `http` +`output.sslVersion` | output ssl version | `TLSv1` +`output.buffer_chunk_limit` | output buffer chunk limit | `2M` +`output.buffer_queue_limit` | output buffer queue limit | `8` +`service.type` | type of service | `ClusterIP` +`image.pullPolicy` | Image pull policy | `IfNotPresent` +`image.repository` | Image repository | `gcr.io/google-containers/fluentd-elasticsearch` +`image.tag` | Image tag | `v2.3.1` +`imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) +`ingress.enabled` | enable ingress | `false` +`nodeSelector` | node labels for pod assignment | `{}` +`replicaCount` | desired number of pods | `1` ??? +`resources` | pod resource requests & limits | `{}` +`priorityClassName` | priorityClassName | `nil` +`service.port` | port for the service | `80` +`service.type` | type of service | `ClusterIP` +`tolerations` | List of node taints to tolerate | `[]` +`persistence.enabled` | Enable buffer persistence | `false` +`persistence.accessMode` | Access mode for buffer persistence | `ReadWriteOnce` +`persistence.size` | Volume size for buffer persistence | `10Gi` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install stable/fluentd --name my-release \ + --set=image.tag=v0.0.2,resources.limits.cpu=200m +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +$ helm install stable/fluentd --name my-release -f values.yaml +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) From 1a5c6e1f0cdd5497a69fb454b94666d1c6e6fc0e Mon Sep 17 00:00:00 2001 From: Chaoran Yu Date: Wed, 6 Feb 2019 11:11:25 -0500 Subject: [PATCH 0069/1586] Added permissions to handle ingress (#11177) Signed-off-by: Chaoran Yu --- incubator/sparkoperator/Chart.yaml | 2 +- incubator/sparkoperator/templates/spark-operator-rbac.yaml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/incubator/sparkoperator/Chart.yaml b/incubator/sparkoperator/Chart.yaml index e02fcf4152bf..9d57ec35f3ba 100644 --- a/incubator/sparkoperator/Chart.yaml +++ b/incubator/sparkoperator/Chart.yaml @@ -1,6 +1,6 @@ name: sparkoperator description: A Helm chart for Spark on Kubernetes operator -version: 0.1.7 +version: 0.1.8 appVersion: v1beta1-0.7-2.4.0 kubeVersion: ">=1.8.0-0" keywords: diff --git a/incubator/sparkoperator/templates/spark-operator-rbac.yaml b/incubator/sparkoperator/templates/spark-operator-rbac.yaml index 3ff3f9ae1226..bd5fd3febfde 100644 --- a/incubator/sparkoperator/templates/spark-operator-rbac.yaml +++ b/incubator/sparkoperator/templates/spark-operator-rbac.yaml @@ -15,6 +15,9 @@ rules: - apiGroups: [""] resources: ["services", "configmaps", "secrets"] verbs: ["create", "get", "delete"] +- apiGroups: ["extensions"] + resources: ["ingresses"] + verbs: ["create", "get", "delete"] - apiGroups: [""] resources: ["nodes"] verbs: ["get"] From 1a02ab588104b4742a176982a08d37b2fe691a08 Mon Sep 17 00:00:00 2001 From: Express Gateway Bot Account <29412940+eg-bot@users.noreply.github.com> Date: Wed, 6 Feb 2019 17:21:36 +0100 Subject: [PATCH 0070/1586] Update Express Gateway Images to v1.15.0 (#11178) Signed-off-by: eg-bot --- stable/express-gateway/Chart.yaml | 4 ++-- stable/express-gateway/README.md | 2 +- stable/express-gateway/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/express-gateway/Chart.yaml b/stable/express-gateway/Chart.yaml index f754e932a4d7..5be602907848 100644 --- a/stable/express-gateway/Chart.yaml +++ b/stable/express-gateway/Chart.yaml @@ -9,5 +9,5 @@ maintainers: name: express-gateway sources: - https://github.com/expressgateway/express-gateway -version: 1.1.0 -appVersion: 1.13.0 +version: 1.2.0 +appVersion: 1.15.0 diff --git a/stable/express-gateway/README.md b/stable/express-gateway/README.md index 070304060ee1..56ae8ecbf867 100644 --- a/stable/express-gateway/README.md +++ b/stable/express-gateway/README.md @@ -49,7 +49,7 @@ and their default values. | Parameter | Description | Default | |----------------------|--------------------------------------------------------------------------------------------------------|----------------------------------| | image.repository | Express Gateway image | `expressgateway/express-gateway` | -| image.tag | Express Gateway image version | `v1.13.0` | +| image.tag | Express Gateway image version | `1.15.0` | | image.pullPolicy | Image pull policy | `IfNotPresent` | | replicaCount | Express Gateway instance count | `1` | | admin.servicePort | TCP port on which the Express Gateway admin service is exposed | `9876` | diff --git a/stable/express-gateway/values.yaml b/stable/express-gateway/values.yaml index 7d18b633a8ea..f598f333c00d 100644 --- a/stable/express-gateway/values.yaml +++ b/stable/express-gateway/values.yaml @@ -3,7 +3,7 @@ image: repository: expressgateway/express-gateway - tag: v1.13.0 + tag: v1.15.0 pullPolicy: IfNotPresent # Specify Express Gateway Admin API From 0041f31d770a05fae7d1b95bead79ce2f29c3bec Mon Sep 17 00:00:00 2001 From: Domenico Caruso Date: Wed, 6 Feb 2019 17:31:39 +0100 Subject: [PATCH 0071/1586] Fix gcs credentials location (#11189) * Fix gcs credentials location Signed-off-by: Domenico Caruso * Update patch version Signed-off-by: Domenico Caruso --- stable/minio/Chart.yaml | 2 +- stable/minio/templates/deployment.yaml | 5 +---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/stable/minio/Chart.yaml b/stable/minio/Chart.yaml index d82698a63532..0953ed2a29bc 100755 --- a/stable/minio/Chart.yaml +++ b/stable/minio/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Minio is a high performance distributed object storage server, designed for large-scale private cloud infrastructure. name: minio -version: 2.4.1 +version: 2.4.2 appVersion: RELEASE.2019-01-16T21-44-08Z keywords: - storage diff --git a/stable/minio/templates/deployment.yaml b/stable/minio/templates/deployment.yaml index f48f2c962deb..a269c197bcf1 100644 --- a/stable/minio/templates/deployment.yaml +++ b/stable/minio/templates/deployment.yaml @@ -116,10 +116,7 @@ spec: key: secretkey {{- if .Values.gcsgateway.enabled }} - name: GOOGLE_APPLICATION_CREDENTIALS - valueFrom: - secretKeyRef: - name: {{ template "minio.fullname" . }} - key: gcs_key.json + value: "/etc/credentials/gcs_key.json" {{- end }} {{- range $key, $val := .Values.environment }} - name: {{ $key }} From 71e20cfd54efa0be7b21d811801b26443dd1277b Mon Sep 17 00:00:00 2001 From: chrisob Date: Wed, 6 Feb 2019 22:20:35 +0100 Subject: [PATCH 0072/1586] Run atlantis container as atlantis user instead of root (#11197) Signed-off-by: Chris O'Brien Bump chart version Signed-off-by: Chris O'Brien Revert "Run atlantis container as atlantis user instead of root" This reverts commit 8938f3f Signed-off-by: Chris O'Brien Remove explicit atlantis command so as not to bypass docker entrypoint Signed-off-by: Chris O'Brien --- stable/atlantis/Chart.yaml | 2 +- stable/atlantis/templates/statefulset.yaml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/stable/atlantis/Chart.yaml b/stable/atlantis/Chart.yaml index f577b088fb3c..3c301b48e7c1 100644 --- a/stable/atlantis/Chart.yaml +++ b/stable/atlantis/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "v0.4.11" description: A Helm chart for Atlantis https://www.runatlantis.io name: atlantis -version: 1.1.2 +version: 1.1.3 keywords: - terraform home: https://www.runatlantis.io diff --git a/stable/atlantis/templates/statefulset.yaml b/stable/atlantis/templates/statefulset.yaml index 93b7a2dc3de7..c0d984ad49cb 100644 --- a/stable/atlantis/templates/statefulset.yaml +++ b/stable/atlantis/templates/statefulset.yaml @@ -61,7 +61,6 @@ spec: exec: command: ["/bin/sh", "-c", "cp /etc/secret-gitconfig/gitconfig /home/atlantis/.gitconfig && chown atlantis /home/atlantis/.gitconfig"] {{- end}} - command: ["atlantis"] args: - server {{- if .Values.allowRepoConfig }} From df256c332a74770b4d9aab7833ef0f7ad8f5fac7 Mon Sep 17 00:00:00 2001 From: Tim Mitrovich Date: Wed, 6 Feb 2019 20:24:28 -0500 Subject: [PATCH 0073/1586] [stable/redis-ha] Add Optional Prometheus Exporter Sidecar (#11085) * [stable/redis-ha] Add Optional Prometheus Exporter Sidecar Added support for an optional prometheus exporter sidecar container in each redis pod. Signed-off-by: Tim Mitrovich * [stable/redis-ha] Add Optional Prometheus Exporter Sidecar * Added https://github.com/oliver006/redis_exporter to the sources list * Added ability to configure resource limits * Added ability to pull redis password from the existing redis secret so that we don't have plain text passwords in the config files * Added ability to configure port and metrics scraping path * Updated comments about the default install of redis-ha chart * Added livenessProbe to exporter container Signed-off-by: Tim Mitrovich --- stable/redis-ha/Chart.yaml | 3 +- stable/redis-ha/README.md | 10 +++-- .../templates/redis-ha-statefulset.yaml | 40 +++++++++++++++++++ stable/redis-ha/values.yaml | 17 ++++++++ 4 files changed, 66 insertions(+), 4 deletions(-) diff --git a/stable/redis-ha/Chart.yaml b/stable/redis-ha/Chart.yaml index be92ddb85246..3bb2eba5dd4b 100644 --- a/stable/redis-ha/Chart.yaml +++ b/stable/redis-ha/Chart.yaml @@ -5,7 +5,7 @@ keywords: - redis - keyvalue - database -version: 3.1.3 +version: 3.1.4 appVersion: 5.0.3 description: Highly available Kubernetes implementation of Redis icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png @@ -18,3 +18,4 @@ details: sources: - https://redis.io/download - https://github.com/scality/Zenko/tree/development/1.0/kubernetes/zenko/charts/redis-ha +- https://github.com/oliver006/redis_exporter diff --git a/stable/redis-ha/README.md b/stable/redis-ha/README.md index 9a16ff619792..cf5325d27e45 100644 --- a/stable/redis-ha/README.md +++ b/stable/redis-ha/README.md @@ -9,8 +9,8 @@ $ helm install stable/redis-ha ``` By default this chart install 3 pods total: - * one pod containing a redis master and sentinel containers - * two pods each containing redis slave and sentinel containers. + * one pod containing a redis master and sentinel container (optional prometheus metrics exporter sidecar available) + * two pods each containing a redis slave and sentinel containers (optional prometheus metrics exporter sidecars available) ## Introduction @@ -73,7 +73,11 @@ The following table lists the configurable parameters of the Redis chart and the | `nodeSelector` | Node labels for pod assignment | `{}` | | `tolerations` | Toleration labels for pod assignment | `[]` | | `podAntiAffinity.server` | Antiaffinity for pod assignment of servers, `hard` or `soft` | `Hard node and soft zone anti-affinity` | - +| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | `false` | +| `exporter.image` | Exporter image | `oliver006/redis_exporter` | +| `exporter.tag` | Exporter tag | `v0.28.0` | +| `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` | +| `exporter.extraArgs` | Additional args for the exporter | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/redis-ha/templates/redis-ha-statefulset.yaml b/stable/redis-ha/templates/redis-ha-statefulset.yaml index cc05c8214767..bfb3a1174fae 100644 --- a/stable/redis-ha/templates/redis-ha-statefulset.yaml +++ b/stable/redis-ha/templates/redis-ha-statefulset.yaml @@ -22,6 +22,11 @@ spec: {{- if .Values.podAnnotations }} {{ toYaml .Values.podAnnotations | indent 8 }} {{- end }} + {{- if .Values.exporter.enabled }} + prometheus.io/port: "{{ .Values.exporter.port }}" + prometheus.io/scrape: "true" + prometheus.io/path: {{ .Values.exporter.scrapePath }} + {{- end }} labels: release: {{ .Release.Name }} app: {{ template "redis-ha.name" . }} @@ -147,6 +152,41 @@ spec: name: data - mountPath: /probes name: probes +{{- if .Values.exporter.enabled }} + - name: redis-exporter + image: "{{ .Values.exporter.image }}:{{ .Values.exporter.tag }}" + imagePullPolicy: {{ .Values.exporter.pullPolicy }} + args: + {{- range $key, $value := .Values.extraArgs }} + - --{{ $key }}={{ $value }} + {{- end }} + env: + - name: REDIS_ADDR + value: redis://localhost:6379 + {{- if .Values.auth }} + - name: REDIS_PASSWORD + valueFrom: + secretKeyRef: + {{- if .Values.existingSecret }} + name: {{ .Values.existingSecret }} + {{- else }} + name: {{ template "redis-ha.fullname" . }} + {{- end }} + key: auth + {{- end }} + livenessProbe: + httpGet: + path: {{ .Values.exporter.scrapePath }} + port: {{ .Values.exporter.port }} + initialDelaySeconds: 15 + timeoutSeconds: 1 + periodSeconds: 15 + resources: + {{ toYaml .Values.exporter.resources | indent 10 }} + ports: + - name: exporter-port + containerPort: {{ .Values.exporter.port }} +{{- end }} volumes: - name: config configMap: diff --git a/stable/redis-ha/values.yaml b/stable/redis-ha/values.yaml index 092146b82a0c..ced15a008c73 100644 --- a/stable/redis-ha/values.yaml +++ b/stable/redis-ha/values.yaml @@ -91,6 +91,23 @@ affinity: | release: {{ .Release.Name }} topologyKey: failure-domain.beta.kubernetes.io/zone +# Prometheus exporter specific configuration options +exporter: + enabled: false + image: oliver006/redis_exporter + tag: v0.28.0 + pullPolicy: IfNotPresent + + # prometheus port & scrape path + port: 9121 + scrapePath: /metrics + + # cpu/memory resource limits/requests + resources: {} + + # Additional args for redis exporter + extraArgs: {} + podDisruptionBudget: {} # maxUnavailable: 1 # minAvailable: 1 From eee84d29fdea80cd859d76210bd8262ad484ebd3 Mon Sep 17 00:00:00 2001 From: Chaoran Yu Date: Wed, 6 Feb 2019 23:53:07 -0500 Subject: [PATCH 0074/1586] Added flag for ingress URL format (#11219) Signed-off-by: Chaoran Yu --- incubator/sparkoperator/Chart.yaml | 2 +- incubator/sparkoperator/README.md | 3 ++- .../sparkoperator/templates/spark-operator-deployment.yaml | 1 + incubator/sparkoperator/values.yaml | 1 + 4 files changed, 5 insertions(+), 2 deletions(-) diff --git a/incubator/sparkoperator/Chart.yaml b/incubator/sparkoperator/Chart.yaml index 9d57ec35f3ba..289f036b0228 100644 --- a/incubator/sparkoperator/Chart.yaml +++ b/incubator/sparkoperator/Chart.yaml @@ -1,6 +1,6 @@ name: sparkoperator description: A Helm chart for Spark on Kubernetes operator -version: 0.1.8 +version: 0.1.9 appVersion: v1beta1-0.7-2.4.0 kubeVersion: ">=1.8.0-0" keywords: diff --git a/incubator/sparkoperator/README.md b/incubator/sparkoperator/README.md index 6ff802918714..ba0f05bcde92 100644 --- a/incubator/sparkoperator/README.md +++ b/incubator/sparkoperator/README.md @@ -30,12 +30,13 @@ The following table lists the configurable parameters of the Spark operator char | `enableWebhook` | Whether to enable mutating admission webhook | false | | `enableMetrics` | Whether to expose metrics to be scraped by Premetheus | true | | `controllerThreads` | Number of worker threads used by the SparkApplication controller | 10 | +| `ingressUrlFormat` | Ingress URL format | "" | | `installCrds` | Whether to install CRDs | true | | `metricsPort` | Port for the metrics endpoint | 10254 | | `metricsEndpoint` | Metrics endpoint | "/metrics" | | `metricsPrefix` | Prefix for the metrics | "" | | `resyncInterval` | Informer resync interval in seconds | 30 | -| `webhookPort` | Service port of the webhook server | 8080 | | +| `webhookPort` | Service port of the webhook server | 8080 | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/incubator/sparkoperator/templates/spark-operator-deployment.yaml b/incubator/sparkoperator/templates/spark-operator-deployment.yaml index d2f1612aad7d..fdfc51a275c3 100644 --- a/incubator/sparkoperator/templates/spark-operator-deployment.yaml +++ b/incubator/sparkoperator/templates/spark-operator-deployment.yaml @@ -58,6 +58,7 @@ spec: args: - -v=2 - -namespace={{ .Values.sparkJobNamespace }} + - -ingress-url-format={{ .Values.ingressUrlFormat }} - -install-crds={{ .Values.installCrds }} - -controller-threads={{ .Values.controllerThreads }} - -resync-interval={{ .Values.resyncInterval }} diff --git a/incubator/sparkoperator/values.yaml b/incubator/sparkoperator/values.yaml index 563c402f6b1a..bfb03eab2d70 100644 --- a/incubator/sparkoperator/values.yaml +++ b/incubator/sparkoperator/values.yaml @@ -19,6 +19,7 @@ enableWebhook: false enableMetrics: true controllerThreads: 10 +ingressUrlFormat: "" installCrds: true metricsPort: 10254 metricsEndpoint: "/metrics" From 9c89dba36db36af797b46eeb532a97f2b82057b0 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Thu, 7 Feb 2019 09:21:19 +0100 Subject: [PATCH 0075/1586] drupal: update to `8.6.8` (#11208) Signed-off-by: Bitnami Containers --- stable/drupal/Chart.yaml | 4 ++-- stable/drupal/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/drupal/Chart.yaml b/stable/drupal/Chart.yaml index f649e982a94e..76628153e9b1 100644 --- a/stable/drupal/Chart.yaml +++ b/stable/drupal/Chart.yaml @@ -1,6 +1,6 @@ name: drupal -version: 3.0.4 -appVersion: 8.6.7 +version: 3.0.5 +appVersion: 8.6.8 description: One of the most versatile open source content management systems. keywords: - drupal diff --git a/stable/drupal/values.yaml b/stable/drupal/values.yaml index ab33d63addf8..beb290cbdfaa 100644 --- a/stable/drupal/values.yaml +++ b/stable/drupal/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/drupal - tag: 8.6.7 + tag: 8.6.8 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 11bb42e635770ff4aad5988b507e647fe2c51c05 Mon Sep 17 00:00:00 2001 From: Jungsub Shin Date: Thu, 7 Feb 2019 17:35:34 +0900 Subject: [PATCH 0076/1586] [stable/mariadb] Fix typo of the install example in README (#11124) Signed-off-by: Jungsub Shin --- stable/mariadb/Chart.yaml | 2 +- stable/mariadb/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/mariadb/Chart.yaml b/stable/mariadb/Chart.yaml index f105c373760f..ebf6861e8da1 100644 --- a/stable/mariadb/Chart.yaml +++ b/stable/mariadb/Chart.yaml @@ -1,5 +1,5 @@ name: mariadb -version: 5.5.0 +version: 5.5.1 appVersion: 10.1.37 description: Fast, reliable, scalable, and easy to use open-source relational database system. MariaDB Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. Highly available MariaDB cluster. keywords: diff --git a/stable/mariadb/README.md b/stable/mariadb/README.md index 16bf9a0d2816..705437cd2893 100644 --- a/stable/mariadb/README.md +++ b/stable/mariadb/README.md @@ -141,7 +141,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm ```bash $ helm install --name my-release \ - --set root.password=secretpassword,user.database=app_database \ + --set rootUser.password=secretpassword,db.user=app_database \ stable/mariadb ``` From e00527d99a43f6e8e3a29a4db671dd3c1c066024 Mon Sep 17 00:00:00 2001 From: Nik Voss Date: Thu, 7 Feb 2019 10:24:32 +0100 Subject: [PATCH 0077/1586] Fixed bug introduces by previous PR. (#11227) Signed-off-by: Niklas Voss --- stable/elasticsearch/Chart.yaml | 2 +- stable/elasticsearch/templates/client-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/elasticsearch/Chart.yaml b/stable/elasticsearch/Chart.yaml index 3cca7692467e..4a9595133d01 100755 --- a/stable/elasticsearch/Chart.yaml +++ b/stable/elasticsearch/Chart.yaml @@ -1,6 +1,6 @@ name: elasticsearch home: https://www.elastic.co/products/elasticsearch -version: 1.19.0 +version: 1.19.1 appVersion: 6.6.0 description: Flexible and powerful open source, distributed real-time search and analytics engine. diff --git a/stable/elasticsearch/templates/client-deployment.yaml b/stable/elasticsearch/templates/client-deployment.yaml index 9c52279a356f..1ba652f82d93 100644 --- a/stable/elasticsearch/templates/client-deployment.yaml +++ b/stable/elasticsearch/templates/client-deployment.yaml @@ -65,7 +65,7 @@ spec: {{- end }} {{- if or .Values.extraInitContainers .Values.sysctlInitContainer.enabled }} initContainers: -{{- if .Values.enableSysctlInitContainer }} +{{- if .Values.sysctlInitContainer.enabled }} # see https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html # and https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-configuration-memory.html#mlockall - name: "sysctl" From 6e2dcd7a250a576cad01bc8ce485e5e214f8c853 Mon Sep 17 00:00:00 2001 From: Julien Bouyoud Date: Thu, 7 Feb 2019 14:35:25 +0100 Subject: [PATCH 0078/1586] feat(keycloak): add availability to expose extra port on sts (#11162) Signed-off-by: Julien Bouyoud --- stable/keycloak/Chart.yaml | 2 +- stable/keycloak/README.md | 1 + stable/keycloak/templates/statefulset.yaml | 3 +++ stable/keycloak/values.yaml | 3 +++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/stable/keycloak/Chart.yaml b/stable/keycloak/Chart.yaml index 29b74c26e296..b9e0d0026e3b 100644 --- a/stable/keycloak/Chart.yaml +++ b/stable/keycloak/Chart.yaml @@ -1,5 +1,5 @@ name: keycloak -version: 4.3.0 +version: 4.4.0 appVersion: 4.8.3.Final description: Open Source Identity and Access Management For Modern Applications and Services keywords: diff --git a/stable/keycloak/README.md b/stable/keycloak/README.md index 6f8e4083a7c5..6dd0d597c908 100644 --- a/stable/keycloak/README.md +++ b/stable/keycloak/README.md @@ -57,6 +57,7 @@ Parameter | Description | Default `keycloak.extraEnv` | Allows the specification of additional environment variables for Keycloak. Passed through the `tpl` function and thus to be configured a string | `""` `keycloak.extraVolumeMounts` | Add additional volumes mounts, e. g. for custom themes. Passed through the `tpl` function and thus to be configured a string | `""` `keycloak.extraVolumes` | Add additional volumes, e. g. for custom themes. Passed through the `tpl` function and thus to be configured a string | `""` +`keycloak.extraPorts` | Add additional ports, e. g. for custom admin console port. Passed through the `tpl` function and thus to be configured a string | `""` `keycloak.podDisruptionBudget` | Pod disruption budget | `{}` `keycloak.resources` | Pod resource requests and limits | `{}` `keycloak.affinity` | Pod affinity. Passed through the `tpl` function and thus to be configured a string | `Hard node and soft zone anti-affinity` diff --git a/stable/keycloak/templates/statefulset.yaml b/stable/keycloak/templates/statefulset.yaml index accf478ea2ed..1ae6379b9659 100644 --- a/stable/keycloak/templates/statefulset.yaml +++ b/stable/keycloak/templates/statefulset.yaml @@ -103,6 +103,9 @@ spec: containerPort: 7600 protocol: TCP {{- end }} +{{- with .Values.keycloak.extraPorts }} +{{ tpl . $ | indent 12 }} +{{- end }} livenessProbe: httpGet: path: {{ if ne .Values.keycloak.basepath "" }}/{{ .Values.keycloak.basepath }}{{ end }}/ diff --git a/stable/keycloak/values.yaml b/stable/keycloak/values.yaml index 45495be50217..d1e800cbe8df 100644 --- a/stable/keycloak/values.yaml +++ b/stable/keycloak/values.yaml @@ -141,6 +141,9 @@ keycloak: extraVolumes: | extraVolumeMounts: | + ## Add additional ports, eg. for custom admin console + extraPorts: | + podDisruptionBudget: {} # maxUnavailable: 1 # minAvailable: 1 From 451214890c8138b48323449a414e54e6280f3b2c Mon Sep 17 00:00:00 2001 From: jeff-knurek Date: Thu, 7 Feb 2019 15:54:19 +0100 Subject: [PATCH 0079/1586] NEXUS: bump the app version to 3.15.2 (#11230) * NEXUS: bump the app version to 3.15.2 and update the README with the correct values Signed-off-by: Jeff Knurek * also update the proxy image to one without security vulnerabilities Signed-off-by: Jeff Knurek --- stable/sonatype-nexus/Chart.yaml | 4 ++-- stable/sonatype-nexus/README.md | 8 ++++---- stable/sonatype-nexus/values.yaml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/stable/sonatype-nexus/Chart.yaml b/stable/sonatype-nexus/Chart.yaml index 68d4f2a4a9a9..96a06c064b16 100644 --- a/stable/sonatype-nexus/Chart.yaml +++ b/stable/sonatype-nexus/Chart.yaml @@ -1,6 +1,6 @@ name: sonatype-nexus -version: 1.15.1 -appVersion: 3.14.0-04 +version: 1.16.0 +appVersion: 3.15.2-01 description: Sonatype Nexus is an open source repository manager keywords: - artifacts diff --git a/stable/sonatype-nexus/README.md b/stable/sonatype-nexus/README.md index efe47722024f..f500669fe3e2 100644 --- a/stable/sonatype-nexus/README.md +++ b/stable/sonatype-nexus/README.md @@ -66,7 +66,7 @@ The following table lists the configurable parameters of the Nexus chart and the | `replicaCount` | Number of Nexus service replicas | `1` | | `deploymentStrategy` | Deployment Strategy | `rollingUpdate` | | `nexus.imageName` | Nexus image | `quay.io/travelaudience/docker-nexus` | -| `nexus.imageTag` | Version of Nexus | `3.9.0` | +| `nexus.imageTag` | Version of Nexus | `3.15.2` | | `nexus.imagePullPolicy` | Nexus image pull policy | `IfNotPresent` | | `nexus.env` | Nexus environment variables | `[{install4jAddVmParams: -Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap}]` | | `nexus.resources` | Nexus resource requests and limits | `{}` | @@ -93,7 +93,7 @@ The following table lists the configurable parameters of the Nexus chart and the | `nexusProxy.targetPort` | Container Port for Nexus proxy | `8080` | | `nexusProxy.port` | Port for exposing Nexus | `8080` | | `nexusProxy.imageName` | Proxy image | `quay.io/travelaudience/docker-nexus-proxy` | -| `nexusProxy.imageTag` | Proxy image version | `2.1.0` | +| `nexusProxy.imageTag` | Proxy image version | `2.4.0_8u191` | | `nexusProxy.imagePullPolicy` | Proxy image pull policy | `IfNotPresent` | | `nexusProxy.resources` | Proxy resource requests and limits | `{}` | | `nexusProxy.env.nexusHttpHost` | Nexus url to access Nexus | `nil` | @@ -108,7 +108,7 @@ The following table lists the configurable parameters of the Nexus chart and the | `persistence.existingClaim` | Existing persistent volume name | `nil` | | `nexusBackup.enabled` | Nexus backup process | `false` | | `nexusBackup.imageName` | Nexus backup image | `quay.io/travelaudience/docker-nexus-backup` | -| `nexusBackup.imageTag` | Nexus backup image version | `1.2.0` | +| `nexusBackup.imageTag` | Nexus backup image version | `1.4.0` | | `nexusBackup.imagePullPolicy` | Backup image pull policy | `IfNotPresent` | | `nexusBackup.env.targetBucket` | Required if `nexusBackup` is enabled. Google Cloud Storage bucker for backups format `gs://BACKUP_BUCKET` | `nil` | | `nexusBackup.nexusAdminPassword` | Nexus admin password used by the backup container to access Nexus API. This password should match the one that gets chosen by the user to replace the default admin password after the first login | `admin123` | @@ -120,7 +120,7 @@ The following table lists the configurable parameters of the Nexus chart and the | `nexusBackup.persistence.existingClaim` | Existing PV name for backup | `nil` | | `ingress.enabled` | Create an ingress for Nexus | `true` | | `ingress.annotations` | Annotations to enhance ingress configuration | `{}` | -| `ingress.tls.enabled` | Enable TLS | `false` | +| `ingress.tls.enabled` | Enable TLS | `true` | | `ingress.tls.secretName` | Name of the secret storing TLS cert, `false` to use the Ingress' default certificate | `nexus-tls` | | `ingress.path` | Path for ingress rules. GCP users should set to `/*` | `/` | | `tolerations` | tolerations list | `[]` | diff --git a/stable/sonatype-nexus/values.yaml b/stable/sonatype-nexus/values.yaml index c7d59e64625e..fc53ea1abd98 100644 --- a/stable/sonatype-nexus/values.yaml +++ b/stable/sonatype-nexus/values.yaml @@ -10,7 +10,7 @@ deploymentStrategy: {} nexus: imageName: quay.io/travelaudience/docker-nexus - imageTag: 3.14.0 + imageTag: 3.15.2 imagePullPolicy: IfNotPresent env: - name: install4jAddVmParams @@ -63,7 +63,7 @@ nexusProxy: enabled: true # svcName: proxy-svc imageName: quay.io/travelaudience/docker-nexus-proxy - imageTag: 2.4.0 + imageTag: 2.4.0_8u191 imagePullPolicy: IfNotPresent port: 8080 targetPort: 8080 From ec89a0c43c25d94a8339d00a503c6c071d062674 Mon Sep 17 00:00:00 2001 From: "/v\\atthew L Daniel" Date: Thu, 7 Feb 2019 10:28:08 -0800 Subject: [PATCH 0080/1586] Atlantis 450 (#11246) * Quote the orgWhitelist value in the StatefulSet fixes: runatlantis/atlantis#450 Signed-off-by: Matthew L Daniel * Bump the atlantis chart version Signed-off-by: Matthew L Daniel --- stable/atlantis/Chart.yaml | 2 +- stable/atlantis/templates/statefulset.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/atlantis/Chart.yaml b/stable/atlantis/Chart.yaml index 3c301b48e7c1..7e017c09e381 100644 --- a/stable/atlantis/Chart.yaml +++ b/stable/atlantis/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "v0.4.11" description: A Helm chart for Atlantis https://www.runatlantis.io name: atlantis -version: 1.1.3 +version: 1.1.4 keywords: - terraform home: https://www.runatlantis.io diff --git a/stable/atlantis/templates/statefulset.yaml b/stable/atlantis/templates/statefulset.yaml index c0d984ad49cb..ea6297d05be3 100644 --- a/stable/atlantis/templates/statefulset.yaml +++ b/stable/atlantis/templates/statefulset.yaml @@ -87,7 +87,7 @@ spec: - name: ATLANTIS_DATA_DIR value: /atlantis-data - name: ATLANTIS_REPO_WHITELIST - value: {{ .Values.orgWhitelist }} + value: {{ toYaml .Values.orgWhitelist }} - name: ATLANTIS_PORT value: "4141" {{- if .Values.atlantisUrl }} From 1c7af3905325491c4f17d57989ffa342354f969a Mon Sep 17 00:00:00 2001 From: boxboatmatt <36642033+boxboatmatt@users.noreply.github.com> Date: Thu, 7 Feb 2019 15:12:05 -0500 Subject: [PATCH 0081/1586] Add the ability to specify pod labels (#11203) Signed-off-by: Matthew DeVenny --- stable/mysql/Chart.yaml | 2 +- stable/mysql/README.md | 1 + stable/mysql/templates/deployment.yaml | 3 +++ stable/mysql/values.yaml | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/mysql/Chart.yaml b/stable/mysql/Chart.yaml index 39730a1c3799..e3405bd56e6d 100755 --- a/stable/mysql/Chart.yaml +++ b/stable/mysql/Chart.yaml @@ -1,5 +1,5 @@ name: mysql -version: 0.14.0 +version: 0.15.0 appVersion: 5.7.14 description: Fast, reliable, scalable, and easy to use open-source relational database system. diff --git a/stable/mysql/README.md b/stable/mysql/README.md index cd4433153937..1bfe4c94c49b 100755 --- a/stable/mysql/README.md +++ b/stable/mysql/README.md @@ -102,6 +102,7 @@ The following table lists the configurable parameters of the MySQL chart and the | `initializationFiles` | List of SQL files which are run after the container started | `nil` | | `timezone` | Container and mysqld timezone (TZ env) | `nil` (UTC depending on image) | | `podAnnotations` | Map of annotations to add to the pods | `{}` | +| `podLabels` | Map of labels to add to the pods | `{}` | | `priorityClassName` | Set pod priorityClassName | `{}` | Some of the parameters above map to the env variables defined in the [MySQL DockerHub image](https://hub.docker.com/_/mysql/). diff --git a/stable/mysql/templates/deployment.yaml b/stable/mysql/templates/deployment.yaml index 7d71ee6b70cd..7adff6ab9f70 100644 --- a/stable/mysql/templates/deployment.yaml +++ b/stable/mysql/templates/deployment.yaml @@ -12,6 +12,9 @@ spec: metadata: labels: app: {{ template "mysql.fullname" . }} +{{- with .Values.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} {{- with .Values.podAnnotations }} annotations: {{ toYaml . | indent 8 }} diff --git a/stable/mysql/values.yaml b/stable/mysql/values.yaml index 8a0ccd8d1630..3563e823dadc 100644 --- a/stable/mysql/values.yaml +++ b/stable/mysql/values.yaml @@ -173,5 +173,7 @@ ssl: # To be added to the database server pod(s) podAnnotations: {} +podLabels: {} + ## Set pod priorityClassName # priorityClassName: {} From 79aa425075232d7024e43ad8f88f3776c68093f5 Mon Sep 17 00:00:00 2001 From: Tobias Wolf Date: Thu, 7 Feb 2019 23:35:29 +0100 Subject: [PATCH 0082/1586] [stable/redis-ha] Implement stable sentinel IDs by pregenerating them (#11095) * Fix ghost sentinels by pregenerating stable 40 character IDs to initialize sentinel ID Signed-off-by: Tobias Wolf * Fix name of _helper template Signed-off-by: Tobias Wolf * Fix whitespace trimming Signed-off-by: Tobias Wolf * Bump version after previous PR bumped it Signed-off-by: Tobias Wolf * Make init.sh shellcheck clean Signed-off-by: Tobias Wolf --- stable/redis-ha/Chart.yaml | 2 +- stable/redis-ha/templates/redis-ha-configmap.yaml | 6 ++---- stable/redis-ha/templates/redis-ha-statefulset.yaml | 7 ++++++- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/stable/redis-ha/Chart.yaml b/stable/redis-ha/Chart.yaml index 3bb2eba5dd4b..d07a8f73faa9 100644 --- a/stable/redis-ha/Chart.yaml +++ b/stable/redis-ha/Chart.yaml @@ -5,7 +5,7 @@ keywords: - redis - keyvalue - database -version: 3.1.4 +version: 3.1.5 appVersion: 5.0.3 description: Highly available Kubernetes implementation of Redis icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png diff --git a/stable/redis-ha/templates/redis-ha-configmap.yaml b/stable/redis-ha/templates/redis-ha-configmap.yaml index b77875ddc313..edc753b797de 100644 --- a/stable/redis-ha/templates/redis-ha-configmap.yaml +++ b/stable/redis-ha/templates/redis-ha-configmap.yaml @@ -51,7 +51,8 @@ data: sentinel_update() { echo "Updating sentinel config" - sed -i "1s/^/$(cat sentinel-id)\\n/" "$SENTINEL_CONF" + eval MY_SENTINEL_ID="\${SENTINEL_ID_$INDEX}" + sed -i "1s/^/sentinel myid $MY_SENTINEL_ID\\n/" "$SENTINEL_CONF" sed -i "2s/^/sentinel monitor $MASTER_GROUP $1 $REDIS_PORT $QUORUM \\n/" "$SENTINEL_CONF" echo "sentinel announce-ip $ANNOUNCE_IP" >> $SENTINEL_CONF echo "sentinel announce-port $SENTINEL_PORT" >> $SENTINEL_CONF @@ -65,9 +66,6 @@ data: } copy_config() { - if [ -f "$SENTINEL_CONF" ]; then - grep "sentinel myid" "$SENTINEL_CONF" > sentinel-id || true - fi cp /readonly-config/redis.conf "$REDIS_CONF" cp /readonly-config/sentinel.conf "$SENTINEL_CONF" } diff --git a/stable/redis-ha/templates/redis-ha-statefulset.yaml b/stable/redis-ha/templates/redis-ha-statefulset.yaml index bfb3a1174fae..3eb1547aeb20 100644 --- a/stable/redis-ha/templates/redis-ha-statefulset.yaml +++ b/stable/redis-ha/templates/redis-ha-statefulset.yaml @@ -55,8 +55,13 @@ spec: - sh args: - /readonly-config/init.sh -{{- if .Values.auth }} env: +{{- $replicas := int .Values.replicas -}} +{{- range $i := until $replicas }} + - name: SENTINEL_ID_{{ $i }} + value: {{ printf "%s\nindex: %d" (include "labels.standard" $) $i | sha1sum }} +{{ end -}} +{{- if .Values.auth }} - name: AUTH valueFrom: secretKeyRef: From efa17d3fa4bf974b1cb05c6bc6b218c41e53cb50 Mon Sep 17 00:00:00 2001 From: Gerald Barker Date: Thu, 7 Feb 2019 23:15:37 +0000 Subject: [PATCH 0083/1586] [stable/elasticsearch-curator] add dry-run option to chart (#11211) Signed-off-by: Gerald Barker --- stable/elasticsearch-curator/Chart.yaml | 2 +- stable/elasticsearch-curator/README.md | 1 + stable/elasticsearch-curator/templates/cronjob.yaml | 4 ++++ stable/elasticsearch-curator/values.yaml | 3 +++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/elasticsearch-curator/Chart.yaml b/stable/elasticsearch-curator/Chart.yaml index 9297f59df7df..216e93b80e2c 100644 --- a/stable/elasticsearch-curator/Chart.yaml +++ b/stable/elasticsearch-curator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "5.5.4" description: A Helm chart for Elasticsearch Curator name: elasticsearch-curator -version: 1.1.0 +version: 1.2.0 home: https://github.com/elastic/curator keywords: - curator diff --git a/stable/elasticsearch-curator/README.md b/stable/elasticsearch-curator/README.md index a5dd075b0a69..4e1ab9d89482 100644 --- a/stable/elasticsearch-curator/README.md +++ b/stable/elasticsearch-curator/README.md @@ -40,6 +40,7 @@ their default values. | `cronjob.failedJobsHistoryLimit` | Specify the number of failed Jobs to keep | `nil` | | `cronjob.successfulJobsHistoryLimit` | Specify the number of completed Jobs to keep | `nil` | | `pod.annotations` | Annotations to add to the pod | {} | +| `dryrun` | Run Curator in dry-run mode | `false` | | `configMaps.action_file_yml` | Contents of the Curator action_file.yml | See values.yaml | | `configMaps.config_yml` | Contents of the Curator config.yml (overrides config) | See values.yaml | | `resources` | Resource requests and limits | {} | diff --git a/stable/elasticsearch-curator/templates/cronjob.yaml b/stable/elasticsearch-curator/templates/cronjob.yaml index 6d32aeeb3426..96d4a2957458 100644 --- a/stable/elasticsearch-curator/templates/cronjob.yaml +++ b/stable/elasticsearch-curator/templates/cronjob.yaml @@ -60,7 +60,11 @@ spec: {{ toYaml .Values.extraVolumeMounts | indent 16 }} {{- end }} command: [ "curator" ] +{{- if .Values.dryrun }} + args: [ "--dry-run", "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ] +{{- else }} args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ] +{{- end }} resources: {{ toYaml .Values.resources | indent 16 }} {{- with .Values.nodeSelector }} diff --git a/stable/elasticsearch-curator/values.yaml b/stable/elasticsearch-curator/values.yaml index a13c8ac7f2bd..e9a7e0c22ba5 100644 --- a/stable/elasticsearch-curator/values.yaml +++ b/stable/elasticsearch-curator/values.yaml @@ -22,6 +22,9 @@ hooks: install: false upgrade: false +# run curator in dry-run mode +dryrun: false + configMaps: # Delete indices older than 7 days action_file_yml: |- From 890e11b894d37cb25a8049d3d4fd87b4542d06f7 Mon Sep 17 00:00:00 2001 From: Richard Maynard Date: Thu, 7 Feb 2019 17:29:56 -0600 Subject: [PATCH 0084/1586] allow exporter to be scheduled with kafka (#11176) Signed-off-by: ephur --- incubator/kafka/Chart.yaml | 2 +- .../kafka/templates/deployment-kafka-exporter.yaml | 12 ++++++++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/incubator/kafka/Chart.yaml b/incubator/kafka/Chart.yaml index a22ec619fe3e..1bd4036d3aa5 100755 --- a/incubator/kafka/Chart.yaml +++ b/incubator/kafka/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: Apache Kafka is publish-subscribe messaging rethought as a distributed commit log. name: kafka -version: 0.13.7 +version: 0.13.8 appVersion: 5.0.1 keywords: - kafka diff --git a/incubator/kafka/templates/deployment-kafka-exporter.yaml b/incubator/kafka/templates/deployment-kafka-exporter.yaml index d43aab1f773e..e73947749445 100644 --- a/incubator/kafka/templates/deployment-kafka-exporter.yaml +++ b/incubator/kafka/templates/deployment-kafka-exporter.yaml @@ -35,4 +35,16 @@ spec: - containerPort: {{ .Values.prometheus.kafka.port }} resources: {{ toYaml .Values.prometheus.kafka.resources | indent 10 }} +{{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} +{{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} +{{- end }} +{{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} +{{- end }} {{- end }} From 587f08d1719c4905618a61a42987922253b5b56c Mon Sep 17 00:00:00 2001 From: Bort Verwilst Date: Fri, 8 Feb 2019 01:13:40 +0100 Subject: [PATCH 0085/1586] Update to 0.74.1 (#11128) Signed-off-by: Bart Verwilst --- stable/rocketchat/Chart.yaml | 4 ++-- stable/rocketchat/README.md | 2 +- stable/rocketchat/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/rocketchat/Chart.yaml b/stable/rocketchat/Chart.yaml index e7caf2912eaf..de0b0c3c2037 100644 --- a/stable/rocketchat/Chart.yaml +++ b/stable/rocketchat/Chart.yaml @@ -1,6 +1,6 @@ name: rocketchat -version: 0.3.2 -appVersion: 0.73.2 +version: 0.3.3 +appVersion: 0.74.1 description: Prepare to take off with the ultimate chat platform, experience the next level of team communications keywords: diff --git a/stable/rocketchat/README.md b/stable/rocketchat/README.md index 0a0ed3ba84e1..1b12be11f696 100644 --- a/stable/rocketchat/README.md +++ b/stable/rocketchat/README.md @@ -20,7 +20,7 @@ $ helm install --set mongodb.mongodbUsername=,mongodb.mongod ### If you want to install another version of rocket.chat image you can set the version like this: ```bash -$ helm install --set mongodb.mongodbUsername=,mongodb.mongodbPassword=,tag=0.74.0 --name my-rocketchat stable/rocketchat +$ helm install --set mongodb.mongodbUsername=,mongodb.mongodbPassword=,tag=0.74.1 --name my-rocketchat stable/rocketchat ``` diff --git a/stable/rocketchat/values.yaml b/stable/rocketchat/values.yaml index 8dd18e60d496..9cc8b2262912 100644 --- a/stable/rocketchat/values.yaml +++ b/stable/rocketchat/values.yaml @@ -3,7 +3,7 @@ ## image: repository: rocketchat/rocket.chat - tag: 0.73.2 + tag: 0.74.1 pullPolicy: IfNotPresent ## Host for the application From b27cd98a26223c5c716917ad81310787544ab5c3 Mon Sep 17 00:00:00 2001 From: tillkahlbrock Date: Fri, 8 Feb 2019 01:13:59 +0100 Subject: [PATCH 0086/1586] [stable/prometheus-operator] allow setting sessionAffinity (#11229) * [stable/prometheus-operator] allow setting sessionAffinity on prometheus service Signed-off-by: Till Kahlbrock * bump chart version Signed-off-by: Till Kahlbrock --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 1 + stable/prometheus-operator/templates/prometheus/service.yaml | 3 +++ stable/prometheus-operator/values.yaml | 2 ++ 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index b50702003221..17330e21b38c 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.1.5 +version: 2.1.6 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index b057c0f14a1e..b07e9cae29a0 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -143,6 +143,7 @@ The following tables lists the configurable parameters of the prometheus-operato | `prometheus.service.externalIPs` | List of IP addresses at which the Prometheus server service is available | `[]` | | `prometheus.service.loadBalancerIP` | Prometheus Loadbalancer IP | `""` | | `prometheus.service.loadBalancerSourceRanges` | Prometheus Load Balancer Source Ranges | `[]` | +| `prometheus.service.sessionAffinity` | Prometheus Service Session Affinity | `""` | | `prometheus.additionalServiceMonitors` | List of `serviceMonitor` objects to create. See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitorspec | `[]` | | `prometheus.prometheusSpec.podMetadata` | Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata Metadata Labels and Annotations gets propagated to the prometheus pods. | `{}` | | `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` | If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the prometheus resource to be created with selectors based on values in the helm deployment, which will also match the servicemonitors created | `true` | diff --git a/stable/prometheus-operator/templates/prometheus/service.yaml b/stable/prometheus-operator/templates/prometheus/service.yaml index fa53aece4c7d..a06a288697f4 100644 --- a/stable/prometheus-operator/templates/prometheus/service.yaml +++ b/stable/prometheus-operator/templates/prometheus/service.yaml @@ -37,5 +37,8 @@ spec: selector: app: prometheus prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus +{{- if .Values.prometheus.service.sessionAffinity }} + sessionAffinity: {{ .Values.prometheus.service.sessionAffinity }} +{{- end }} type: "{{ .Values.prometheus.service.type }}" {{- end }} diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index a6ba6262fe23..1c73da946939 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -684,6 +684,8 @@ prometheus: ## type: ClusterIP + sessionAffinity: "" + rbac: ## Create role bindings in the specified namespaces, to allow Prometheus monitoring ## a role binding in the release namespace will always be created. From 87cd718fd8cd56d59280dca1751b734addd3cfb4 Mon Sep 17 00:00:00 2001 From: atze234 Date: Fri, 8 Feb 2019 01:14:08 +0100 Subject: [PATCH 0087/1586] [stable/prometheus] Added PVC to Pushgateway (#11234) * Update Ingress to allow Labels configured via values.yaml Signed-off-by: Joerg Schueppel * Bumped Chart Version Signed-off-by: Joerg Schueppel * Added PVC to Pushgateway Signed-off-by: Joerg Schueppel * Bumped Chart Version Signed-off-by: Joerg Schueppel * Update Chart.yaml Signed-off-by: David J. M. Karlsen --- stable/prometheus/Chart.yaml | 2 +- stable/prometheus/README.md | 8 ++++ .../templates/pushgateway-deployment.yaml | 12 +++++ .../prometheus/templates/pushgateway-pvc.yaml | 27 +++++++++++ stable/prometheus/values.yaml | 46 +++++++++++++++++++ 5 files changed, 94 insertions(+), 1 deletion(-) create mode 100644 stable/prometheus/templates/pushgateway-pvc.yaml diff --git a/stable/prometheus/Chart.yaml b/stable/prometheus/Chart.yaml index 897cdd59a4c7..33e0ae5691e8 100755 --- a/stable/prometheus/Chart.yaml +++ b/stable/prometheus/Chart.yaml @@ -1,5 +1,5 @@ name: prometheus -version: 8.6.1 +version: 8.7.0 appVersion: 2.7.1 description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ diff --git a/stable/prometheus/README.md b/stable/prometheus/README.md index 495a447409a1..40c7752a3316 100644 --- a/stable/prometheus/README.md +++ b/stable/prometheus/README.md @@ -215,6 +215,14 @@ Parameter | Description | Default `pushgateway.podAnnotations` | annotations to be added to pushgateway pods | `{}` `pushgateway.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` `pushgateway.replicaCount` | desired number of pushgateway pods | `1` +`pushgateway.persistentVolume.enabled` | If true, Prometheus pushgateway will create a Persistent Volume Claim | `false` +`pushgateway.persistentVolume.accessModes` | Prometheus pushgateway data Persistent Volume access modes | `[ReadWriteOnce]` +`pushgateway.persistentVolume.annotations` | Prometheus pushgateway data Persistent Volume annotations | `{}` +`pushgateway.persistentVolume.existingClaim` | Prometheus pushgateway data Persistent Volume existing claim name | `""` +`pushgateway.persistentVolume.mountPath` | Prometheus pushgateway data Persistent Volume mount root path | `/data` +`pushgateway.persistentVolume.size` | Prometheus pushgateway data Persistent Volume size | `2Gi` +`pushgateway.persistentVolume.storageClass` | Prometheus server data Persistent Volume Storage Class | `unset` +`pushgateway.persistentVolume.subPath` | Subdirectory of Prometheus server data Persistent Volume to mount | `""` `pushgateway.priorityClassName` | pushgateway priorityClassName | `nil` `pushgateway.resources` | pushgateway pod resource requests & limits | `{}` `pushgateway.service.annotations` | annotations for pushgateway service | `{}` diff --git a/stable/prometheus/templates/pushgateway-deployment.yaml b/stable/prometheus/templates/pushgateway-deployment.yaml index 7dd7f26fa435..befc4a7973c3 100644 --- a/stable/prometheus/templates/pushgateway-deployment.yaml +++ b/stable/prometheus/templates/pushgateway-deployment.yaml @@ -45,6 +45,12 @@ spec: timeoutSeconds: 10 resources: {{ toYaml .Values.pushgateway.resources | indent 12 }} + {{- if .Values.pushgateway.persistentVolume.enabled }} + volumeMounts: + - name: storage-volume + mountPath: "{{ .Values.pushgateway.persistentVolume.mountPath }}" + subPath: "{{ .Values.pushgateway.persistentVolume.subPath }}" + {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 2 }} @@ -65,4 +71,10 @@ spec: affinity: {{ toYaml .Values.pushgateway.affinity | indent 8 }} {{- end }} + {{- if .Values.pushgateway.persistentVolume.enabled }} + volumes: + - name: storage-volume + persistentVolumeClaim: + claimName: {{ if .Values.pushgateway.persistentVolume.existingClaim }}{{ .Values.pushgateway.persistentVolume.existingClaim }}{{- else }}{{ template "prometheus.pushgateway.fullname" . }}{{- end }} + {{- end -}} {{- end }} diff --git a/stable/prometheus/templates/pushgateway-pvc.yaml b/stable/prometheus/templates/pushgateway-pvc.yaml new file mode 100644 index 000000000000..061ca19cf27b --- /dev/null +++ b/stable/prometheus/templates/pushgateway-pvc.yaml @@ -0,0 +1,27 @@ +{{- if .Values.pushgateway.persistentVolume.enabled -}} +{{- if not .Values.pushgateway.persistentVolume.existingClaim -}} +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + {{- if .Values.pushgateway.persistentVolume.annotations }} + annotations: +{{ toYaml .Values.pushgateway.persistentVolume.annotations | indent 4 }} + {{- end }} + labels: + {{- include "prometheus.pushgateway.labels" . | nindent 4 }} + name: {{ template "prometheus.pushgateway.fullname" . }} +spec: + accessModes: +{{ toYaml .Values.pushgateway.persistentVolume.accessModes | indent 4 }} +{{- if .Values.pushgateway.persistentVolume.storageClass }} +{{- if (eq "-" .Values.pushgateway.persistentVolume.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.pushgateway.persistentVolume.storageClass }}" +{{- end }} +{{- end }} + resources: + requests: + storage: "{{ .Values.pushgateway.persistentVolume.size }}" +{{- end -}} +{{- end -}} diff --git a/stable/prometheus/values.yaml b/stable/prometheus/values.yaml index c57c20206aa7..3d845e7f43ed 100644 --- a/stable/prometheus/values.yaml +++ b/stable/prometheus/values.yaml @@ -798,6 +798,7 @@ pushgateway: ## Additional pushgateway container arguments ## + ## for example: persistence.file: /data/pushgateway.data extraArgs: {} ingress: @@ -877,6 +878,51 @@ pushgateway: servicePort: 9091 type: ClusterIP + persistentVolume: + ## If true, pushgateway will create/use a Persistent Volume Claim + ## If false, use emptyDir + ## + enabled: false + + ## pushgateway data Persistent Volume access modes + ## Must match those of existing PV or dynamic provisioner + ## Ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + accessModes: + - ReadWriteOnce + + ## pushgateway data Persistent Volume Claim annotations + ## + annotations: {} + + ## pushgateway data Persistent Volume existing claim name + ## Requires pushgateway.persistentVolume.enabled: true + ## If defined, PVC must be created manually before volume will be bound + existingClaim: "" + + ## pushgateway data Persistent Volume mount root path + ## + mountPath: /data + + ## pushgateway data Persistent Volume size + ## + size: 2Gi + + ## alertmanager data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + + ## Subdirectory of alertmanager data Persistent Volume to mount + ## Useful if the volume's root directory is not empty + ## + subPath: "" + + ## alertmanager ConfigMap entries ## alertmanagerFiles: From 093f206dfd12ec8808e873b75715719b96b37dad Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 8 Feb 2019 01:14:18 +0100 Subject: [PATCH 0088/1586] owncloud: update to `10.1.0` (#11239) Signed-off-by: Bitnami Containers --- stable/owncloud/Chart.yaml | 4 ++-- stable/owncloud/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/owncloud/Chart.yaml b/stable/owncloud/Chart.yaml index d9ef65b765ff..2286c104ce03 100644 --- a/stable/owncloud/Chart.yaml +++ b/stable/owncloud/Chart.yaml @@ -1,6 +1,6 @@ name: owncloud -version: 4.0.2 -appVersion: 10.0.10 +version: 4.0.3 +appVersion: 10.1.0 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: - owncloud diff --git a/stable/owncloud/values.yaml b/stable/owncloud/values.yaml index f34a6619f42b..cd8fdd85ede5 100644 --- a/stable/owncloud/values.yaml +++ b/stable/owncloud/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/owncloud - tag: 10.0.10 + tag: 10.1.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 7a46ccede97de2919eb275f9e4f78da834449c30 Mon Sep 17 00:00:00 2001 From: Vyacheslav Date: Fri, 8 Feb 2019 02:14:27 +0200 Subject: [PATCH 0089/1586] Add resources field to redis init containers (#11243) Signed-off-by: vkropotko --- stable/redis/Chart.yaml | 2 +- stable/redis/templates/redis-master-statefulset.yaml | 4 ++++ stable/redis/values-production.yaml | 2 ++ stable/redis/values.yaml | 2 ++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index 7a0801888a4e..b74e7adfa8f5 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,5 +1,5 @@ name: redis -version: 6.0.0 +version: 6.0.1 appVersion: 4.0.12 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/templates/redis-master-statefulset.yaml b/stable/redis/templates/redis-master-statefulset.yaml index d2089e428461..41470501ddee 100644 --- a/stable/redis/templates/redis-master-statefulset.yaml +++ b/stable/redis/templates/redis-master-statefulset.yaml @@ -162,6 +162,8 @@ spec: command: ["/bin/chown", "-R", "{{ .Values.master.securityContext.runAsUser }}:{{ .Values.master.securityContext.fsGroup }}", "{{ .Values.master.persistence.path }}"] securityContext: runAsUser: 0 + resources: +{{ toYaml .Values.volumePermissions.resources | indent 10 }} volumeMounts: - name: redis-data mountPath: {{ .Values.master.persistence.path }} @@ -170,6 +172,8 @@ spec: {{- if .Values.sysctlImage.enabled }} - name: init-sysctl image: {{ template "redis.sysctl.image" . }} + resources: +{{ toYaml .Values.sysctlImage.resources | indent 10 }} {{- if .Values.sysctlImage.mountHostSys }} volumeMounts: - name: host-sys diff --git a/stable/redis/values-production.yaml b/stable/redis/values-production.yaml index 30e87804be09..f9a532d1f098 100644 --- a/stable/redis/values-production.yaml +++ b/stable/redis/values-production.yaml @@ -370,6 +370,7 @@ volumePermissions: repository: bitnami/minideb tag: latest pullPolicy: IfNotPresent + resources: {} ## Redis config file ## ref: https://redis.io/topics/config @@ -387,3 +388,4 @@ sysctlImage: tag: latest pullPolicy: Always mountHostSys: false + resources: {} diff --git a/stable/redis/values.yaml b/stable/redis/values.yaml index c6dedfba8fb2..9261e300d089 100644 --- a/stable/redis/values.yaml +++ b/stable/redis/values.yaml @@ -371,6 +371,7 @@ volumePermissions: repository: bitnami/minideb tag: latest pullPolicy: IfNotPresent + resources: {} ## Redis config file ## ref: https://redis.io/topics/config @@ -388,3 +389,4 @@ sysctlImage: tag: latest pullPolicy: Always mountHostSys: false + resources: {} From c3e8c0b17ac553752ad0b2eecea315b61d14ce15 Mon Sep 17 00:00:00 2001 From: holmesb Date: Fri, 8 Feb 2019 00:39:37 +0000 Subject: [PATCH 0090/1586] Jenkins Configuration as Code (#9057) * Includes Jenkins Configuration as Code Signed-off-by: Brendan Holmes * Minor README.md changes Signed-off-by: Brendan Holmes * bumped CasC plugin version Signed-off-by: Brendan Holmes * Adding auto config reload Signed-off-by: Brendan Holmes * Needed to exclude some deployment config in the without-jcasc case. Fixed tabulation and simplified jcasc example in values.yaml. Tweaked documentation. Signed-off-by: Brendan Holmes * Disabling auto-reload by default. Signed-off-by: Brendan Holmes * Fixes error in corner-case where user has disabled config as code, but enabled auto-config. Signed-off-by: Brendan Holmes * Expanded auto-config info in readme and added guidance for using non-internal identity db. Doubled master memory limit since entered OOM restart loop when using config-as-code plugin. Fixed missing casc_configs dir (in config.yaml & deployment.yaml) when not using auto-reload Signed-off-by: Brendan Holmes * Sidecar was reloading once per key in the configmap when any single key had changed. Resolved by creating separate configmaps, one for each key under ConfigScripts. I was mistaken above that users only need Overall\Read rights to auto-reload. Seems JCasC has higher privilege requirements than the CLI\API generally. I've amended the Readme accordingly. Process for enabling for LDAP\other ID store is still simple. Fixed connectivity from sidecar when enabling non-root privileges by using a TCP port > 1024 (1044) Bumped the sidecar image from 0.0.1 to 0.0.2 which a few improvements: faster, less error-prone startup by testing the Jenkins container's avaibility using SSH port instead of the main jenkins port. This removes the need for an arbitary wait. Also fixed "access denied" when enabling non-root privileges by creating the same jenkins 1000 user in the sidecar. Signed-off-by: Brendan Holmes * Minor fix: configmap names now include the release name Signed-off-by: Brendan Holmes * Update stable/jenkins/templates/config.yaml Co-Authored-By: holmesb Signed-off-by: Brendan Holmes * Update stable/jenkins/templates/jcasc_config.yaml Co-Authored-By: holmesb Signed-off-by: Brendan Holmes * Replaced a few if conditions with simpler else statements in config.yaml Signed-off-by: Brendan Holmes * Bumping to the latest Config as Code plugin version. Signed-off-by: Brendan Holmes --- stable/jenkins/Chart.yaml | 3 +- stable/jenkins/README.md | 68 +++++++++++--- stable/jenkins/templates/NOTES.txt | 7 ++ stable/jenkins/templates/_helpers.tpl | 10 ++ stable/jenkins/templates/config.yaml | 68 ++++++++++++-- stable/jenkins/templates/jcasc_config.yaml | 18 ++++ .../templates/jenkins-master-deployment.yaml | 94 ++++++++++++++++++- stable/jenkins/templates/secret.yaml | 5 + stable/jenkins/values.yaml | 89 ++++++++++++++---- 9 files changed, 316 insertions(+), 46 deletions(-) create mode 100644 stable/jenkins/templates/jcasc_config.yaml diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index 107dd017b0c3..11fa2206ead5 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.28.11 +version: 0.29.0 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based @@ -9,6 +9,7 @@ sources: - https://github.com/jenkinsci/jenkins - https://github.com/jenkinsci/docker-jnlp-slave - https://github.com/nuvo/kube-tasks +- https://github.com/jenkinsci/configuration-as-code-plugin maintainers: - name: lachie83 email: lachlan.evenson@microsoft.com diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index f321afdc2aad..e78cf58203a8 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -69,12 +69,12 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.LoadBalancerIP` | Optional fixed external IP | Not set | | `Master.JMXPort` | Open a port, for JMX stats | Not set | | `Master.ExtraPorts` | Open extra ports, for other uses | Not set | -| `Master.CustomConfigMap` | Use a custom ConfigMap | `false` | -| `Master.AdditionalConfig` | Add additional config files | `{}` | | `Master.OverwriteConfig` | Replace config w/ ConfigMap on boot | `false` | | `Master.Ingress.Annotations` | Ingress annotations | `{}` | | `Master.Ingress.Path` | Ingress path | Not set | | `Master.Ingress.TLS` | Ingress TLS configuration | `[]` | +| `Master.JCasC.ConfigScripts` | List of Jenkins Config as Code scripts | False | +| `Master.Sidecar.configAutoReload` | Jenkins Config as Code auto-reload settings | False | | `Master.InitScripts` | List of Jenkins init scripts | Not set | | `Master.CredentialsXmlSecret` | Kubernetes secret that contains a 'credentials.xml' file | Not set | | `Master.SecretsFilesSecret` | Kubernetes secret that contains 'secrets' files | Not set | @@ -86,6 +86,8 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.Affinity` | Affinity settings | `{}` | | `Master.Tolerations` | Toleration labels for pod assignment | `{}` | | `Master.PodAnnotations` | Annotations for master pod | `{}` | +| `Master.CustomConfigMap` | Deprecated: Use a custom ConfigMap | `false` | +| `Master.AdditionalConfig` | Deprecated: Add additional config files | `{}` | | `NetworkPolicy.Enabled` | Enable creation of NetworkPolicy resources. | `false` | | `NetworkPolicy.ApiVersion` | NetworkPolicy ApiVersion | `networking.k8s.io/v1` | | `rbac.install` | Create service account and ClusterRoleBinding for Kubernetes plugin | `false` | @@ -215,25 +217,41 @@ It is possible to mount several volumes using `Persistence.volumes` and `Persist $ helm install --name my-release --set Persistence.ExistingClaim=PVC_NAME stable/jenkins ``` -## Custom ConfigMap - -When creating a new parent chart with this chart as a dependency, the `CustomConfigMap` parameter can be used to override the default config.xml provided. -It also allows for providing additional xml configuration files that will be copied into `/var/jenkins_home`. In the parent chart's values.yaml, -set the `jenkins.Master.CustomConfigMap` value to true like so +## Configuration as Code +Jenkins Configuration as Code is now a standard component in the Jenkins project. Add a key under ConfigScripts for each configuration area, where each corresponds to a plugin or section of the UI. The keys (prior to | character) are just labels, and can be any value. They are only used to give the section a meaningful name. The only restriction is they must conform to RFC 1123 definition of a DNS label, so may only contain lowercase letters, numbers, and hyphens. Each key will become the name of a configuration yaml file on the master in /var/jenkins_home/casc_configs (by default) and will be processed by the Configuration as Code Plugin during Jenkins startup. The lines after each | become the content of the configuration yaml file. The first line after this is a JCasC root element, eg jenkins, credentials, etc. Best reference is the Documentation link here: https:///configuration-as-code. The example below creates ldap settings: ```yaml -jenkins: - Master: - CustomConfigMap: true +ConfigScripts: + ldap-settings: | + jenkins: + securityRealm: + ldap: + configurations: + configurations: + - server: ldap.acme.com + rootDN: dc=acme,dc=uk + managerPasswordSecret: ${LDAP_PASSWORD} + - groupMembershipStrategy: + fromUserRecord: + attributeName: "memberOf" ``` -and provide the file `templates/config.tpl` in your parent chart for your use case. You can start by copying the contents of `config.yaml` from this chart into your parent charts `templates/config.tpl` as a basis for customization. Finally, you'll need to wrap the contents of `templates/config.tpl` like so: +Further JCasC examples can be found [here.](https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos) +### Config as Code with and without auto-reload +Config as Code changes (to Master.JCasC.ConfigScripts) can either force a new pod to be created and only be applied at next startup, or can be auto-reloaded on-the-fly. If you choose `Master.Sidecar.autoConfigReload.enabled: true`, a second, auxiliary container will be installed into the Jenkins master pod, known as a "sidecar". This watches for changes to ConfigScripts, copies the content onto the Jenkins file-system and issues a CLI command via SSH to reload configuration. The admin user (or account you specify in Master.AdminUser) will have a random SSH private key (RSA 4096) assigned unless you specify `Master.OwnSshKey: true`. This will be saved to a k8s secret. You can monitor this sidecar's logs using command `kubectl logs -c jenkins-sc-config -f` +### Auto-reload with non-Jenkins identities +When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist. Since the admin account is used by the sidecar to reload config, in order to use auto-reload, you must change the .Master.AdminUser to a valid username on your LDAP (or other) server. If you use the matrix-auth plugin, this user must also be granted Overall\Administer rights in Jenkins. Failure to do this will cause the sidecar container to fail to authenticate via SSH and enter a restart loop. You can enable LDAP using the example above and add a Config as Code block for matrix security that includes: ```yaml -{{- define "override_config_map" }} - -{{ end }} +ConfigScripts: + matrix-auth: | + Jenkins: + authorizationStrategy: + projectMatrix: + grantedPermissions: + - "Overall/Administer:" ``` +You can instead grant this permission via the UI. When this is done, you can set `Master.Sidecar.configAutoReload.enabled: true` and upon the next Helm upgrade, auto-reload will be successfully enabled. ## RBAC @@ -366,3 +384,25 @@ Master: -Dhttps.proxyHost=192.168.64.1 -Dhttps.proxyPort=3128 ``` + +## Custom ConfigMap + +The following configuration method is deprecated and will be removed in an upcoming version of this chart. +We recommend you use Jenkins Configuration as Code to configure instead. +When creating a new parent chart with this chart as a dependency, the `CustomConfigMap` parameter can be used to override the default config.xml provided. +It also allows for providing additional xml configuration files that will be copied into `/var/jenkins_home`. In the parent chart's values.yaml, +set the `jenkins.Master.CustomConfigMap` value to true like so + +```yaml +jenkins: + Master: + CustomConfigMap: true +``` + +and provide the file `templates/config.tpl` in your parent chart for your use case. You can start by copying the contents of `config.yaml` from this chart into your parent charts `templates/config.tpl` as a basis for customization. Finally, you'll need to wrap the contents of `templates/config.tpl` like so: + +```yaml +{{- define "override_config_map" }} + +{{ end }} +``` diff --git a/stable/jenkins/templates/NOTES.txt b/stable/jenkins/templates/NOTES.txt index 2a304b4ef17d..c2c3f8d8bd05 100644 --- a/stable/jenkins/templates/NOTES.txt +++ b/stable/jenkins/templates/NOTES.txt @@ -26,9 +26,16 @@ {{- end }} 3. Login with the password from step 1 and the username: {{ .Values.Master.AdminUser }} +{{ if .Values.Master.JCasC.enabled }} +4. Use Jenkins Configuration as Code by specifying ConfigScripts in your values.yaml file, see documentation: http://{{ .Values.Master.HostName }}/configuration-as-code and examples: https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos +{{- end }} For more information on running Jenkins on Kubernetes, visit: https://cloud.google.com/solutions/jenkins-on-container-engine +{{- if .Values.Master.JCasC.enabled }} +For more information about Jenkins Configuration as Code, visit: +https://jenkins.io/projects/jcasc/ +{{- end }} {{- if .Values.Persistence.Enabled }} {{- else }} diff --git a/stable/jenkins/templates/_helpers.tpl b/stable/jenkins/templates/_helpers.tpl index eac695f6b7ad..3a0569cc98f1 100644 --- a/stable/jenkins/templates/_helpers.tpl +++ b/stable/jenkins/templates/_helpers.tpl @@ -32,3 +32,13 @@ If release name contains chart name it will be used as a full name. {{- end -}} {{- end -}} {{- end -}} + +{{/* +Generate private key for jenkins CLI +*/}} +{{- define "jenkins.gen-key" -}} +{{- if not .Values.Master.OwnSshKey -}} +{{- $key := genPrivateKey "rsa" -}} +jenkins-admin-private-key: {{ $key | b64enc }} +{{- end -}} +{{- end -}} diff --git a/stable/jenkins/templates/config.yaml b/stable/jenkins/templates/config.yaml index e67276f1ae1a..dda84a3086fe 100644 --- a/stable/jenkins/templates/config.yaml +++ b/stable/jenkins/templates/config.yaml @@ -187,15 +187,15 @@ data: {{- if .Values.Master.JenkinsUrl }} {{ .Values.Master.JenkinsUrl }} {{- else }} -{{- if .Values.Master.HostName }} -{{- if .Values.Master.Ingress.TLS }} + {{- if .Values.Master.HostName }} + {{- if .Values.Master.Ingress.TLS }} https://{{ .Values.Master.HostName }}{{ default "" .Values.Master.JenkinsUriPrefix }} -{{- else }} + {{- else }} http://{{ .Values.Master.HostName }}{{ default "" .Values.Master.JenkinsUriPrefix }} -{{- end }} -{{- else }} + {{- end }} + {{- else }} http://{{ template "jenkins.fullname" . }}:{{.Values.Master.ServicePort}}{{ default "" .Values.Master.JenkinsUriPrefix }} -{{- end}} + {{- end}} {{- end}} jenkins.CLI.xml: |- @@ -214,15 +214,15 @@ data: cp /var/jenkins_config/config.xml /var/jenkins_home; cp /var/jenkins_config/jenkins.CLI.xml /var/jenkins_home; cp /var/jenkins_config/jenkins.model.JenkinsLocationConfiguration.xml /var/jenkins_home; -{{- else }} + {{- else }} yes n | cp -i /var/jenkins_config/config.xml /var/jenkins_home; yes n | cp -i /var/jenkins_config/jenkins.CLI.xml /var/jenkins_home; yes n | cp -i /var/jenkins_config/jenkins.model.JenkinsLocationConfiguration.xml /var/jenkins_home; -{{- if .Values.Master.AdditionalConfig }} + {{- if .Values.Master.AdditionalConfig }} {{- range $key, $val := .Values.Master.AdditionalConfig }} cp /var/jenkins_config/{{- $key }} /var/jenkins_home; -{{- end }} -{{- end }} + {{- end }} + {{- end }} {{- end }} {{- if .Values.Master.InstallPlugins }} # Install missing plugins @@ -235,10 +235,25 @@ data: {{- if .Values.Master.ScriptApproval }} yes n | cp -i /var/jenkins_config/scriptapproval.xml /var/jenkins_home/scriptApproval.xml; {{- end }} +{{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecar.configAutoReload.enabled) }} + {{- if not .Values.Master.InitScripts }} + mkdir -p /var/jenkins_home/init.groovy.d/; + yes n | cp -i /var/jenkins_config/*.groovy /var/jenkins_home/init.groovy.d/; + {{- end }} +{{- end }} {{- if .Values.Master.InitScripts }} mkdir -p /var/jenkins_home/init.groovy.d/; yes n | cp -i /var/jenkins_config/*.groovy /var/jenkins_home/init.groovy.d/; {{- end }} +{{- if .Values.Master.JCasC.enabled }} + {{- if .Values.Master.Sidecar.configAutoReload.enabled }} + bash -c 'ssh-keygen -y -f <(echo "${ADMIN_PRIVATE_KEY}") > /var/jenkins_home/key.pub' + {{- else }} + mkdir -p /var/jenkins_home/casc_configs; + rm -rf /var/jenkins_home/casc_configs/* + cp -v /var/jenkins_config/*.yaml /var/jenkins_home/casc_configs + {{- end }} +{{- end }} {{- if .Values.Master.CredentialsXmlSecret }} yes n | cp -i /var/jenkins_credentials/credentials.xml /var/jenkins_home; {{- end }} @@ -254,12 +269,45 @@ data: {{- range $key, $val := .Values.Master.InitScripts }} init{{ $key }}.groovy: |- {{ $val | indent 4 }} +{{- end }} +{{- if .Values.Master.JCasC.enabled }} + {{- if .Values.Master.Sidecar.configAutoReload.enabled }} + init-add-ssh-key-to-admin.groovy: |- + import jenkins.security.* + import hudson.model.User + import jenkins.security.ApiTokenProperty + import jenkins.model.Jenkins + User u = User.get("{{ .Values.Master.AdminUser | default "admin" }}") + ApiTokenProperty t = u.getProperty(ApiTokenProperty.class) + String sshKeyString = new File('/var/jenkins_home/key.pub').text + keys_param = new org.jenkinsci.main.modules.cli.auth.ssh.UserPropertyImpl(sshKeyString) + u.addProperty(keys_param) + def inst = Jenkins.getInstance() + def sshDesc = inst.getDescriptor("org.jenkinsci.main.modules.sshd.SSHD") + sshDesc.setPort({{ .Values.Master.Sidecar.configAutoReload.sshTcpPort | default 1044 }}) + sshDesc.getActualPort() + sshDesc.save() + {{- else }} +# Only add config to this script if we aren't auto-reloading otherwise the pod will restart upon each config change: +{{- range $key, $val := .Values.Master.JCasC.ConfigScripts }} + {{ $key }}.yaml: |- +{{ tpl $val $| indent 4 }} +{{- end }} +{{- end }} {{- end }} plugins.txt: |- {{- if .Values.Master.InstallPlugins }} {{- range $index, $val := .Values.Master.InstallPlugins }} {{ $val | indent 4 }} {{- end }} +{{- if .Values.Master.JCasC.enabled }} + {{- if not (contains "configuration-as-code" (quote .Values.Master.InstallPlugins)) }} + configuration-as-code:{{ .Values.Master.JCasC.PluginVersion }} + {{- end }} + {{- if not (contains "configuration-as-code-support" (quote .Values.Master.InstallPlugins)) }} + configuration-as-code-support:{{ .Values.Master.JCasC.SupportPluginVersion }} + {{- end }} +{{- end }} {{- end }} {{ else }} {{ include "override_config_map" . }} diff --git a/stable/jenkins/templates/jcasc_config.yaml b/stable/jenkins/templates/jcasc_config.yaml new file mode 100644 index 000000000000..2b9ed47f1e67 --- /dev/null +++ b/stable/jenkins/templates/jcasc_config.yaml @@ -0,0 +1,18 @@ +{{- $root := . }} +{{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecar.configAutoReload.enabled) }} +{{- range $key, $val := .Values.Master.JCasC.ConfigScripts }} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: jenkins-config-{{ template "jenkins.fullname" $root }}-{{ $key }} + labels: + {{ $.Values.Master.Sidecar.configAutoReload.label | default "jenkins_config" }}: "true" + release: {{ $root.Release.Name }} + chart: "{{ $root.Chart.Name }}-{{ $root.Chart.Version }}" + component: "{{ $root.Release.Name }}-{{ $.Values.Master.Name }}" +data: + {{ $key }}.yaml: |- +{{ tpl $val $| indent 4 }} +{{- end }} +{{- end }} diff --git a/stable/jenkins/templates/jenkins-master-deployment.yaml b/stable/jenkins/templates/jenkins-master-deployment.yaml index 3f85390c9fdf..76b6b15c54b6 100644 --- a/stable/jenkins/templates/jenkins-master-deployment.yaml +++ b/stable/jenkins/templates/jenkins-master-deployment.yaml @@ -59,17 +59,38 @@ spec: serviceAccountName: {{ if .Values.rbac.install }}{{ template "jenkins.fullname" . }}{{ else }}"{{ .Values.rbac.serviceAccountName }}"{{ end }} {{- if .Values.Master.HostNetworking }} hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet + dnsPolicy: ClusterFirstWithHostNet {{- end }} initContainers: - name: "copy-default-config" image: "{{ .Values.Master.Image }}:{{ .Values.Master.ImageTag }}" imagePullPolicy: "{{ .Values.Master.ImagePullPolicy }}" command: [ "sh", "/var/jenkins_config/apply_config.sh" ] - {{- if .Values.Master.InitContainerEnv }} env: -{{ toYaml .Values.Master.InitContainerEnv | indent 12 }} - {{- end }} + {{- if .Values.Master.UseSecurity }} + - name: ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: jenkins-admin-password + - name: ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: jenkins-admin-user + {{- if or (.Values.Master.OwnSshKey) (.Values.Master.Sidecar.configAutoReload.enabled) }} + {{- if .Values.Master.JCasC.enabled }} + - name: ADMIN_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: {{ "jenkins-admin-private-key" | quote }} + {{- end }} + {{- end }} + {{- end }} + {{- if .Values.Master.InitContainerEnv }} + {{ toYaml .Values.Master.InitContainerEnv | indent 12 }} + {{- end }} resources: {{ toYaml .Values.Master.resources | indent 12 }} volumeMounts: @@ -109,6 +130,50 @@ spec: mountPath: /usr/share/jenkins/ref/secrets/ name: secrets-dir containers: +{{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecar.configAutoReload.enabled) }} + - name: {{ template "jenkins.name" . }}-sc-config + image: "{{ .Values.Master.Sidecar.image }}" + imagePullPolicy: {{ .Values.Master.Sidecar.imagePullPolicy }} + env: + - name: JENKINSRELOADCONFIG + value: "true" + - name: LABEL + value: "{{ .Values.Master.Sidecar.configAutoReload.label }}" + - name: FOLDER + value: "{{ .Values.Master.Sidecar.configAutoReload.folder }}" + - name: NAMESPACE + value: "{{ .Values.Master.Sidecar.configAutoReload.searchNamespace }}" + - name: SSH_PORT + value: "{{ .Values.Master.Sidecar.configAutoReload.sshTcpPort }}" + - name: JENKINS_PORT + value: "{{ .Values.Master.ServicePort }}" + {{- if .Values.Master.UseSecurity }} + - name: ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: jenkins-admin-user + {{- if or (.Values.Master.OwnSshKey) (.Values.Master.Sidecar.configAutoReload.enabled) }} + {{- if .Values.Master.JCasC.enabled }} + - name: ADMIN_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: {{ "jenkins-admin-private-key" | quote }} + {{- end }} + {{- end }} + {{- end }} + resources: +{{ toYaml .Values.Master.Sidecar.resources | indent 12 }} + volumeMounts: + - name: sc-config-volume + mountPath: {{ .Values.Master.Sidecar.configAutoReload.folder | quote }} + - name: jenkins-home + mountPath: /var/jenkins_home + {{- if .Values.Persistence.SubPath }} + subPath: {{ .Values.Persistence.SubPath }} + {{- end }} +{{- end}} - name: {{ template "jenkins.fullname" . }} image: "{{ .Values.Master.Image }}:{{ .Values.Master.ImageTag }}" imagePullPolicy: "{{ .Values.Master.ImagePullPolicy }}" @@ -131,10 +196,23 @@ spec: secretKeyRef: name: {{ template "jenkins.fullname" . }} key: jenkins-admin-user + {{- if or (.Values.Master.OwnSshKey) (.Values.Master.Sidecar.configAutoReload.enabled) }} + {{- if .Values.Master.JCasC.enabled }} + - name: ADMIN_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: {{ "jenkins-admin-private-key" | quote }} + {{- end }} + {{- end }} {{- end }} {{- if .Values.Master.ContainerEnv }} {{ toYaml .Values.Master.ContainerEnv | indent 12 }} {{- end }} + {{- if .Values.Master.JCasC.enabled }} + - name: CASC_JENKINS_CONFIG + value: {{ .Values.Master.Sidecar.configAutoReload.folder | default "/var/jenkins_home/casc_configs" | quote }} + {{- end }} ports: - containerPort: 8080 name: http @@ -217,6 +295,10 @@ spec: mountPath: /usr/share/jenkins/ref/secrets/ name: secrets-dir readOnly: false + {{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecar.configAutoReload.enabled) }} + - name: sc-config-volume + mountPath: {{ .Values.Master.Sidecar.configAutoReload.folder | default "/var/jenkins_home/casc_configs" | quote }} + {{- end }} volumes: {{- if .Values.Persistence.volumes }} {{ toYaml .Values.Persistence.volumes | indent 6 }} @@ -252,6 +334,10 @@ spec: {{- else }} emptyDir: {} {{- end -}} + {{- if .Values.Master.JCasC.enabled }} + - name: sc-config-volume + emptyDir: {} + {{- end }} {{- if .Values.Master.ImagePullSecret }} imagePullSecrets: - name: {{ .Values.Master.ImagePullSecret }} diff --git a/stable/jenkins/templates/secret.yaml b/stable/jenkins/templates/secret.yaml index 47cc2e056ef8..8642ad30391b 100644 --- a/stable/jenkins/templates/secret.yaml +++ b/stable/jenkins/templates/secret.yaml @@ -15,5 +15,10 @@ data: {{ else }} jenkins-admin-password: {{ randAlphaNum 10 | b64enc | quote }} {{ end }} + {{ if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecar.configAutoReload.enabled) }} + {{ if not .Values.Master.OwnSshKey }} + {{ ( include "jenkins.gen-key" . ) }} + {{ end }} + {{ end }} jenkins-admin-user: {{ .Values.Master.AdminUser | b64enc | quote }} {{- end }} \ No newline at end of file diff --git a/stable/jenkins/values.yaml b/stable/jenkins/values.yaml index 4a4b87de3aa1..9937cd1112ec 100644 --- a/stable/jenkins/values.yaml +++ b/stable/jenkins/values.yaml @@ -16,6 +16,7 @@ Master: # ImagePullSecret: jenkins Component: "jenkins-master" NumExecutors: 0 + # configAutoReload requires UseSecurity is set to true: UseSecurity: true # SecurityRealm: # Optionally configure a different AuthorizationStrategy using Jenkins XML @@ -24,15 +25,27 @@ Master: # true # HostNetworking: false + # When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist. + # Since the AdminUser is used by configAutoReload, in order to use configAutoReload you must change the + # .Master.AdminUser to a valid username on your LDAP (or other) server. This user does not need + # to have administrator rights in Jenkins (the default Overall:Read is sufficient) nor will it be granted any + # additional rights. Failure to do this will cause the sidecar container to fail to authenticate via SSH and enter + # a restart loop. Likewise if you disable the non-Jenkins identity store and instead use the Jenkins internal one, + # you should revert Master.AdminUser to your preferred admin user: AdminUser: admin # AdminPassword: + OwnSshKey: false + # If CasC auto-reload is enabled, an SSH (RSA) keypair is needed. Can either provide your own, or leave unconfigured\false to allow a random key to be auto-generated. + # If you choose to use your own, you must upload your decrypted RSA private key (not the public key above) to a Kubernetes secret using the following command: + # kubectl -n create secret generic --dry-run --from-file=jenkins-admin-private-key=~/.ssh/id_rsa -o yaml |kubectl -n apply -f - + # Replace ~/.ssh/id_rsa in the above command with the path to your private key file and the and placeholders to suit. resources: requests: cpu: "50m" memory: "256Mi" limits: cpu: "2000m" - memory: "2048Mi" + memory: "4096Mi" # Environment variables that get added to the init container (useful for e.g. http_proxy) # InitContainerEnv: # - name: http_proxy @@ -116,6 +129,7 @@ Master: ExtraPorts: # - name: BuildInfoProxy # port: 9000 + # List of plugins to be install during Jenkins master start InstallPlugins: - kubernetes:1.14.0 @@ -123,6 +137,7 @@ Master: - workflow-aggregator:2.6 - credentials-binding:1.17 - git:3.9.1 + # Enable HTML parsing using OWASP Markup Formatter Plugin (antisamy-markup-formatter), useful with ghprb plugin. # The plugin is not installed by default, please update Master.InstallPlugins. # EnableRawHtmlMarkupFormatter: true @@ -144,11 +159,54 @@ Master: # Jobs: # test: |- # <> - CustomConfigMap: false - # By default, the configMap is only used to set the initial config the first time - # that the chart is installed. Setting `OverwriteConfig` to `true` will overwrite - # the jenkins config with the contents of the configMap every time the pod starts. - OverwriteConfig: false + + # Below is the implementation of Jenkins Configuration as Code. Add a key under ConfigScripts for each configuration area, + # where each corresponds to a plugin or section of the UI. Each key (prior to | character) is just a label, and can be any value. + # Keys are only used to give the section a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label + # characters: lowercase letters, numbers, and hyphens. The keys become the name of a configuration yaml file on the master in + # /var/jenkins_home/casc_configs (by default) and will be processed by the Configuration as Code Plugin. The lines after each | + # become the content of the configuration yaml file. The first line after this is a JCasC root element, eg jenkins, credentials, + # etc. Best reference is https:///configuration-as-code/reference. The example below creates a welcome message: + JCasC: + enabled: false + PluginVersion: 1.5 + SupportPluginVersion: 1.5 + ConfigScripts: + welcome-message: | + jenkins: + systemMessage: Welcome to our CI\CD server. This Jenkins is configured and managed 'as code'. + + Sidecar: + image: shadwell/k8s-sidecar:0.0.2 + imagePullPolicy: IfNotPresent + resources: + # limits: + # cpu: 100m + # memory: 100Mi + # requests: + # cpu: 50m + # memory: 50Mi + configAutoReload: + # If enabled: true, Jenkins Configuration as Code will be reloaded on-the-fly without a reboot. If false or not-specified, + # jcasc changes will cause a reboot and will only be applied at the subsequent start-up. Auto-reload uses the Jenkins CLI + # over SSH to reapply config when changes to the ConfigScripts are detected. The admin user (or account you specify in + # Master.AdminUser) will have a random SSH private key (RSA 4096) assigned unless you specify OwnSshKey: true. This will be saved to a k8s secret. + enabled: false + # SSH port value can be set to any unused TCP port. The default, 1044, is a non-standard SSH port that has been chosen at random. + # Is only used to reload jcasc config from the sidecar container running in the Jenkins master pod. + # This TCP port will not be open in the pod (unless you specifically configure this), so Jenkins will not be + # accessible via SSH from outside of the pod. Note if you use non-root pod privileges (RunAsUser & FsGroup), + # this must be > 1024: + sshTcpPort: 1044 + # label that the configmaps with dashboards are marked with: + label: jenkins_config + # folder in the pod that should hold the collected dashboards: + folder: /var/jenkins_home/casc_configs + # If specified, the sidecar will search for dashboard config-maps inside this namespace. + # Otherwise the namespace in which the sidecar is running will be used. + # It's also possible to specify ALL to search in all namespaces: + # searchNamespace: + # Node labels and tolerations for pod assignment # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature @@ -156,15 +214,21 @@ Master: Tolerations: {} PodAnnotations: {} + # The below two configuration-related values are deprecated and replaced by Jenkins Configuration as Code (see above + # JCasC key). They will be deleted in an upcoming version. + CustomConfigMap: false + # By default, the configMap is only used to set the initial config the first time + # that the chart is installed. Setting `OverwriteConfig` to `true` will overwrite + # the jenkins config with the contents of the configMap every time the pod starts. + OverwriteConfig: false + Ingress: ApiVersion: extensions/v1beta1 Annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" - # Set this path to JenkinsUriPrefix above or use annotations to rewrite path # Path: "/jenkins" - TLS: # - secretName: jenkins.cluster.local # hosts: @@ -209,7 +273,6 @@ Persistence: ## Requires Persistence.Enabled: true ## If defined, PVC must be created manually before volume will be bound # ExistingClaim: - ## jenkins data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning @@ -218,7 +281,6 @@ Persistence: ## GKE, AWS & OpenStack) ## # StorageClass: "-" - Annotations: {} AccessMode: ReadWriteOnce Size: 8Gi @@ -254,30 +316,24 @@ backup: # Backup must use RBAC # So by enabling backup you are enabling RBAC specific for backup enabled: false - # Schedule to run jobs. Must be in cron time format # Ref: https://crontab.guru/ schedule: "0 2 * * *" - annotations: # Example for authorization to AWS S3 using kube2iam # Can also be done using environment variables iam.amazonaws.com/role: jenkins - image: repository: nuvo/kube-tasks tag: 0.1.2 - # Additional arguments for kube-tasks # Ref: https://github.com/nuvo/kube-tasks#simple-backup extraArgs: [] - # Add additional environment variables env: # Example environment variable required for AWS credentials chain - name: AWS_REGION value: us-east-1 - resources: requests: memory: 1Gi @@ -285,7 +341,6 @@ backup: limits: memory: 1Gi cpu: 1 - # Destination to store the backup artifacts # Supported cloud storage services: AWS S3, Minio S3, Azure Blob Storage # Additional support can added. Visit this repository for details From 8877cc812333432c00177188998211ccae6fe3c1 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 8 Feb 2019 01:40:00 +0100 Subject: [PATCH 0091/1586] ghost: update to `2.14.0` (#11247) Signed-off-by: Bitnami Containers --- stable/ghost/Chart.yaml | 4 ++-- stable/ghost/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index 1be252ad7985..e37da27183a2 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,6 +1,6 @@ name: ghost -version: 6.3.7 -appVersion: 2.13.2 +version: 6.3.8 +appVersion: 2.14.0 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: - ghost diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index 985e354b5181..101569500853 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/ghost - tag: 2.13.2 + tag: 2.14.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 50b435fdaaf51a6d17418194b2badfb32f382c50 Mon Sep 17 00:00:00 2001 From: Naseem Date: Thu, 7 Feb 2019 19:40:10 -0500 Subject: [PATCH 0092/1586] Modernizing helpers file (#11250) Signed-off-by: Naseem Ullah --- stable/datadog/Chart.yaml | 2 +- stable/datadog/templates/_helpers.tpl | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/stable/datadog/Chart.yaml b/stable/datadog/Chart.yaml index 8f48807b51c0..7fc93f4dd522 100755 --- a/stable/datadog/Chart.yaml +++ b/stable/datadog/Chart.yaml @@ -1,5 +1,5 @@ name: datadog -version: 1.18.1 +version: 1.19.0 appVersion: 6.9.0 description: DataDog Agent keywords: diff --git a/stable/datadog/templates/_helpers.tpl b/stable/datadog/templates/_helpers.tpl index 559456fec64a..2dddf3d36f7c 100644 --- a/stable/datadog/templates/_helpers.tpl +++ b/stable/datadog/templates/_helpers.tpl @@ -9,11 +9,20 @@ Expand the name of the chart. {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. */}} {{- define "datadog.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{- end -}} +{{- end -}} {{/* Return secret name to be used based on provided values. From 11f1d4442f86b39dbeb8391e63248ae8ff2ae039 Mon Sep 17 00:00:00 2001 From: Naseem Date: Thu, 7 Feb 2019 19:40:19 -0500 Subject: [PATCH 0093/1586] Updating img to 1.9.0 (#11253) Signed-off-by: Naseem Ullah --- incubator/jaeger/Chart.yaml | 4 ++-- incubator/jaeger/README.md | 2 +- incubator/jaeger/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/incubator/jaeger/Chart.yaml b/incubator/jaeger/Chart.yaml index f8f21a5a0cd2..4354d47aade9 100644 --- a/incubator/jaeger/Chart.yaml +++ b/incubator/jaeger/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 1.8.2 +appVersion: 1.9.0 description: A Jaeger Helm chart for Kubernetes name: jaeger -version: 0.8.2 +version: 0.8.3 keywords: - jaeger - opentracing diff --git a/incubator/jaeger/README.md b/incubator/jaeger/README.md index 1413f3758de7..4deb041b233c 100644 --- a/incubator/jaeger/README.md +++ b/incubator/jaeger/README.md @@ -214,7 +214,7 @@ The following table lists the configurable parameters of the Jaeger chart and th | `storage.elasticsearch.user` | Provisioned elasticsearch user | elastic | | `storage.elasticsearch.nodesWanOnly` | Only access specified es host | false | | `storage.type` | Storage type (ES or Cassandra) | cassandra | -| `tag` | Image tag/version | 1.8.2 | +| `tag` | Image tag/version | 1.9.0 | For more information about some of the tunable parameters that Cassandra provides, please visit the helm chart for [cassandra](https://github.com/kubernetes/charts/tree/master/incubator/cassandra) and the official [website](http://cassandra.apache.org/) at apache.org. diff --git a/incubator/jaeger/values.yaml b/incubator/jaeger/values.yaml index 860798778229..6f51a74001a8 100644 --- a/incubator/jaeger/values.yaml +++ b/incubator/jaeger/values.yaml @@ -6,7 +6,7 @@ provisionDataStore: cassandra: true elasticsearch: false -tag: 1.8.2 +tag: 1.9.0 storage: # allowed values (cassandra, elasticsearch) From ff77025ff211bbd84e75ba9c98a2d68f3f2a2143 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 8 Feb 2019 09:35:11 +0100 Subject: [PATCH 0094/1586] nats: update to `1.4.1` (#11259) Signed-off-by: Bitnami Containers --- stable/nats/Chart.yaml | 4 ++-- stable/nats/values-production.yaml | 2 +- stable/nats/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/nats/Chart.yaml b/stable/nats/Chart.yaml index d5f9bf5eddc8..bc1a5b453c3f 100644 --- a/stable/nats/Chart.yaml +++ b/stable/nats/Chart.yaml @@ -1,6 +1,6 @@ name: nats -version: 2.0.4 -appVersion: 1.4.0 +version: 2.0.5 +appVersion: 1.4.1 description: An open-source, cloud-native messaging system keywords: - nats diff --git a/stable/nats/values-production.yaml b/stable/nats/values-production.yaml index d3c1c18ef93c..9d12d5d1a200 100644 --- a/stable/nats/values-production.yaml +++ b/stable/nats/values-production.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/nats - tag: 1.4.0 + tag: 1.4.1 pullPolicy: Always ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/nats/values.yaml b/stable/nats/values.yaml index 954a0e780045..2d72bd2ac061 100644 --- a/stable/nats/values.yaml +++ b/stable/nats/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/nats - tag: 1.4.0 + tag: 1.4.1 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 8655268c22b80200e5fbf49ee53a677cd19d94b8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Fri, 8 Feb 2019 11:02:03 +0100 Subject: [PATCH 0095/1586] [stable/wordpress] Fix quote in htaccessoverridenone (#11263) Signed-off-by: Javier J. Salmeron Garcia --- stable/wordpress/Chart.yaml | 2 +- stable/wordpress/values-production.yaml | 3 +-- stable/wordpress/values.yaml | 2 +- 3 files changed, 3 insertions(+), 4 deletions(-) diff --git a/stable/wordpress/Chart.yaml b/stable/wordpress/Chart.yaml index 6e5e874aef61..9280712d753a 100644 --- a/stable/wordpress/Chart.yaml +++ b/stable/wordpress/Chart.yaml @@ -1,5 +1,5 @@ name: wordpress -version: 5.2.0 +version: 5.2.1 appVersion: 5.0.3 description: Web publishing platform for building blogs and websites. icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png diff --git a/stable/wordpress/values-production.yaml b/stable/wordpress/values-production.yaml index ce40068972c2..ff4709ddaeb8 100644 --- a/stable/wordpress/values-production.yaml +++ b/stable/wordpress/values-production.yaml @@ -60,8 +60,7 @@ wordpressTablePrefix: wp_ allowEmptyPassword: "yes" ## Set Apache allowOverride to None -allowOverrideNone: yes - +allowOverrideNone: "yes" # ConfigMap with custom wordpress-htaccess.conf file (requires allowOverrideNone to true) customHTAccessCM: diff --git a/stable/wordpress/values.yaml b/stable/wordpress/values.yaml index 822d59da1c4c..46e4c66f04a9 100644 --- a/stable/wordpress/values.yaml +++ b/stable/wordpress/values.yaml @@ -64,7 +64,7 @@ wordpressTablePrefix: wp_ allowEmptyPassword: true ## Set Apache allowOverride to None -allowOverrideNone: no +allowOverrideNone: "no" # ConfigMap with custom wordpress-htaccess.conf file (requires allowOverrideNone to true) customHTAccessCM: From df3b21e90db01931c93e4da25ae4e4b21941aa92 Mon Sep 17 00:00:00 2001 From: Werner Buck Date: Fri, 8 Feb 2019 12:49:44 +0100 Subject: [PATCH 0096/1586] Simplify for unifi (#10789) The discovery and stun ports are part of the same service. Unifi depends on them to be on the same hostname. Signed-off-by: Werner Buck --- stable/unifi/Chart.yaml | 2 +- stable/unifi/README.md | 28 ++++-------- stable/unifi/templates/controller-svc.yaml | 14 ++++++ stable/unifi/templates/discovery-svc.yaml | 52 ---------------------- stable/unifi/templates/stun-svc.yaml | 52 ---------------------- stable/unifi/values.yaml | 48 +++----------------- 6 files changed, 29 insertions(+), 167 deletions(-) delete mode 100644 stable/unifi/templates/discovery-svc.yaml delete mode 100644 stable/unifi/templates/stun-svc.yaml diff --git a/stable/unifi/Chart.yaml b/stable/unifi/Chart.yaml index f32a92e2ee12..a7b53925d0ab 100644 --- a/stable/unifi/Chart.yaml +++ b/stable/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.2.8 +version: 0.3.0 keywords: - ubiquiti - unifi diff --git a/stable/unifi/README.md b/stable/unifi/README.md index 097d8386e8ac..961105f6514d 100644 --- a/stable/unifi/README.md +++ b/stable/unifi/README.md @@ -53,20 +53,8 @@ The following tables lists the configurable parameters of the Unifi chart and th | `controllerService.loadBalancerIP` | Loadbalance IP for the Unifi Controller | `{}` | | `controllerService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | | `controllerService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | -| `stunService.type` | Kubernetes service type for the Unifi STUN | `NodePort` | -| `stunService.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | -| `stunService.annotations` | Service annotations for the Unifi STUN | `{}` | -| `stunService.labels` | Custom labels | `{}` | -| `stunService.loadBalancerIP` | Loadbalance IP for the Unifi STUN | `{}` | -| `stunService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | -| `stunService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | -| `discoveryService.type` | Kubernetes service type for AP discovery | `NodePort` | -| `discoveryService.port` | Kubernetes UDP port for AP discovery | `10001` | -| `discoveryService.annotations` | Service annotations for AP discovery | `{}` | -| `discoveryService.labels` | Custom labels | `{}` | -| `discoveryService.loadBalancerIP` | Loadbalance IP for AP discovery | `{}` | -| `discoveryService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | -| `discoveryService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | +| `controllerService.stun.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | +| `controllerService.discovery.port` | Kubernetes UDP port for AP discovery | `10001` | | `ingress.enabled` | Enables Ingress | `false` | | `ingress.annotations` | Ingress annotations | `{}` | | `ingress.labels` | Custom labels | `{}` | @@ -117,12 +105,12 @@ Read through the [values.yaml](values.yaml) file. It has several commented out s devices run. If you run this as a `NodePort` (the default setting), make sure that there is an external load balancer that is directing traffic from port 8080 to the `NodePort` for this service. -- `discoveryService`: This needs to be reachable by the unifi devices on the - network similar to the controller `Service` but only during the discovery - phase. This is a UDP service. -- `stunService`: Also used periodically by the unifi devices to communicate - with the controller using UDP. See [this article][ubnt 3] and [this other - article][ubnt 4] for more information. + + the `controllerService` exposes two additional ports: + - `discovery`: This needs to be reachable by the unifi devices on network but only during the discovery + phase. This is a UDP service. + - `stun`: Also used periodically by the unifi devices to communicate + with the controller using UDP. See [this article][ubnt 3] and [this other article][ubnt 4] for more information. [docker]: https://hub.docker.com/r/jacobalberty/unifi/tags/ [github]: https://github.com/jacobalberty/unifi-docker diff --git a/stable/unifi/templates/controller-svc.yaml b/stable/unifi/templates/controller-svc.yaml index 7cac96a6d5f1..3e6fea913be2 100644 --- a/stable/unifi/templates/controller-svc.yaml +++ b/stable/unifi/templates/controller-svc.yaml @@ -46,6 +46,20 @@ spec: name: controller {{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.nodePort))) }} nodePort: {{.Values.controllerService.nodePort}} +{{ end }} + - port: {{ .Values.controllerService.stun.port }} + targetPort: stun + protocol: UDP + name: stun +{{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.stun.nodePort))) }} + nodePort: {{.Values.controllerService.stun.nodePort}} +{{ end }} + - port: {{ .Values.controllerService.discovery.port }} + targetPort: discovery + protocol: UDP + name: discovery +{{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.discovery.nodePort))) }} + nodePort: {{.Values.controllerService.discovery.nodePort}} {{ end }} selector: app: {{ template "unifi.name" . }} diff --git a/stable/unifi/templates/discovery-svc.yaml b/stable/unifi/templates/discovery-svc.yaml deleted file mode 100644 index b3f7b685d3bf..000000000000 --- a/stable/unifi/templates/discovery-svc.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "unifi.fullname" . }}-discovery - labels: - app: {{ template "unifi.name" . }} - chart: {{ template "unifi.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.discoveryService.labels }} -{{ toYaml .Values.discoveryService.labels | indent 4 }} -{{- end }} -{{- with .Values.discoveryService.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if (or (eq .Values.discoveryService.type "ClusterIP") (empty .Values.discoveryService.type)) }} - type: ClusterIP - {{- if .Values.discoveryService.clusterIP }} - clusterIP: {{ .Values.discoveryService.clusterIP }} - {{end}} -{{- else if eq .Values.discoveryService.type "LoadBalancer" }} - type: {{ .Values.discoveryService.type }} - {{- if .Values.discoveryService.loadBalancerIP }} - loadBalancerIP: {{ .Values.discoveryService.loadBalancerIP }} - {{- end }} - {{- if .Values.discoveryService.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.discoveryService.loadBalancerSourceRanges | indent 4 }} - {{- end -}} -{{- else }} - type: {{ .Values.discoveryService.type }} -{{- end }} -{{- if .Values.discoveryService.externalIPs }} - externalIPs: -{{ toYaml .Values.discoveryService.externalIPs | indent 4 }} -{{- end }} - {{- if .Values.discoveryService.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.discoveryService.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.discoveryService.port }} - targetPort: discovery - protocol: UDP - name: discovery -{{ if (and (eq .Values.discoveryService.type "NodePort") (not (empty .Values.discoveryService.nodePort))) }} - nodePort: {{.Values.discoveryService.nodePort}} -{{ end }} - selector: - app: {{ template "unifi.name" . }} - release: {{ .Release.Name }} diff --git a/stable/unifi/templates/stun-svc.yaml b/stable/unifi/templates/stun-svc.yaml deleted file mode 100644 index 335e0c9b5dc9..000000000000 --- a/stable/unifi/templates/stun-svc.yaml +++ /dev/null @@ -1,52 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ template "unifi.fullname" . }}-stun - labels: - app: {{ template "unifi.name" . }} - chart: {{ template "unifi.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -{{- if .Values.stunService.labels }} -{{ toYaml .Values.stunService.labels | indent 4 }} -{{- end }} -{{- with .Values.stunService.annotations }} - annotations: -{{ toYaml . | indent 4 }} -{{- end }} -spec: -{{- if (or (eq .Values.stunService.type "ClusterIP") (empty .Values.stunService.type)) }} - type: ClusterIP - {{- if .Values.stunService.clusterIP }} - clusterIP: {{ .Values.stunService.clusterIP }} - {{end}} -{{- else if eq .Values.stunService.type "LoadBalancer" }} - type: {{ .Values.stunService.type }} - {{- if .Values.stunService.loadBalancerIP }} - loadBalancerIP: {{ .Values.stunService.loadBalancerIP }} - {{- end }} - {{- if .Values.stunService.loadBalancerSourceRanges }} - loadBalancerSourceRanges: -{{ toYaml .Values.stunService.loadBalancerSourceRanges | indent 4 }} - {{- end -}} -{{- else }} - type: {{ .Values.stunService.type }} -{{- end }} -{{- if .Values.stunService.externalIPs }} - externalIPs: -{{ toYaml .Values.stunService.externalIPs | indent 4 }} -{{- end }} - {{- if .Values.stunService.externalTrafficPolicy }} - externalTrafficPolicy: {{ .Values.stunService.externalTrafficPolicy }} - {{- end }} - ports: - - port: {{ .Values.stunService.port }} - targetPort: stun - protocol: UDP - name: stun -{{ if (and (eq .Values.stunService.type "NodePort") (not (empty .Values.stunService.nodePort))) }} - nodePort: {{.Values.stunService.nodePort}} -{{ end }} - selector: - app: {{ template "unifi.name" . }} - release: {{ .Release.Name }} \ No newline at end of file diff --git a/stable/unifi/values.yaml b/stable/unifi/values.yaml index 817b99b1424e..b04bb50865b1 100644 --- a/stable/unifi/values.yaml +++ b/stable/unifi/values.yaml @@ -50,48 +50,12 @@ controllerService: # loadBalancerSourceRanges: [] ## Set the externalTrafficPolicy in the Service to either Cluster or Local # externalTrafficPolicy: Cluster - -stunService: - type: NodePort - port: 3478 # udp - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - ## Provide any additional annotations which may be required. This can be used to - ## set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - labels: {} - ## Use loadBalancerIP to request a specific static IP, - ## otherwise leave blank - ## - loadBalancerIP: - # loadBalancerSourceRanges: [] - ## Set the externalTrafficPolicy in the Service to either Cluster or Local - # externalTrafficPolicy: Cluster - -discoveryService: - type: NodePort - port: 10001 # udp - ## Specify the nodePort value for the LoadBalancer and NodePort service types. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport - ## - # nodePort: - ## Provide any additional annotations which may be required. This can be used to - ## set the LoadBalancer service type to internal only. - ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer - ## - annotations: {} - labels: {} - ## Use loadBalancerIP to request a specific static IP, - ## otherwise leave blank - ## - loadBalancerIP: - # loadBalancerSourceRanges: [] - ## Set the externalTrafficPolicy in the Service to either Cluster or Local - # externalTrafficPolicy: Cluster + stun: + port: 3478 + # nodePort: + discovery: + port: 10001 + # nodePort: ingress: enabled: false From 20b310c0806e424d1be6cfc13c216f20fc02b173 Mon Sep 17 00:00:00 2001 From: Ernesto Ojeda Date: Fri, 8 Feb 2019 05:03:23 -0700 Subject: [PATCH 0097/1586] Indent lines related to EnableRawHtmlMarkupFormatter (#11252) Signed-off-by: Ernesto Ojeda --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/templates/config.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index 11fa2206ead5..d53f6d020f86 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.29.0 +version: 0.29.1 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/templates/config.yaml b/stable/jenkins/templates/config.yaml index dda84a3086fe..898dcf5e598a 100644 --- a/stable/jenkins/templates/config.yaml +++ b/stable/jenkins/templates/config.yaml @@ -30,9 +30,9 @@ data: ${JENKINS_HOME}/workspace/${ITEM_FULLNAME} ${ITEM_ROOTDIR}/builds {{- if .Values.Master.EnableRawHtmlMarkupFormatter }} - - true - + + true + {{- else }} {{- end }} From 28130149db0e71b4da09ad291c27a98d84a93e6c Mon Sep 17 00:00:00 2001 From: Simon Guerrier Date: Fri, 8 Feb 2019 15:43:44 +0100 Subject: [PATCH 0098/1586] update clusterrole rbacs to be able to fetch clusterquotas from openshift correctly (#11272) Signed-off-by: Simon Guerrier --- stable/datadog/Chart.yaml | 2 +- stable/datadog/templates/agent-clusterrole.yaml | 6 ++++++ stable/datadog/templates/clusterrole.yaml | 6 ++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/stable/datadog/Chart.yaml b/stable/datadog/Chart.yaml index 7fc93f4dd522..cab2ae11ced8 100755 --- a/stable/datadog/Chart.yaml +++ b/stable/datadog/Chart.yaml @@ -1,5 +1,5 @@ name: datadog -version: 1.19.0 +version: 1.20.0 appVersion: 6.9.0 description: DataDog Agent keywords: diff --git a/stable/datadog/templates/agent-clusterrole.yaml b/stable/datadog/templates/agent-clusterrole.yaml index 5999b6490077..0a0871207472 100644 --- a/stable/datadog/templates/agent-clusterrole.yaml +++ b/stable/datadog/templates/agent-clusterrole.yaml @@ -22,6 +22,12 @@ rules: - get - list - watch +- apiGroups: ["quota.openshift.io"] + resources: + - clusterresourcequotas + verbs: + - get + - list - apiGroups: - "autoscaling" resources: diff --git a/stable/datadog/templates/clusterrole.yaml b/stable/datadog/templates/clusterrole.yaml index 6733ed64bdc0..00ee2e1a8ad1 100644 --- a/stable/datadog/templates/clusterrole.yaml +++ b/stable/datadog/templates/clusterrole.yaml @@ -23,6 +23,12 @@ rules: - get - list - watch +- apiGroups: ["quota.openshift.io"] + resources: + - clusterresourcequotas + verbs: + - get + - list {{- if .Values.datadog.collectEvents }} - apiGroups: - "" From 2d9a3575430c7acdc423914a8bada2d38298bb47 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 8 Feb 2019 16:12:01 +0100 Subject: [PATCH 0099/1586] [stable/mariadb] Release 5.5.2 (#11274) * stable/mariadb: update to 10.1.38 Signed-off-by: Bitnami Containers * stable/mariadb: update to 10.1.38 Signed-off-by: Bitnami Containers --- stable/mariadb/Chart.yaml | 4 ++-- stable/mariadb/values-production.yaml | 2 +- stable/mariadb/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/mariadb/Chart.yaml b/stable/mariadb/Chart.yaml index ebf6861e8da1..fe4a5c30431e 100644 --- a/stable/mariadb/Chart.yaml +++ b/stable/mariadb/Chart.yaml @@ -1,6 +1,6 @@ name: mariadb -version: 5.5.1 -appVersion: 10.1.37 +version: 5.5.2 +appVersion: 10.1.38 description: Fast, reliable, scalable, and easy to use open-source relational database system. MariaDB Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. Highly available MariaDB cluster. keywords: - mariadb diff --git a/stable/mariadb/values-production.yaml b/stable/mariadb/values-production.yaml index f8e3b0dae36b..25e09842e25a 100644 --- a/stable/mariadb/values-production.yaml +++ b/stable/mariadb/values-production.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/mariadb - tag: 10.1.37 + tag: 10.1.38 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/stable/mariadb/values.yaml b/stable/mariadb/values.yaml index 9a2dfd52ab63..15ee10f27879 100644 --- a/stable/mariadb/values.yaml +++ b/stable/mariadb/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/mariadb - tag: 10.1.37 + tag: 10.1.38 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From a205f96948d6d597de9ec0799e64d4fc5e05110a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pedro=20C=C3=A9sar=20de=20Azevedo?= Date: Sat, 9 Feb 2019 05:23:02 +1300 Subject: [PATCH 0100/1586] Add distributed JMeter chart (#8119) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Adds Distributed JMeter chart: - Creates deployment resource for the JMeter master and server - Creates service resource for JMeter server Signed-off-by: Pedro César de Azevedo * Fix blank space. Adds some documentation as well. Signed-off-by: Pedro César de Azevedo * Added Documentation to the chart! - Adds a better README file - Also creates a NOTES.txt with instructionto run the tests - Changed logic to pull Docker image Signed-off-by: Pedro César de Azevedo * Fix blank spaces Signed-off-by: Pedro César de Azevedo * Applying changes Signed-off-by: Pedro César de Azevedo * Fix app version Signed-off-by: Pedro César de Azevedo * Use 1.0.0 for a start since we are stable Signed-off-by: Reinhard Nägele * Add role label to service Signed-off-by: Reinhard Nägele * Fixed labels and templates definitions. Signed-off-by: Pedro César de Azevedo * Replaced role label Signed-off-by: Pedro César de Azevedo --- stable/distributed-jmeter/.helmignore | 22 ++++++++++++ stable/distributed-jmeter/Chart.yaml | 12 +++++++ stable/distributed-jmeter/OWNERS | 4 +++ stable/distributed-jmeter/README.md | 27 +++++++++++++++ stable/distributed-jmeter/templates/NOTES.txt | 16 +++++++++ .../distributed-jmeter/templates/_helpers.tpl | 32 +++++++++++++++++ .../templates/jmeter-master-deployment.yaml | 34 +++++++++++++++++++ .../templates/jmeter-server-deployment.yaml | 34 +++++++++++++++++++ .../templates/jmeter-server-service.yaml | 23 +++++++++++++ stable/distributed-jmeter/values.yaml | 24 +++++++++++++ 10 files changed, 228 insertions(+) create mode 100644 stable/distributed-jmeter/.helmignore create mode 100644 stable/distributed-jmeter/Chart.yaml create mode 100644 stable/distributed-jmeter/OWNERS create mode 100644 stable/distributed-jmeter/README.md create mode 100644 stable/distributed-jmeter/templates/NOTES.txt create mode 100644 stable/distributed-jmeter/templates/_helpers.tpl create mode 100644 stable/distributed-jmeter/templates/jmeter-master-deployment.yaml create mode 100644 stable/distributed-jmeter/templates/jmeter-server-deployment.yaml create mode 100644 stable/distributed-jmeter/templates/jmeter-server-service.yaml create mode 100644 stable/distributed-jmeter/values.yaml diff --git a/stable/distributed-jmeter/.helmignore b/stable/distributed-jmeter/.helmignore new file mode 100644 index 000000000000..7c04072e1355 --- /dev/null +++ b/stable/distributed-jmeter/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +OWNERS diff --git a/stable/distributed-jmeter/Chart.yaml b/stable/distributed-jmeter/Chart.yaml new file mode 100644 index 000000000000..54e230bec538 --- /dev/null +++ b/stable/distributed-jmeter/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +appVersion: "3.3" +description: A Distributed JMeter Helm chart +name: distributed-jmeter +version: 1.0.0 +home: http://jmeter.apache.org/ +icon: http://jmeter.apache.org/images/logo.svg +sources: + - https://github.com/pedrocesar-ti/distributed-jmeter-docker +maintainers: + - name: pedrocesar-ti + email: pedrocesar.ti@gmail.com diff --git a/stable/distributed-jmeter/OWNERS b/stable/distributed-jmeter/OWNERS new file mode 100644 index 000000000000..6acab1270a0d --- /dev/null +++ b/stable/distributed-jmeter/OWNERS @@ -0,0 +1,4 @@ +approvers: +- pedrocesar-ti +reviewers: +- pedrocesar-ti diff --git a/stable/distributed-jmeter/README.md b/stable/distributed-jmeter/README.md new file mode 100644 index 000000000000..7ed8c3578087 --- /dev/null +++ b/stable/distributed-jmeter/README.md @@ -0,0 +1,27 @@ +# Distributed JMeter + +Based on the work done [here](https://github.com/pedrocesar-ti/distributed-jmeter-docker). + +Apache Jmeter™ is an open source tool that helps creating and running load test plans. This helm/chart was created to help you running different versions of JMeter in a distributed fashion (master -> server architecture), for more info. + +## Chart Details: +This chart will do the following: +- Deploy a JMeter master (by default 1) that is responsible to store the test plans and test results after running on the servers. +- Deploy a JMeter server service (by default 3 replicas) that are responsible to run the actual test and send back the results to the master. + + +## Installing the Chart: +To install the chart with the release name jmeter: +``` +$ helm install --name distributed-jmeter stable/distributed-jmeter +``` + +## Deploying different versions of JMeter +The default [image](https://hub.docker.com/r/pedrocesarti/jmeter-docker/) allows you to run JMeter in all versions available. + +To change the version running on the helm you only need: +``` +$ helm install --name distributed-jmeter --set master.image.tag=4.0 --set server.image.tag=4.0 stable/distributed-jmeter +``` + +Enjoy! :) diff --git a/stable/distributed-jmeter/templates/NOTES.txt b/stable/distributed-jmeter/templates/NOTES.txt new file mode 100644 index 000000000000..860344351382 --- /dev/null +++ b/stable/distributed-jmeter/templates/NOTES.txt @@ -0,0 +1,16 @@ +JMeter is now starting. + + +To get get a shell session on the master you only need to run: + +$ export MASTER_NAME=$(kubectl get pods -l role=master -o jsonpath='{.items[*].metadata.name}') +$ kubectl exec -it $MASTER_NAME -- /bin/bash + + +To copy your test plans to the master pod: +$ kubectl cp sample.jmx $MASTER_NAME:/jmeter + + +To run your test in all servers you need first a list of all servers IPs (comma-separated) and then you can run your test: +$ export SERVER_IPS=$(kubectl get pods -lrole=server -o jsonpath='{.items[*].status.podIP}' | tr ' ' ',') +$ kubectl exec -it $MASTER_NAME -- jmeter -n -t /jmeter/sample.jmx -R $SERVER_IPS diff --git a/stable/distributed-jmeter/templates/_helpers.tpl b/stable/distributed-jmeter/templates/_helpers.tpl new file mode 100644 index 000000000000..d21e372237ef --- /dev/null +++ b/stable/distributed-jmeter/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "distributed-jmeter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "distributed-jmeter.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "distributed-jmeter.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/stable/distributed-jmeter/templates/jmeter-master-deployment.yaml b/stable/distributed-jmeter/templates/jmeter-master-deployment.yaml new file mode 100644 index 000000000000..06e490de0bf3 --- /dev/null +++ b/stable/distributed-jmeter/templates/jmeter-master-deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "distributed-jmeter.fullname" . }}-master + labels: + app.kubernetes.io/name: {{ include "distributed-jmeter.name" . }} + helm.sh/chart: {{ include "distributed-jmeter.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/component: master +spec: + replicas: {{ .Values.master.replicaCount }} + strategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: {{ include "distributed-jmeter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: master + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "distributed-jmeter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: master + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - master + ports: + - containerPort: 60000 diff --git a/stable/distributed-jmeter/templates/jmeter-server-deployment.yaml b/stable/distributed-jmeter/templates/jmeter-server-deployment.yaml new file mode 100644 index 000000000000..3c1f19b84f9a --- /dev/null +++ b/stable/distributed-jmeter/templates/jmeter-server-deployment.yaml @@ -0,0 +1,34 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "distributed-jmeter.fullname" . }}-server + labels: + app.kubernetes.io/name: {{ include "distributed-jmeter.name" . }} + helm.sh/chart: {{ include "distributed-jmeter.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/component: server +spec: + replicas: {{ .Values.server.replicaCount }} + strategy: + type: RollingUpdate + selector: + matchLabels: + app.kubernetes.io/name: {{ include "distributed-jmeter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: server + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "distributed-jmeter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: server + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: ["server"] + ports: + - containerPort: 50000 + - containerPort: 1099 diff --git a/stable/distributed-jmeter/templates/jmeter-server-service.yaml b/stable/distributed-jmeter/templates/jmeter-server-service.yaml new file mode 100644 index 000000000000..ace1d0a686da --- /dev/null +++ b/stable/distributed-jmeter/templates/jmeter-server-service.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "distributed-jmeter.fullname" . }}-server + labels: + app.kubernetes.io/name: {{ include "distributed-jmeter.name" . }} + helm.sh/chart: {{ include "distributed-jmeter.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/component: server +spec: + clusterIP: None + ports: + - port: 50000 + protocol: TCP + name: tcp-50000 + - port: 1099 + protocol: TCP + name: tcp-1099 + selector: + app.kubernetes.io/name: {{ include "distributed-jmeter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/component: server diff --git a/stable/distributed-jmeter/values.yaml b/stable/distributed-jmeter/values.yaml new file mode 100644 index 000000000000..76580b339751 --- /dev/null +++ b/stable/distributed-jmeter/values.yaml @@ -0,0 +1,24 @@ +# Default values for distributed-jmeter. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +master: + ## The number of pods in the master deployment + replicaCount: 1 + +server: + ## The number of pods in the server deployment + replicaCount: 3 + +image: + ## Specify an imagePullPolicy + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + pullPolicy: IfNotPresent + + ## The repository and image + ## ref: https://hub.docker.com/r/pedrocesarti/jmeter-docker/ + repository: "pedrocesarti/jmeter-docker" + + ## The tag for the image + ## ref: https://hub.docker.com/r/pedrocesarti/jmeter-docker/tags/ + tag: 3.3 From ab13fa78fdb72388c9e32aef750ed64124de0cf7 Mon Sep 17 00:00:00 2001 From: Anastas Dancha Date: Fri, 8 Feb 2019 19:39:28 +0300 Subject: [PATCH 0101/1586] adding chart for Satisfy - Composer package hosting (#9386) * adding chart for Satisfy - Composer package hosting Signed-off-by: Anastas Dancha * adding self as maintainer Signed-off-by: Anastas Dancha * adding satisfy.* parameters to README Signed-off-by: Anastas Dancha * do not wipe out existing instance Signed-off-by: Anastas Dancha * switching to labels required by REVIEW_GUIDELINES Signed-off-by: Anastas Dancha * changing resources nil, recommended in comments Signed-off-by: Anastas Dancha * removing unsupported ingress.path Signed-off-by: Anastas Dancha * adding icon Signed-off-by: Anastas Dancha * [incubator/satisfy]: moving to stable Signed-off-by: Anastas Dancha * [stable/satisfy]: use modern helm labels Signed-off-by: Anastas Dancha * [stable/satisfy]: switching image pull-by-digest - Using image digest in favor of image tag, both are supported. When digest is set, it's always used. - Updating containerPort from 8080 to 80, inline with latest image update Signed-off-by: Anastas Dancha * various improvements.. - using `satisfy.repo_name` in place of `satisfy.repoName` - improving init container script - updating image digest, commenting out tag, but leaving it there for reference Signed-off-by: Anastas Dancha * removing trailing space in `values.yaml` Signed-off-by: Anastas Dancha * more camelCase, fixing repo link in README Signed-off-by: Anastas Dancha * better init script & pod checks, note about homepage/fqdn Signed-off-by: Anastas Dancha * updating image.digest to latest Signed-off-by: Anastas Dancha --- stable/satisfy/.helmignore | 2 + stable/satisfy/Chart.yaml | 14 +++ stable/satisfy/OWNERS | 4 + stable/satisfy/README.md | 59 +++++++++++ stable/satisfy/templates/NOTES.txt | 19 ++++ stable/satisfy/templates/_helpers.tpl | 40 ++++++++ stable/satisfy/templates/deployment.yaml | 121 +++++++++++++++++++++++ stable/satisfy/templates/ingress.yaml | 40 ++++++++ stable/satisfy/templates/pvc.yaml | 24 +++++ stable/satisfy/templates/secret.yaml | 14 +++ stable/satisfy/templates/service.yaml | 19 ++++ stable/satisfy/values.yaml | 76 ++++++++++++++ 12 files changed, 432 insertions(+) create mode 100644 stable/satisfy/.helmignore create mode 100644 stable/satisfy/Chart.yaml create mode 100644 stable/satisfy/OWNERS create mode 100644 stable/satisfy/README.md create mode 100644 stable/satisfy/templates/NOTES.txt create mode 100644 stable/satisfy/templates/_helpers.tpl create mode 100644 stable/satisfy/templates/deployment.yaml create mode 100644 stable/satisfy/templates/ingress.yaml create mode 100644 stable/satisfy/templates/pvc.yaml create mode 100644 stable/satisfy/templates/secret.yaml create mode 100644 stable/satisfy/templates/service.yaml create mode 100644 stable/satisfy/values.yaml diff --git a/stable/satisfy/.helmignore b/stable/satisfy/.helmignore new file mode 100644 index 000000000000..acbcabf42a79 --- /dev/null +++ b/stable/satisfy/.helmignore @@ -0,0 +1,2 @@ +.git +OWNERS diff --git a/stable/satisfy/Chart.yaml b/stable/satisfy/Chart.yaml new file mode 100644 index 000000000000..6f4bef7ce890 --- /dev/null +++ b/stable/satisfy/Chart.yaml @@ -0,0 +1,14 @@ +name: satisfy +version: 0.1.0 +appVersion: "3.0.4" +description: Composer repo hosting with Satisfy +home: https://github.com/anapsix/docker-satisfy +icon: https://getcomposer.org/img/logo-composer-transparent.png +sources: +- https://github.com/anapsix/docker-satisfy +- https://github.com/ludofleury/satisfy +- https://github.com/composer/satis +- https://unit.nginx.org/ +maintainers: +- name: anapsix + email: anapsix@random.io diff --git a/stable/satisfy/OWNERS b/stable/satisfy/OWNERS new file mode 100644 index 000000000000..e309781085c5 --- /dev/null +++ b/stable/satisfy/OWNERS @@ -0,0 +1,4 @@ +approvers: +- anapsix +reviewers: +- anapsix diff --git a/stable/satisfy/README.md b/stable/satisfy/README.md new file mode 100644 index 000000000000..9d0edab0946d --- /dev/null +++ b/stable/satisfy/README.md @@ -0,0 +1,59 @@ +# Satisfy Helm Chart + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install --name my-release stable/satisfy +``` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes nearly all the Kubernetes components associated with the +chart and deletes the release. + +## Configuration + + Parameter | Description | Default +------------------------------- | -------------------------------------- | --------- +`image.pullPolicy` | Image pull policy | `Always` +`image.repository` | Image repository | `docker.io/anapsix/satisfy` +`image.tag` | Image tag | `v3.0.4` +`image.digest` | Image digest | `sha256:b590aced3074cdb1e09b4e9432fd69afccfa807e50a3ad8168960572128f4fbd` +`image.pullSecrets` | Specify image pull secrets | `[]` +`service.type` | Type of service | `ClusterIP` +`service.port` | Service port | `80` +`ingress.enabled` | Enables Ingress | `false` +`ingress.annotations` | Ingress annotations | `{}` +`ingress.labels` | Ingress labels | `[]` +`ingress.hosts` | Ingress accepted hostnames | `[]` +`ingress.tls` | Ingress TLS configuration | `[]` +`terminationGracePeriodSeconds` | Termination grace period (in seconds) | `15` +`livenessProbe.enabled` | Enables LivenessProbe | `true` +`readinessProbe.enabled` | Enables readinessProbe | `true` +`affinity` | Node/pod affinities | `{}` +`nodeSelector` | Node labels for pod assignment | `{}` +`resources` | Pod resource requests & limits | `{}` +`tolerations` | List of node taints to tolerate | `[]` +`persistence.enabled` | Use a PVC to persist data | `true` +`persistence.existingClaim` | Use an existing PVC to persist data | `nil` +`persistence.storageClass` | Storage class of backing PVC | `nil` +`persistence.accessMode` | Use volume as ReadOnly or ReadWrite | `ReadWriteOnce` +`persistence.size` | Size of data volume | `8Gi` +`satisfy.repoName` | Satis repository name | `myrepo` +`satisfy.homepage` | Satis repository URL | `http://composer.local` +`satisfy.sshPrivateKey` | SSH Private key used with GIT repos | `nil` + +> When both `image.tag` and `image.digest` are present, `image.digest` will be used. See [Docker docs][1] for more details about using image digest. + +FQDN to access the service should be used as `satisfy.homepage` value, whether via Ingress, or LoadBalancer-type service with DNS records matching `satisfy.homepage`, or some other method. + +[## Link Reference ##]:: +[1]: https://docs.docker.com/engine/reference/commandline/pull/#pull-an-image-by-digest-immutable-identifier diff --git a/stable/satisfy/templates/NOTES.txt b/stable/satisfy/templates/NOTES.txt new file mode 100644 index 000000000000..be0a959fe0c8 --- /dev/null +++ b/stable/satisfy/templates/NOTES.txt @@ -0,0 +1,19 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.hosts }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ . }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "satisfy.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "satisfy.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "satisfy.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ include "satisfy.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/stable/satisfy/templates/_helpers.tpl b/stable/satisfy/templates/_helpers.tpl new file mode 100644 index 000000000000..79f6cd76e4f5 --- /dev/null +++ b/stable/satisfy/templates/_helpers.tpl @@ -0,0 +1,40 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "satisfy.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "satisfy.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "satisfy.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "satisfy.image" -}} +{{- if .Values.image.digest -}} +{{- printf "%s@%s" .Values.image.repository .Values.image.digest -}} +{{- else -}} +{{- printf "%s:%s" .Values.image.repository .Values.image.tag -}} +{{- end -}} +{{- end -}} \ No newline at end of file diff --git a/stable/satisfy/templates/deployment.yaml b/stable/satisfy/templates/deployment.yaml new file mode 100644 index 000000000000..9432c69dd963 --- /dev/null +++ b/stable/satisfy/templates/deployment.yaml @@ -0,0 +1,121 @@ +apiVersion: apps/v1beta2 +kind: Deployment +metadata: + name: {{ include "satisfy.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "satisfy.name" . }} + helm.sh/chart: {{ include "satisfy.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: 1 + selector: + matchLabels: + app.kubernetes.io/name: {{ include "satisfy.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "satisfy.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- with .Values.image.pullSecrets }} + imagePullSecrets: +{{ toYaml . | indent 8 }} + {{- end }} + initContainers: + - name: init + image: "{{ include "satisfy.image" . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + command: + - /bin/sh + - -c + - | + set -x + set -e + if [[ -e /app_persist/satis.json ]]; then + echo >&2 "Existing installation found, moving on.." + exit 0 + else + echo >&2 "Seeding new instance.." + cp -r /app/* /app_persist/ + for ref in $(find /app_persist -mindepth 1 -maxdepth 1 -not -name ".snapshot"); do + chown -R satisfy:satisfy $ref + done + fi + echo >&2 "Init completed.." + securityContext: + runAsUser: 0 + volumeMounts: + - name: app-persist + mountPath: /app_persist + containers: + - name: satisfy + image: "{{ include "satisfy.image" . }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - name: http + containerPort: 80 + protocol: TCP + env: + - name: REPO_NAME + value: "{{ .Values.satisfy.repoName }}" + - name: HOMEPAGE + value: "{{ .Values.satisfy.homepage }}" + {{- if .Values.satisfy.sshPrivateKey }} + - name: SSH_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: {{ template "satisfy.fullname" . }} + key: SSH_PRIVATE_KEY + {{- end }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: / + port: http + initialDelaySeconds: 5 + periodSeconds: 20 + timeoutSeconds: 10 + successThreshold: 1 + failureThreshold: 3 + {{- end }} + volumeMounts: + - name: app-persist + mountPath: /app +{{- with .Values.resources }} + resources: +{{ toYaml . | indent 12 }} +{{- end }} + volumes: + - name: app-persist + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ template "satisfy.fullname" . }} + {{- else }} + emptyDir: {} + {{- end -}} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/stable/satisfy/templates/ingress.yaml b/stable/satisfy/templates/ingress.yaml new file mode 100644 index 000000000000..555e1e956214 --- /dev/null +++ b/stable/satisfy/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "satisfy.fullname" . -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app.kubernetes.io/name: {{ include "satisfy.name" . }} + helm.sh/chart: {{ include "satisfy.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- with .Values.ingress.labels }} +{{ toYaml . | indent 4 }} +{{- end }} +{{- with .Values.ingress.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + - path: / + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} +{{- end }} diff --git a/stable/satisfy/templates/pvc.yaml b/stable/satisfy/templates/pvc.yaml new file mode 100644 index 000000000000..ba4616bb0d7e --- /dev/null +++ b/stable/satisfy/templates/pvc.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ include "satisfy.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "satisfy.name" . }} + helm.sh/chart: {{ include "satisfy.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end }} diff --git a/stable/satisfy/templates/secret.yaml b/stable/satisfy/templates/secret.yaml new file mode 100644 index 000000000000..b059358e6f59 --- /dev/null +++ b/stable/satisfy/templates/secret.yaml @@ -0,0 +1,14 @@ +{{- if .Values.satisfy.sshPrivateKey }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "satisfy.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "satisfy.name" . }} + helm.sh/chart: {{ include "satisfy.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + SSH_PRIVATE_KEY: {{ .Values.satisfy.sshPrivateKey | b64enc }} +{{- end -}} diff --git a/stable/satisfy/templates/service.yaml b/stable/satisfy/templates/service.yaml new file mode 100644 index 000000000000..46d4427c8925 --- /dev/null +++ b/stable/satisfy/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "satisfy.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "satisfy.name" . }} + helm.sh/chart: {{ include "satisfy.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "satisfy.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/stable/satisfy/values.yaml b/stable/satisfy/values.yaml new file mode 100644 index 000000000000..3e5b985387c8 --- /dev/null +++ b/stable/satisfy/values.yaml @@ -0,0 +1,76 @@ +# Default values for Satisfy. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +image: + repository: docker.io/anapsix/satisfy + # image.digest takes precedence: + # i.e. if both image.tag and image.digest are present digest will be used + # tag: v3.0.4 + digest: sha256:b590aced3074cdb1e09b4e9432fd69afccfa807e50a3ad8168960572128f4fbd + pullPolicy: Always + pullSecrets: [] + # - secret1 + # - secret2 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + # certmanager.k8s.io/cluster-issuer: self-signed + # ingress.kubernetes.io/force-ssl-redirect: "true" + labels: [] + # traffic-type: external + hosts: [] + # - composer.local + tls: [] + # - secretName: composer-cert + # hosts: + # - composer.local + +terminationGracePeriodSeconds: 15 + +livenessProbe: + enabled: true + +readinessProbe: + enabled: true + +resources: {} + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 64Mi + # requests: + # cpu: 100m + # memory: 64Mi + +nodeSelector: {} +tolerations: [] +affinity: {} + +persistence: + enabled: true + accessMode: ReadWriteOnce + size: 8Gi + storageClass: ~ # set your PV storage class here + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + +## Application settings +## For more details see Satis documentaion +## https://getcomposer.org/doc/articles/handling-private-packages-with-satis.md#setup +satisfy: + repoName: myrepo + homepage: http://composer.local # set it to FQDN of your ingress + sshPrivateKey: ~ # set it via CLI + # for example: `--set satisfy.sshPrivateKey="$(<~/.ssh/id_rsa)"` From a2e20f40a9fe02583e36a879ea4e766357abf9c5 Mon Sep 17 00:00:00 2001 From: Steven Sheehy Date: Fri, 8 Feb 2019 10:39:47 -0600 Subject: [PATCH 0102/1586] [stable/prometheus-mongodb-exporter] Add MongoDB Exporter chart (#10979) Signed-off-by: Steven Sheehy --- .../prometheus-mongodb-exporter/.helmignore | 22 ++++++ stable/prometheus-mongodb-exporter/Chart.yaml | 16 ++++ stable/prometheus-mongodb-exporter/OWNERS | 4 + stable/prometheus-mongodb-exporter/README.md | 64 ++++++++++++++++ .../ci/servicemonitor-disabled-values.yaml | 4 + .../templates/NOTES.txt | 13 ++++ .../templates/_helpers.tpl | 32 ++++++++ .../templates/deployment.yaml | 55 ++++++++++++++ .../templates/service.yaml | 22 ++++++ .../templates/servicemonitor.yaml | 29 ++++++++ .../templates/tests/test-connection.yaml | 18 +++++ .../prometheus-mongodb-exporter/values.yaml | 73 +++++++++++++++++++ 12 files changed, 352 insertions(+) create mode 100644 stable/prometheus-mongodb-exporter/.helmignore create mode 100644 stable/prometheus-mongodb-exporter/Chart.yaml create mode 100644 stable/prometheus-mongodb-exporter/OWNERS create mode 100644 stable/prometheus-mongodb-exporter/README.md create mode 100644 stable/prometheus-mongodb-exporter/ci/servicemonitor-disabled-values.yaml create mode 100644 stable/prometheus-mongodb-exporter/templates/NOTES.txt create mode 100644 stable/prometheus-mongodb-exporter/templates/_helpers.tpl create mode 100644 stable/prometheus-mongodb-exporter/templates/deployment.yaml create mode 100644 stable/prometheus-mongodb-exporter/templates/service.yaml create mode 100644 stable/prometheus-mongodb-exporter/templates/servicemonitor.yaml create mode 100644 stable/prometheus-mongodb-exporter/templates/tests/test-connection.yaml create mode 100644 stable/prometheus-mongodb-exporter/values.yaml diff --git a/stable/prometheus-mongodb-exporter/.helmignore b/stable/prometheus-mongodb-exporter/.helmignore new file mode 100644 index 000000000000..50af03172541 --- /dev/null +++ b/stable/prometheus-mongodb-exporter/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/stable/prometheus-mongodb-exporter/Chart.yaml b/stable/prometheus-mongodb-exporter/Chart.yaml new file mode 100644 index 000000000000..17197fc3b212 --- /dev/null +++ b/stable/prometheus-mongodb-exporter/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +appVersion: "v0.6.1" +description: A Prometheus exporter for MongoDB metrics +home: https://github.com/percona/mongodb_exporter +keywords: +- exporter +- metrics +- mongodb +- prometheus +maintainers: +- email: ssheehy@firescope.com + name: steven-sheehy +name: prometheus-mongodb-exporter +sources: +- https://github.com/percona/mongodb_exporter +version: 1.0.0 diff --git a/stable/prometheus-mongodb-exporter/OWNERS b/stable/prometheus-mongodb-exporter/OWNERS new file mode 100644 index 000000000000..deb841ab740d --- /dev/null +++ b/stable/prometheus-mongodb-exporter/OWNERS @@ -0,0 +1,4 @@ +approvers: + - steven-sheehy +reviewers: + - steven-sheehy diff --git a/stable/prometheus-mongodb-exporter/README.md b/stable/prometheus-mongodb-exporter/README.md new file mode 100644 index 000000000000..3954a01f8ad3 --- /dev/null +++ b/stable/prometheus-mongodb-exporter/README.md @@ -0,0 +1,64 @@ +# Prometheus MongoDB Exporter + +Installs the [MongoDB Exporter](https://github.com/percona/mongodb_exporter) for [Prometheus](https://prometheus.io/). The +MongoDB Exporter collects and exports oplog, replica set, server status, sharding and storage engine metrics. + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm upgrade --install my-release stable/prometheus-mongodb-exporter +``` + +This command deploys the MongoDB Exporter with the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Using the Chart + +To use the chart, ensure the `mongodb.uri` is populated with a valid [MongoDB URI](https://docs.mongodb.com/manual/reference/connection-string). +If the MongoDB server requires authentication, credentials should be populated in the connection string as well. The MongoDB Exporter supports +connecting to either a MongoDB replica set member, shard, or standalone instance. + +The chart comes with a ServiceMonitor for use with the [Prometheus Operator](https://github.com/helm/charts/tree/master/stable/prometheus-operator). +If you're not using the Prometheus Operator, you can disable the ServiceMonitor by setting `serviceMonitor.enabled` to `false` and instead +populate the `service.annotations` as below: + +```yaml +service: + annotations: + prometheus.io/scrape: "true" + prometheus.io/port: "9216" +``` + +## Configuration + +| Parameter | Description | Default | +|-----------|-------------|---------| +| `affinity` | Node/pod affinities | `{}` | +| `annotations` | Annotations to be added to the pods | `{}` | +| `extraArgs` | The extra command line arguments to pass to the MongoDB Exporter | See values.yaml | +| `fullnameOverride` | Override the full chart name | `` | +| `image.pullPolicy` | MongoDB Exporter image pull policy | `IfNotPresent` | +| `image.repository` | MongoDB Exporter image name | `ssalaues/mongodb-exporter` | +| `image.tag` | MongoDB Exporter image tag | `0.6.1` | +| `imagePullSecrets` | List of container registry secrets | `[]` | +| `mongodb.uri` | The required [URI](https://docs.mongodb.com/manual/reference/connection-string) to connect to MongoDB | `` | +| `nameOverride` | Override the application name | `` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `priorityClassName` | Pod priority class name | `` | +| `replicas` | Number of replicas in the replica set | `1` | +| `resources` | Pod resource requests and limits | `{}` | +| `securityContext` | Security context for the pod | See values.yaml | +| `service.annotations` | Annotations to be added to the service | `{}` | +| `service.port` | The port to expose | `9216` | +| `service.type` | The type of service to expose | `ClusterIP` | +| `serviceMonitor.enabled` | Set to true if using the Prometheus Operator | `true` | +| `serviceMonitor.interval` | Interval at which metrics should be scraped | `30s` | +| `serviceMonitor.namespace` | The namespace where the Prometheus Operator is deployed | `` | +| `serviceMonitor.additionalLabels` | Additional labels to add to the ServiceMonitor | `{}` | +| `tolerations` | List of node taints to tolerate | `[]` | + +## Limitations + +Connecting to MongoDB via TLS is currently not supported. + diff --git a/stable/prometheus-mongodb-exporter/ci/servicemonitor-disabled-values.yaml b/stable/prometheus-mongodb-exporter/ci/servicemonitor-disabled-values.yaml new file mode 100644 index 000000000000..4b7812dc9ebc --- /dev/null +++ b/stable/prometheus-mongodb-exporter/ci/servicemonitor-disabled-values.yaml @@ -0,0 +1,4 @@ +mongodb: + uri: mongodb://localhost:9216 +serviceMonitor: + enabled: false diff --git a/stable/prometheus-mongodb-exporter/templates/NOTES.txt b/stable/prometheus-mongodb-exporter/templates/NOTES.txt new file mode 100644 index 000000000000..3ebe6e520780 --- /dev/null +++ b/stable/prometheus-mongodb-exporter/templates/NOTES.txt @@ -0,0 +1,13 @@ +Verify the application is working by running these commands: +{{if contains "NodePort" .Values.service.type }} + NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "prometheus-mongodb-exporter.fullname" . }}) + curl http://$NODE_IP:$NODE_PORT/metrics +{{- else if contains "LoadBalancer" .Values.service.type }} + # NOTE: It may take a few minutes for the LoadBalancer IP to be available. + SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "prometheus-mongodb-exporter.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + curl http://$SERVICE_IP:{{ .Values.service.port }}/metrics +{{- else if contains "ClusterIP" .Values.service.type }} + kubectl port-forward service/{{ include "prometheus-mongodb-exporter.fullname" . }} {{ .Values.service.port }} + curl http://127.0.0.1:{{ .Values.service.port }}/metrics +{{- end }} diff --git a/stable/prometheus-mongodb-exporter/templates/_helpers.tpl b/stable/prometheus-mongodb-exporter/templates/_helpers.tpl new file mode 100644 index 000000000000..e051b2387ed4 --- /dev/null +++ b/stable/prometheus-mongodb-exporter/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "prometheus-mongodb-exporter.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "prometheus-mongodb-exporter.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "prometheus-mongodb-exporter.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/stable/prometheus-mongodb-exporter/templates/deployment.yaml b/stable/prometheus-mongodb-exporter/templates/deployment.yaml new file mode 100644 index 000000000000..600ea64a7704 --- /dev/null +++ b/stable/prometheus-mongodb-exporter/templates/deployment.yaml @@ -0,0 +1,55 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "prometheus-mongodb-exporter.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "prometheus-mongodb-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "prometheus-mongodb-exporter.chart" . }} + annotations: + {{- toYaml .Values.annotations | nindent 4 }} +spec: + replicas: {{ .Values.replicas }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "prometheus-mongodb-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "prometheus-mongodb-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + containers: + - name: mongodb-exporter + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: + - -mongodb.uri={{ required "A MongoDB URI is required" .Values.mongodb.uri }} + {{- toYaml .Values.extraArgs | nindent 8 }} + ports: + - name: metrics + containerPort: 9216 + protocol: TCP + livenessProbe: + {{- toYaml .Values.livenessProbe | nindent 10 }} + readinessProbe: + {{- toYaml .Values.readinessProbe | nindent 10 }} + resources: + {{- toYaml .Values.resources | nindent 10 }} + securityContext: + {{- toYaml .Values.securityContext | nindent 10 }} + affinity: + {{- toYaml .Values.affinity | nindent 8 }} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} + nodeSelector: + {{- toYaml .Values.nodeSelector | nindent 8 }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end }} + terminationGracePeriodSeconds: 30 + tolerations: + {{- toYaml .Values.tolerations | nindent 8 }} + diff --git a/stable/prometheus-mongodb-exporter/templates/service.yaml b/stable/prometheus-mongodb-exporter/templates/service.yaml new file mode 100644 index 000000000000..f98dc9667da4 --- /dev/null +++ b/stable/prometheus-mongodb-exporter/templates/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "prometheus-mongodb-exporter.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "prometheus-mongodb-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "prometheus-mongodb-exporter.chart" . }} + annotations: + {{- toYaml .Values.service.annotations | nindent 4 }} +spec: + ports: + - name: metrics + port: {{ .Values.service.port }} + protocol: TCP + targetPort: metrics + selector: + app.kubernetes.io/name: {{ include "prometheus-mongodb-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + type: {{ .Values.service.type }} + diff --git a/stable/prometheus-mongodb-exporter/templates/servicemonitor.yaml b/stable/prometheus-mongodb-exporter/templates/servicemonitor.yaml new file mode 100644 index 000000000000..dfe59bc178f1 --- /dev/null +++ b/stable/prometheus-mongodb-exporter/templates/servicemonitor.yaml @@ -0,0 +1,29 @@ +{{ if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "prometheus-mongodb-exporter.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "prometheus-mongodb-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "prometheus-mongodb-exporter.chart" . }} + {{- range $key, $value := .Values.serviceMonitor.additionalLabels }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} +spec: + endpoints: + - port: metrics + interval: {{ .Values.serviceMonitor.interval }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "prometheus-mongodb-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + diff --git a/stable/prometheus-mongodb-exporter/templates/tests/test-connection.yaml b/stable/prometheus-mongodb-exporter/templates/tests/test-connection.yaml new file mode 100644 index 000000000000..2bc3c4692f1b --- /dev/null +++ b/stable/prometheus-mongodb-exporter/templates/tests/test-connection.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "prometheus-mongodb-exporter.fullname" . }}-test-connection" + labels: + app.kubernetes.io/name: {{ include "prometheus-mongodb-exporter.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "prometheus-mongodb-exporter.chart" . }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['-qO-', '{{ include "prometheus-mongodb-exporter.fullname" . }}:{{ .Values.service.port }}/metrics'] + restartPolicy: Never diff --git a/stable/prometheus-mongodb-exporter/values.yaml b/stable/prometheus-mongodb-exporter/values.yaml new file mode 100644 index 000000000000..f6b50602fdcd --- /dev/null +++ b/stable/prometheus-mongodb-exporter/values.yaml @@ -0,0 +1,73 @@ +affinity: {} + +annotations: {} + +extraArgs: +- -collect.collection=true +- -collect.database=true +- -collect.indexusage=true +- -collect.topmetrics=true + +fullnameOverride: "" + +image: + pullPolicy: IfNotPresent + repository: ssalaues/mongodb-exporter + tag: 0.6.1 + +imagePullSecrets: [] + +livenessProbe: + httpGet: + path: / + port: metrics + initialDelaySeconds: 10 + +# mongodb://metrics-user:password@mongodb:27017 +mongodb: + uri: + +nameOverride: "" + +nodeSelector: {} + +priorityClassName: "" + +readinessProbe: + httpGet: + path: / + port: metrics + initialDelaySeconds: 10 + +replicas: 1 + +resources: {} +# limits: +# cpu: 250mm +# memory: 192Mi +# requests: +# cpu: 100mm +# memory: 128Mi + +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["all"] + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10000 + +service: + annotations: {} + # prometheus.io/scrape: "true" + # prometheus.io/port: "9216" + port: 9216 + type: ClusterIP + +serviceMonitor: + enabled: true + interval: 30s + namespace: + additionalLabels: {} + +tolerations: [] From 6f985a053ce3fd409f16e243e9b4b7eb958c2a61 Mon Sep 17 00:00:00 2001 From: Joseph Weigl <2631895+eloo@users.noreply.github.com> Date: Fri, 8 Feb 2019 17:39:57 +0100 Subject: [PATCH 0103/1586] [prometheus-rabbitmq-export] Add skip_verify to rabbitmq-exporter (#11107) * Add skip_verify to rabbitmq-exporter Signed-off-by: Joseph Weigl * Bump chart version of prometheus-rabbitmq-exporter Signed-off-by: Joseph Weigl * Restore invalid paremeter deletion Signed-off-by: Joseph Weigl --- stable/prometheus-rabbitmq-exporter/Chart.yaml | 2 +- stable/prometheus-rabbitmq-exporter/README.md | 1 + stable/prometheus-rabbitmq-exporter/templates/deployment.yaml | 2 ++ stable/prometheus-rabbitmq-exporter/values.yaml | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/stable/prometheus-rabbitmq-exporter/Chart.yaml b/stable/prometheus-rabbitmq-exporter/Chart.yaml index 6b3734343629..d06c1dd5ca57 100644 --- a/stable/prometheus-rabbitmq-exporter/Chart.yaml +++ b/stable/prometheus-rabbitmq-exporter/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Rabbitmq metrics exporter for prometheus name: prometheus-rabbitmq-exporter -version: 0.3.0 +version: 0.4.0 appVersion: v0.29.0 home: https://github.com/kbudde/rabbitmq_exporter sources: diff --git a/stable/prometheus-rabbitmq-exporter/README.md b/stable/prometheus-rabbitmq-exporter/README.md index adfccb9faf9c..8dd767184577 100644 --- a/stable/prometheus-rabbitmq-exporter/README.md +++ b/stable/prometheus-rabbitmq-exporter/README.md @@ -59,6 +59,7 @@ The following table lists the configurable parameters and their default values. | `rabbitmq.skip_queues` | regex, matching queue names are not exported | `^$` | | `rabbitmq.include_vhost` | regex vhost filter. Only queues in matching vhosts are exported | `.*` | | `rabbitmq.skip_vhost` | regex, matching vhost names are not exported. First performs include_vhost, then skip_vhost | `^$` | +| `rabbitmq.skip_verify | true/0 will ignore certificate errors of the management plugin | `false` | | `rabbitmq.exporters` | List of enabled modules. Just "connections" is not enabled by default | `exchange,node,overview,queue` | | `rabbitmq.output_format` | Log ouput format. TTY and JSON are suported | `TTY` | | `rabbitmq.timeout` | timeout in seconds for retrieving data from management plugin | `30` | diff --git a/stable/prometheus-rabbitmq-exporter/templates/deployment.yaml b/stable/prometheus-rabbitmq-exporter/templates/deployment.yaml index f7d93baa7633..4f2220e2792d 100644 --- a/stable/prometheus-rabbitmq-exporter/templates/deployment.yaml +++ b/stable/prometheus-rabbitmq-exporter/templates/deployment.yaml @@ -44,6 +44,8 @@ spec: value: "{{ .Values.rabbitmq.include_vhost }}" - name: SKIP_QUEUES value: "{{ .Values.rabbitmq.skip_queues }}" + - name: SKIPVERIFY + value: "{{ .Values.rabbitmq.skip_verify }}" - name: SKIP_VHOST value: "{{ .Values.rabbitmq.skip_vhost }}" - name: RABBIT_EXPORTERS diff --git a/stable/prometheus-rabbitmq-exporter/values.yaml b/stable/prometheus-rabbitmq-exporter/values.yaml index 9eb82a5b27c5..ad98034dc00f 100644 --- a/stable/prometheus-rabbitmq-exporter/values.yaml +++ b/stable/prometheus-rabbitmq-exporter/values.yaml @@ -37,6 +37,7 @@ rabbitmq: include_queues: ".*" include_vhost: ".*" skip_queues: "^$" + skip_verify: "false" skip_vhost: "^$" exporters: "exchange,node,overview,queue" output_format: "TTY" From 9084ce54adc1cbb4988175935ffbb3d01b57edfe Mon Sep 17 00:00:00 2001 From: Torsten Walter Date: Fri, 8 Feb 2019 18:05:43 +0100 Subject: [PATCH 0104/1586] [stable/jenkins] allow running sidecar containers for Jenkins master (#10950) * allow running sidecar containers for Jenkins master Signed-off-by: Torsten Walter * explain the use case Signed-off-by: Torsten Walter --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/README.md | 1 + .../templates/jenkins-master-deployment.yaml | 3 +++ stable/jenkins/values.yaml | 17 +++++++++++++++++ 4 files changed, 22 insertions(+), 1 deletion(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index d53f6d020f86..f1861919a1c6 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.29.1 +version: 0.29.2 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index e78cf58203a8..abebf29db9db 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -86,6 +86,7 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.Affinity` | Affinity settings | `{}` | | `Master.Tolerations` | Toleration labels for pod assignment | `{}` | | `Master.PodAnnotations` | Annotations for master pod | `{}` | +| `Master.SidecarContainers` | Configures sidecar container(s) for Jenkins master | `{}` | | `Master.CustomConfigMap` | Deprecated: Use a custom ConfigMap | `false` | | `Master.AdditionalConfig` | Deprecated: Add additional config files | `{}` | | `NetworkPolicy.Enabled` | Enable creation of NetworkPolicy resources. | `false` | diff --git a/stable/jenkins/templates/jenkins-master-deployment.yaml b/stable/jenkins/templates/jenkins-master-deployment.yaml index 76b6b15c54b6..ba1ef370ad56 100644 --- a/stable/jenkins/templates/jenkins-master-deployment.yaml +++ b/stable/jenkins/templates/jenkins-master-deployment.yaml @@ -295,6 +295,9 @@ spec: mountPath: /usr/share/jenkins/ref/secrets/ name: secrets-dir readOnly: false +{{- if .Values.Master.SidecarContainers}} +{{ tpl (toYaml .Values.Master.SidecarContainers | indent 8) .}} +{{- end }} {{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecar.configAutoReload.enabled) }} - name: sc-config-volume mountPath: {{ .Values.Master.Sidecar.configAutoReload.folder | default "/var/jenkins_home/casc_configs" | quote }} diff --git a/stable/jenkins/values.yaml b/stable/jenkins/values.yaml index 9937cd1112ec..db131ecfb571 100644 --- a/stable/jenkins/values.yaml +++ b/stable/jenkins/values.yaml @@ -235,6 +235,23 @@ Master: # - jenkins.cluster.local AdditionalConfig: {} + SidecarContainers: + ## The example below runs the client for https://smee.io as sidecar container next to Jenkins, + ## that allows to trigger build behind a secure firewall. + ## https://jenkins.io/blog/2019/01/07/webhook-firewalls/#triggering-builds-with-webhooks-behind-a-secure-firewall + ## + ## Note: To use it you should go to https://smee.io/new and update the url to the generete one. + # - name: smee + # image: docker.io/twalter/smee-client:1.0.2 + # args: ["--port", "{{ .Values.Master.ServicePort }}", "--path", "/github-webhook/", "--url", "https://smee.io/new"] + # resources: + # limits: + # cpu: 50m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 32Mi + Agent: Enabled: true Image: jenkins/jnlp-slave From 34d9c4319e66cb4f63ce966e33fa799f0b2b32ef Mon Sep 17 00:00:00 2001 From: Pavel Dmytrenko Date: Sat, 9 Feb 2019 02:46:04 +0200 Subject: [PATCH 0105/1586] [stable/kibana] Add support for user-defined init containers (#11199) * [stable/kibana] Add support for generic init containers Signed-off-by: Pavel Dmytrenko * [stable/kibana] Update README Signed-off-by: Pavel Dmytrenko * [stable/kibana] Bump version Signed-off-by: Pavel Dmytrenko * [stable/kibana] Change initContainers type to {} Signed-off-by: Pavel Dmytrenko * [stable/kibana] Add CI tests for init containers Signed-off-by: Pavel Dmytrenko * [stable/kibana] Remove elasticsearch dependency from tests Signed-off-by: Pavel Dmytrenko --- stable/kibana/Chart.yaml | 2 +- stable/kibana/README.md | 1 + stable/kibana/ci/initcontainers-values.yaml | 18 ++++++++++++++++++ stable/kibana/templates/deployment.yaml | 8 +++++++- stable/kibana/values.yaml | 21 +++++++++++++++++++++ 5 files changed, 48 insertions(+), 2 deletions(-) create mode 100644 stable/kibana/ci/initcontainers-values.yaml diff --git a/stable/kibana/Chart.yaml b/stable/kibana/Chart.yaml index f4a3aa8eb5ff..5badfd16364c 100644 --- a/stable/kibana/Chart.yaml +++ b/stable/kibana/Chart.yaml @@ -1,5 +1,5 @@ name: kibana -version: 1.4.1 +version: 1.5.0 appVersion: 6.6.0 description: Kibana is an open source data visualization plugin for Elasticsearch icon: https://raw.githubusercontent.com/elastic/kibana/master/src/ui/public/icons/kibana-color.svg diff --git a/stable/kibana/README.md b/stable/kibana/README.md index 5bafd4de1182..976997e44bae 100644 --- a/stable/kibana/README.md +++ b/stable/kibana/README.md @@ -106,6 +106,7 @@ The following table lists the configurable parameters of the kibana chart and th | `securityContext.fsGroup` | fsGroup id to run in pods | `2000` | | `extraConfigMapMounts` | Additional configmaps to be mounted | `[]` | | `deployment.annotations` | Annotations for deployment | `{}` | +| `initContainers` | Init containers to add to the kibana deployment | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/kibana/ci/initcontainers-values.yaml b/stable/kibana/ci/initcontainers-values.yaml new file mode 100644 index 000000000000..70d939c6952f --- /dev/null +++ b/stable/kibana/ci/initcontainers-values.yaml @@ -0,0 +1,18 @@ +--- +# enable user-defined init containers + +initContainers: + numbers-container: + image: "busybox" + imagePullPolicy: "IfNotPresent" + command: + - "/bin/sh" + - "-c" + - | + for i in $(seq 1 10); do + echo $i + done + + echo-container: + image: "busybox" + command: ['sh', '-c', 'echo Hello from init container! && sleep 3'] diff --git a/stable/kibana/templates/deployment.yaml b/stable/kibana/templates/deployment.yaml index 7f26b99afd53..695579a36fb6 100644 --- a/stable/kibana/templates/deployment.yaml +++ b/stable/kibana/templates/deployment.yaml @@ -29,8 +29,14 @@ spec: {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" {{- end }} -{{- if or (.Values.dashboardImport.dashboards) (.Values.plugins.enabled) }} +{{- if or (.Values.initContainers) (.Values.dashboardImport.dashboards) (.Values.plugins.enabled) }} initContainers: +{{- if .Values.initContainers }} +{{- range $key, $value := .Values.initContainers }} + - name: "{{ $key }}" +{{ toYaml $value | indent 10 }} +{{- end }} +{{- end }} {{- if .Values.dashboardImport.dashboards }} - name: {{ .Chart.Name }}-dashboardimport image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/stable/kibana/values.yaml b/stable/kibana/values.yaml index 6c40b7294a77..69b44a571ce6 100644 --- a/stable/kibana/values.yaml +++ b/stable/kibana/values.yaml @@ -193,3 +193,24 @@ extraConfigMapMounts: [] # configMap: kibana-logtrail # mountPath: /usr/share/kibana/plugins/logtrail/logtrail.json # subPath: logtrail.json + +# Add your own init container or uncomment and modify the given example. +initContainers: {} + ## Don't start kibana till Elasticsearch is reachable. + ## Ensure that it is available at http://elasticsearch:9200 + ## + # es-check: # <- will be used as container name + # image: "appropriate/curl:latest" + # imagePullPolicy: "IfNotPresent" + # command: + # - "/bin/sh" + # - "-c" + # - | + # is_down=true + # while "$is_down"; do + # if curl -sSf --fail-early --connect-timeout 5 http://elasticsearch:9200; then + # is_down=false + # else + # sleep 5 + # fi + # done From 61662f17a9137e434f5407871deeeaade3dd6bd7 Mon Sep 17 00:00:00 2001 From: Ernesto Ojeda Date: Fri, 8 Feb 2019 19:45:56 -0700 Subject: [PATCH 0106/1586] revert indentation to previous working version (#11293) Signed-off-by: Ernesto Ojeda --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/templates/jenkins-master-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index f1861919a1c6..057a5ab96d93 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.29.2 +version: 0.29.3 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/templates/jenkins-master-deployment.yaml b/stable/jenkins/templates/jenkins-master-deployment.yaml index ba1ef370ad56..6f53bd3f447f 100644 --- a/stable/jenkins/templates/jenkins-master-deployment.yaml +++ b/stable/jenkins/templates/jenkins-master-deployment.yaml @@ -89,7 +89,7 @@ spec: {{- end }} {{- end }} {{- if .Values.Master.InitContainerEnv }} - {{ toYaml .Values.Master.InitContainerEnv | indent 12 }} +{{ toYaml .Values.Master.InitContainerEnv | indent 12 }} {{- end }} resources: {{ toYaml .Values.Master.resources | indent 12 }} From 2fd37481d9e3ea4aeb33116a87afaa721c2f2ab2 Mon Sep 17 00:00:00 2001 From: ckannon Date: Sat, 9 Feb 2019 12:01:05 -0500 Subject: [PATCH 0107/1586] Provide the capability to use LDAP Authentication (#11137) * - 0.16.0 with generic mapping for any env var to a secret - added verbose docs to README, made backwards compatible with previous chart - fix secretName to secretKey Signed-off-by: ckannon * fixed formatting on README.md Signed-off-by: Chris Kannon * switch formatting on block to yaml Signed-off-by: Chris Kannon --- stable/airflow/Chart.yaml | 2 +- stable/airflow/README.md | 26 ++++++++++++++-- stable/airflow/templates/_helpers.tpl | 23 ++++++++++++++ .../airflow/templates/deployments-flower.yaml | 16 +--------- .../templates/deployments-scheduler.yaml | 16 +--------- stable/airflow/templates/deployments-web.yaml | 16 +--------- .../templates/statefulsets-workers.yaml | 16 +--------- stable/airflow/values.yaml | 30 +++++++++++++++++++ 8 files changed, 81 insertions(+), 64 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index 64acd2fdec92..e676c496836c 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,6 +1,6 @@ description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 0.15.0 +version: 0.16.0 appVersion: 1.10.0 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/README.md b/stable/airflow/README.md index 3d8fbc71448f..7e350e0ca392 100644 --- a/stable/airflow/README.md +++ b/stable/airflow/README.md @@ -159,13 +159,32 @@ $ kubectl create secret generic redshift-user --from-file=redshift-user=~/secret ``` Where `redshift-user.txt` contains the user secret as a single text string. -### Use precreated secret for postgres and redis +### Use precreated secret for airflow secrets or environment variables -You can use a precreated secret for the connection credentials to both postgresql and redis. To do +You can use a precreated secret for the connection credentials, or general environment variables. To do so specify in values.yaml `existingAirflowSecret`, where the value is the name of the secret which has -postgresUser, postgresPassword, and redisPassword defined. If not specified, it will fall back to using +postgresUser, postgresPassword, and redisPassword etc. is defined. If not specified, it will fall back to using `secrets.yaml` to store the connection credentials by default. +Map each specific secret to specific environment variables in your values.yaml. Where envVar is the airflow environment +variable to populate and secretKey is the key that contains your secret value in your kubernetes secret: +```yaml +existingAirflowSecret: my-airflow-secrets +airflow: + secretsMapping: + - envVar: AIRFLOW__LDAP__BIND_PASSWORD + secretKey: ldapBindPassword + + - envVar: POSTGRES_USER + secretKey: airflowPostgresUser + + - envVar: POSTGRES_PASSWORD + secretKey: airflowPostgresPassword + + - envVar: REDIS_PASSWORD + secretKey: airflowRedisPassword +``` + ### Local binaries Please note a folder `~/.local/bin` will be automatically created and added to the PATH so that @@ -254,6 +273,7 @@ The following table lists the configurable parameters of the Airflow chart and t | `airflow.webReplicas` | how many replicas for web server | `1` | | `airflow.config` | custom airflow configuration env variables | `{}` | | `airflow.podDisruptionBudget` | control pod disruption budget | `{'maxUnavailable': 1}` | +| `airflow.secretsMapping` | override any environment variable with a secret | | | `workers.enabled` | enable workers | `true` | | `workers.replicas` | number of workers pods to launch | `1` | | `workers.resources` | custom resource configuration for worker pod | `{}` | diff --git a/stable/airflow/templates/_helpers.tpl b/stable/airflow/templates/_helpers.tpl index 1c8a9b29e037..3bae58afe560 100644 --- a/stable/airflow/templates/_helpers.tpl +++ b/stable/airflow/templates/_helpers.tpl @@ -75,3 +75,26 @@ Create the name for the airflow secret. {{ template "airflow.fullname" . }} {{- end -}} {{- end -}} + +{{/* +Map environment vars to secrets +*/}} +{{- define "airflow.mapenvsecrets" -}} + {{- $secretName := .Release.Name | trunc 63 | trimSuffix "-" }} + {{- $mapping := .Values.airflow.defaultSecretsMapping }} + {{- if .Values.existingAirflowSecret }} + {{- $secretName = .Values.existingAirflowSecret }} + {{- if .Values.airflow.secretsMapping }} + {{- $mapping = .Values.airflow.secretsMapping }} + {{- end }} + {{- end }} + {{- range $val := $mapping }} + {{- if $val }} + - name: {{ $val.envVar }} + valueFrom: + secretKeyRef: + name: {{ $secretName }} + key: {{ $val.secretKey }} + {{- end }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/airflow/templates/deployments-flower.yaml b/stable/airflow/templates/deployments-flower.yaml index c03fa1af6752..40179f7b5907 100644 --- a/stable/airflow/templates/deployments-flower.yaml +++ b/stable/airflow/templates/deployments-flower.yaml @@ -45,21 +45,7 @@ spec: - configMapRef: name: "{{ template "airflow.fullname" . }}-env" env: - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ template "airflow.secret" . }} - key: postgresUser - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "airflow.secret" . }} - key: postgresPassword - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "airflow.secret" . }} - key: redisPassword + {{- include "airflow.mapenvsecrets" . | indent 10 }} ports: - name: flower containerPort: 5555 diff --git a/stable/airflow/templates/deployments-scheduler.yaml b/stable/airflow/templates/deployments-scheduler.yaml index ff582eefa28a..129a6021bfc7 100755 --- a/stable/airflow/templates/deployments-scheduler.yaml +++ b/stable/airflow/templates/deployments-scheduler.yaml @@ -67,21 +67,7 @@ spec: - configMapRef: name: "{{ template "airflow.fullname" . }}-env" env: - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ template "airflow.secret" . }} - key: postgresUser - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "airflow.secret" . }} - key: postgresPassword - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "airflow.secret" . }} - key: redisPassword + {{- include "airflow.mapenvsecrets" . | indent 10 }} volumeMounts: {{- if .Values.persistence.enabled }} - name: dags-data diff --git a/stable/airflow/templates/deployments-web.yaml b/stable/airflow/templates/deployments-web.yaml index c71431041ec7..b09c28c5bc93 100644 --- a/stable/airflow/templates/deployments-web.yaml +++ b/stable/airflow/templates/deployments-web.yaml @@ -70,21 +70,7 @@ spec: - configMapRef: name: "{{ template "airflow.fullname" . }}-env" env: - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ template "airflow.secret" . }} - key: postgresUser - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "airflow.secret" . }} - key: postgresPassword - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "airflow.secret" . }} - key: redisPassword + {{- include "airflow.mapenvsecrets" . | indent 10 }} volumeMounts: {{- if .Values.persistence.enabled }} - name: dags-data diff --git a/stable/airflow/templates/statefulsets-workers.yaml b/stable/airflow/templates/statefulsets-workers.yaml index 3ea0b5c926e8..222d1008c403 100644 --- a/stable/airflow/templates/statefulsets-workers.yaml +++ b/stable/airflow/templates/statefulsets-workers.yaml @@ -75,21 +75,7 @@ spec: - configMapRef: name: "{{ template "airflow.fullname" . }}-env" env: - - name: POSTGRES_USER - valueFrom: - secretKeyRef: - name: {{ template "airflow.secret" . }} - key: postgresUser - - name: POSTGRES_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "airflow.secret" . }} - key: postgresPassword - - name: REDIS_PASSWORD - valueFrom: - secretKeyRef: - name: {{ template "airflow.secret" . }} - key: redisPassword + {{- include "airflow.mapenvsecrets" . | indent 10 }} volumeMounts: {{- $secretsDir := .Values.workers.secretsDir -}} {{- range .Values.workers.secrets }} diff --git a/stable/airflow/values.yaml b/stable/airflow/values.yaml index 3fdf978a6ab8..02a18b8c3fe5 100644 --- a/stable/airflow/values.yaml +++ b/stable/airflow/values.yaml @@ -4,6 +4,36 @@ ## ## common settings and setting for the webserver airflow: + + ## + ## secretsMapping can be overridden in values.yaml as such: + ## secretsMapping: + ## - envVar: AIRFLOW__LDAP__BIND_PASSWORD + ## secretName: ldapBindPassword + ## - envVar: AIRFLOW__ATLAS__PASSWORD + ## secretName: atlasPassword + ## - envVar: AIRFLOW__SMTP__PASSWORD + ## secretName: smtpPassword + ## - envVar: AIRFLOW__KUBERNETES__GIT_PASSWORD + ## secretName: kubernetesGitPassword + ## - envVar: POSTGRES_USER + ## secretName: postgresUser + ## - envVar: POSTGRES_PASSWORD + ## secretName: postgresPassword + ## - envVar: REDIS_PASSWORD + ## secretName: redisPassword + secretsMapping: + + + ## used only when existingAirflowSecrets is false + defaultSecretsMapping: + - envVar: POSTGRES_USER + secretKey: postgresUser + - envVar: POSTGRES_PASSWORD + secretKey: postgresPassword + - envVar: REDIS_PASSWORD + secretKey: redisPassword + ## ## You will need to define your fernet key: ## Generate fernetKey with: From 56b7b5f62a94c7bcbb294d18193ef9fb1814af9b Mon Sep 17 00:00:00 2001 From: Naseem Date: Sat, 9 Feb 2019 17:10:45 -0500 Subject: [PATCH 0108/1586] [stable/influxdb] Update image and allow naming release by chart name (#10783) * Allow naming release by chart name Signed-off-by: Naseem Ullah * Bump app to 1.7.3 Signed-off-by: Naseem Ullah --- stable/influxdb/Chart.yaml | 4 ++-- stable/influxdb/templates/_helpers.tpl | 12 ++++++++++++ stable/influxdb/values.yaml | 2 +- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/stable/influxdb/Chart.yaml b/stable/influxdb/Chart.yaml index 3d36fe671883..2412dc1c400d 100755 --- a/stable/influxdb/Chart.yaml +++ b/stable/influxdb/Chart.yaml @@ -1,6 +1,6 @@ name: influxdb -version: 1.1.1 -appVersion: 1.7.2 +version: 1.1.2 +appVersion: 1.7.3 description: Scalable datastore for metrics, events, and real-time analytics. keywords: - influxdb diff --git a/stable/influxdb/templates/_helpers.tpl b/stable/influxdb/templates/_helpers.tpl index 98504c060f7d..1536fd0e0299 100644 --- a/stable/influxdb/templates/_helpers.tpl +++ b/stable/influxdb/templates/_helpers.tpl @@ -9,12 +9,24 @@ Expand the name of the chart. {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. */}} {{- define "influxdb.fullname" -}} {{- if .Values.fullnameOverride -}} {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} {{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "influxdb.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/stable/influxdb/values.yaml b/stable/influxdb/values.yaml index 8f87f16e1b9b..32b625d74065 100644 --- a/stable/influxdb/values.yaml +++ b/stable/influxdb/values.yaml @@ -2,7 +2,7 @@ ## ref: https://hub.docker.com/r/library/influxdb/tags/ image: repo: "influxdb" - tag: "1.7.2-alpine" + tag: "1.7.3-alpine" pullPolicy: IfNotPresent ## Specify a service type From 57a28279570efcd9eb745537481331cf0587b46e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sebastian=20P=C3=B6hn?= Date: Sun, 10 Feb 2019 20:59:53 +0100 Subject: [PATCH 0109/1586] [stable/traefik]: Add securityContext to deployment (#11262) * [stable/traefik]: Add securityContext to deployment Signed-off-by: Sebastian Poehn * [stable/traefik] Bump version Signed-off-by: Sebastian Poehn * Update Chart.yaml Signed-off-by: David J. M. Karlsen --- stable/traefik/Chart.yaml | 2 +- stable/traefik/README.md | 1 + stable/traefik/templates/deployment.yaml | 4 ++++ stable/traefik/values.yaml | 1 + 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/traefik/Chart.yaml b/stable/traefik/Chart.yaml index 57315195b925..1fb70af6fbb9 100644 --- a/stable/traefik/Chart.yaml +++ b/stable/traefik/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: traefik -version: 1.60.0 +version: 1.61.0 appVersion: 1.7.7 description: A Traefik based Kubernetes ingress controller with Let's Encrypt support keywords: diff --git a/stable/traefik/README.md b/stable/traefik/README.md index fa0895446657..ae516c7dd763 100644 --- a/stable/traefik/README.md +++ b/stable/traefik/README.md @@ -105,6 +105,7 @@ The following table lists the configurable parameters of the Traefik chart and t | `memoryLimit` | Memory limit per Traefik pod | `30Mi` | | `rbac.enabled` | Whether to enable RBAC with a specific cluster role and binding for Traefik | `false` | | `deploymentStrategy` | Specify deployment spec rollout strategy | `{}` | +| `securityContext` | Security context | `{}` | | `nodeSelector` | Node labels for pod assignment | `{}` | | `affinity` | Affinity settings | `{}` | | `tolerations` | List of node taints to tolerate | `[]` | diff --git a/stable/traefik/templates/deployment.yaml b/stable/traefik/templates/deployment.yaml index b1c62f240a0b..042745515469 100644 --- a/stable/traefik/templates/deployment.yaml +++ b/stable/traefik/templates/deployment.yaml @@ -40,6 +40,10 @@ spec: {{ toYaml .Values.deployment.podLabels | indent 8 }} {{- end }} spec: + {{- if .Values.securityContext }} + securityContext: +{{ toYaml .Values.securityContext | indent 8 }} + {{- end }} {{- if .Values.rbac.enabled }} serviceAccountName: {{ template "traefik.fullname" . }} {{- else }} diff --git a/stable/traefik/values.yaml b/stable/traefik/values.yaml index 5130bdd11a94..e10094076e2e 100644 --- a/stable/traefik/values.yaml +++ b/stable/traefik/values.yaml @@ -33,6 +33,7 @@ deploymentStrategy: {} # maxUnavailable: 0 # type: RollingUpdate +securityContext: {} nodeSelector: {} # key: value affinity: {} From d701bf906871a90f795dad58d98768a0a79021fc Mon Sep 17 00:00:00 2001 From: pytimer Date: Mon, 11 Feb 2019 04:15:11 +0800 Subject: [PATCH 0110/1586] [stable/kibana] Add pod custom labels (#11260) Signed-off-by: pytimer --- stable/kibana/Chart.yaml | 2 +- stable/kibana/README.md | 1 + stable/kibana/templates/deployment.yaml | 3 +++ stable/kibana/values.yaml | 3 +++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/stable/kibana/Chart.yaml b/stable/kibana/Chart.yaml index 5badfd16364c..7fb1e9f7998e 100644 --- a/stable/kibana/Chart.yaml +++ b/stable/kibana/Chart.yaml @@ -1,5 +1,5 @@ name: kibana -version: 1.5.0 +version: 1.5.1 appVersion: 6.6.0 description: Kibana is an open source data visualization plugin for Elasticsearch icon: https://raw.githubusercontent.com/elastic/kibana/master/src/ui/public/icons/kibana-color.svg diff --git a/stable/kibana/README.md b/stable/kibana/README.md index 976997e44bae..497c847ba31d 100644 --- a/stable/kibana/README.md +++ b/stable/kibana/README.md @@ -57,6 +57,7 @@ The following table lists the configurable parameters of the kibana chart and th | `ingress.tls` | Ingress TLS configuration | None: | | `nodeSelector` | node labels for pod assignment | `{}` | | `podAnnotations` | annotations to add to each pod | `{}` | +| `podLabels` | labels to add to each pod | `{}` | | `replicaCount` | desired number of pods | `1` | | `revisionHistoryLimit` | revisionHistoryLimit | `3` | | `serviceAccountName` | DEPRECATED: use serviceAccount.name | `nil` | diff --git a/stable/kibana/templates/deployment.yaml b/stable/kibana/templates/deployment.yaml index 695579a36fb6..b7377f09ded4 100644 --- a/stable/kibana/templates/deployment.yaml +++ b/stable/kibana/templates/deployment.yaml @@ -24,6 +24,9 @@ spec: labels: app: {{ template "kibana.name" . }} release: "{{ .Release.Name }}" +{{- if .Values.podLabels }} +{{ toYaml .Values.podLabels | indent 8 }} +{{- end }} spec: serviceAccountName: {{ template "kibana.serviceAccountName" . }} {{- if .Values.priorityClassName }} diff --git a/stable/kibana/values.yaml b/stable/kibana/values.yaml index 69b44a571ce6..b547edec3753 100644 --- a/stable/kibana/values.yaml +++ b/stable/kibana/values.yaml @@ -138,6 +138,9 @@ podAnnotations: {} replicaCount: 1 revisionHistoryLimit: 3 +# Custom labels for pod assignment +podLabels: {} + # To export a dashboard from a running Kibana 6.3.x use: # curl --user : -XGET https://kibana.yourdomain.com:5601/api/kibana/dashboards/export?dashboard= > my-dashboard.json # A dashboard is defined by a name and a string with the json payload or the download url From 6a9d3752a8159417889e9225879df4b7cde2ec3f Mon Sep 17 00:00:00 2001 From: Scott Rigby Date: Mon, 11 Feb 2019 01:52:00 -0500 Subject: [PATCH 0111/1586] Add versioning policies to review guidelines (#11207) Fixes #5657 Signed-off-by: Scott Rigby --- REVIEW_GUIDELINES.md | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/REVIEW_GUIDELINES.md b/REVIEW_GUIDELINES.md index 880cbf546a93..eadf19519081 100644 --- a/REVIEW_GUIDELINES.md +++ b/REVIEW_GUIDELINES.md @@ -16,6 +16,17 @@ Note, if a reviewer who is not an approver in an OWNERS file leaves a comment of Chart releases must be immutable. Any change to a chart warrants a chart version bump even if it is only changes to the documentation. +## Versioning + +The chart `version` should follow [semver](https://semver.org/). + +Stable charts should start at `1.0.0` (for maintainability don't create new PRs for stable charts only to meet this criteria, but when reviewing PRs take the opportunity to ensure that this is met). + +Any breaking (backwards incompatible) changes to a chart should: + +1. Bump the MAJOR version +2. In the README, under a section called "Upgrading", describe the manual steps necessary to upgrade to the new (specified) MAJOR version + ## Chart Metadata The `Chart.yaml` should be as complete as possible. The following fields are mandatory: From 1499f6608566ef831068ac4e532d1d8552c46328 Mon Sep 17 00:00:00 2001 From: Javier Arauz Date: Mon, 11 Feb 2019 08:09:20 +0100 Subject: [PATCH 0112/1586] [stable/jenkins] Added slave Pod env vars (#8743) * [stable/jenkins] Added slave Pod env vars Signed-off-by: ecejjar * Bumped up chart version Signed-off-by: ecejjar * Added envVars to values.yaml Signed-off-by: ecejjar --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/README.md | 1 + stable/jenkins/templates/config.yaml | 9 ++++++++- stable/jenkins/values.yaml | 4 ++++ 4 files changed, 14 insertions(+), 2 deletions(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index 057a5ab96d93..580a0e733cce 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.29.3 +version: 0.30.0 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index abebf29db9db..d0baf1ab36b3 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -111,6 +111,7 @@ Some third-party systems, e.g. GitHub, use HTML-formatted data in their payload | `Agent.Privileged` | Agent privileged container | `false` | | `Agent.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 200m, memory: 256Mi}, limits: {cpu: 200m, memory: 256Mi}}`| | `Agent.volumes` | Additional volumes | `nil` | +| `Agent.envVars | Environment variables for the slave Pod | Not set | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/stable/jenkins/templates/config.yaml b/stable/jenkins/templates/config.yaml index 898dcf5e598a..ebbf771cb991 100644 --- a/stable/jenkins/templates/config.yaml +++ b/stable/jenkins/templates/config.yaml @@ -100,7 +100,14 @@ data: - + +{{- range $index, $var := .Values.Agent.envVars }} + + {{ $var.name }} + {{ $var.value }} + +{{- end }} + {{- if .Values.Agent.ImagePullSecret }} diff --git a/stable/jenkins/values.yaml b/stable/jenkins/values.yaml index db131ecfb571..85f4355f8977 100644 --- a/stable/jenkins/values.yaml +++ b/stable/jenkins/values.yaml @@ -276,6 +276,10 @@ Agent: # Allowed types are: ConfigMap, EmptyDir, HostPath, Nfs, Pod, Secret # Configure the attributes as they appear in the corresponding Java class for that type # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes + # Pod-wide ennvironment, these vars are visible to any container in the slave pod + envVars: + # - name: PATH + # value: /usr/local/bin volumes: # - type: Secret # secretName: mysecret From 81575c002d633e5d4f4ba3bdfa0fbcc5ca66b6a9 Mon Sep 17 00:00:00 2001 From: Louise Champ Date: Mon, 11 Feb 2019 08:59:08 +0000 Subject: [PATCH 0113/1586] [stable/rabbitmq] Existing secret values switches for password / erlang cookie (#10699) * [stable/rabbitmq] Existing password / erlang cookie secret Allows usage of rabbitmq application password and erlang cookie values from an externally-managed Kube secret Signed-off-by: Louise Champ * add new values to values-production Signed-off-by: Louise Champ * suggested changed Signed-off-by: Louise Champ * Revert "suggested changed" This reverts commit 47afc08a4e571aeb79eda593ab3b5a18daf635a2. Signed-off-by: Louise Champ * suggested changes Signed-off-by: Louise Champ * use secret name helper function in metrics container env Signed-off-by: Louise Champ * use newer appVersion in chart 4.2.0 Signed-off-by: Louise Champ --- stable/rabbitmq/Chart.yaml | 2 +- stable/rabbitmq/README.md | 2 ++ stable/rabbitmq/templates/_helpers.tpl | 22 ++++++++++++++++++++++ stable/rabbitmq/templates/secrets.yaml | 10 ++++++---- stable/rabbitmq/templates/statefulset.yaml | 6 +++--- stable/rabbitmq/values-production.yaml | 2 ++ stable/rabbitmq/values.yaml | 2 ++ 7 files changed, 38 insertions(+), 8 deletions(-) diff --git a/stable/rabbitmq/Chart.yaml b/stable/rabbitmq/Chart.yaml index bb4b61a68f4f..a1acc2a94811 100644 --- a/stable/rabbitmq/Chart.yaml +++ b/stable/rabbitmq/Chart.yaml @@ -1,5 +1,5 @@ name: rabbitmq -version: 4.1.1 +version: 4.2.0 appVersion: 3.7.11 description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) keywords: diff --git a/stable/rabbitmq/README.md b/stable/rabbitmq/README.md index 9b0732c9cd6f..4994376773a0 100644 --- a/stable/rabbitmq/README.md +++ b/stable/rabbitmq/README.md @@ -57,7 +57,9 @@ The following table lists the configurable parameters of the RabbitMQ chart and | `rbacEnabled` | Specify if rbac is enabled in your cluster | `true` | | `rabbitmq.username` | RabbitMQ application username | `user` | | `rabbitmq.password` | RabbitMQ application password | _random 10 character long alphanumeric string_ | +| `rabbitmq.existingPasswordSecret` | Existing secret with RabbitMQ credentials | nil | | `rabbitmq.erlangCookie` | Erlang cookie | _random 32 character long alphanumeric string_ | +| `rabbitmq.existingErlSecret` | Existing secret with RabbitMQ Erlang cookie | nil | | `rabbitmq.plugins` | configuration file for plugins to enable | `[rabbitmq_management,rabbitmq_peer_discovery_k8s].` | | `rabbitmq.clustering.address_type` | Switch clustering mode | `ip` or `hostname` | | `rabbitmq.clustering.k8s_domain` | Customize internal k8s cluster domain | `cluster.local` | diff --git a/stable/rabbitmq/templates/_helpers.tpl b/stable/rabbitmq/templates/_helpers.tpl index b6e5b889d7b0..b9fa48f30d7e 100644 --- a/stable/rabbitmq/templates/_helpers.tpl +++ b/stable/rabbitmq/templates/_helpers.tpl @@ -63,3 +63,25 @@ Return the proper metrics image name {{- $tag := .Values.metrics.image.tag | toString -}} {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} {{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "rabbitmq.secretPasswordName" -}} + {{- if .Values.rabbitmq.existingPasswordSecret -}} + {{- printf "%s" .Values.rabbitmq.existingPasswordSecret -}} + {{- else -}} + {{- printf "%s" (include "rabbitmq.fullname" .) -}} + {{- end -}} +{{- end -}} + +{{/* +Get the erlang secret. +*/}} +{{- define "rabbitmq.secretErlangName" -}} + {{- if .Values.rabbitmq.existingErlangSecret -}} + {{- printf "%s" .Values.rabbitmq.existingErlangSecret -}} + {{- else -}} + {{- printf "%s" (include "rabbitmq.fullname" .) -}} + {{- end -}} +{{- end -}} diff --git a/stable/rabbitmq/templates/secrets.yaml b/stable/rabbitmq/templates/secrets.yaml index b5362f142f34..19c0296cd364 100644 --- a/stable/rabbitmq/templates/secrets.yaml +++ b/stable/rabbitmq/templates/secrets.yaml @@ -1,3 +1,4 @@ +{{ if or (not .Values.rabbitmq.existingErlangSecret) (not .Values.rabbitmq.existingPasswordSecret) }} apiVersion: v1 kind: Secret metadata: @@ -9,13 +10,14 @@ metadata: heritage: "{{ .Release.Service }}" type: Opaque data: - {{ if .Values.rabbitmq.password }} + {{ if not .Values.rabbitmq.existingPasswordSecret }}{{ if .Values.rabbitmq.password }} rabbitmq-password: {{ .Values.rabbitmq.password | b64enc | quote }} {{ else }} rabbitmq-password: {{ randAlphaNum 10 | b64enc | quote }} - {{ end }} - {{ if .Values.rabbitmq.erlangCookie }} + {{ end }}{{ end }} + {{ if not .Values.rabbitmq.existingErlangSecret }}{{ if .Values.rabbitmq.erlangCookie }} rabbitmq-erlang-cookie: {{ .Values.rabbitmq.erlangCookie | b64enc | quote }} {{ else }} rabbitmq-erlang-cookie: {{ randAlphaNum 32 | b64enc | quote }} - {{ end }} + {{ end }}{{ end }} +{{ end }} diff --git a/stable/rabbitmq/templates/statefulset.yaml b/stable/rabbitmq/templates/statefulset.yaml index 2e304a111705..185f28bd38d4 100644 --- a/stable/rabbitmq/templates/statefulset.yaml +++ b/stable/rabbitmq/templates/statefulset.yaml @@ -152,12 +152,12 @@ spec: - name: RABBITMQ_ERL_COOKIE valueFrom: secretKeyRef: - name: {{ template "rabbitmq.fullname" . }} + name: {{ template "rabbitmq.secretErlangName" . }} key: rabbitmq-erlang-cookie - name: RABBITMQ_PASSWORD valueFrom: secretKeyRef: - name: {{ template "rabbitmq.fullname" . }} + name: {{ template "rabbitmq.secretPasswordName" . }} key: rabbitmq-password {{- if .Values.metrics.enabled }} - name: metrics @@ -167,7 +167,7 @@ spec: - name: RABBIT_PASSWORD valueFrom: secretKeyRef: - name: {{ template "rabbitmq.fullname" . }} + name: {{ template "rabbitmq.secretPasswordName" . }} key: rabbitmq-password - name: RABBIT_URL value: "http://localhost:{{ .Values.service.managerPort }}" diff --git a/stable/rabbitmq/values-production.yaml b/stable/rabbitmq/values-production.yaml index 6fbf2ce3c970..f0f9e05afb5c 100644 --- a/stable/rabbitmq/values-production.yaml +++ b/stable/rabbitmq/values-production.yaml @@ -43,11 +43,13 @@ rabbitmq: ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables ## # password: + # existingPasswordSecret: name-of-existing-secret ## Erlang cookie to determine whether different nodes are allowed to communicate with each other ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables ## # erlangCookie: + # existingErlangSecret: name-of-existing-secret ## Node name to cluster with. e.g.: `clusternode@hostname` ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables diff --git a/stable/rabbitmq/values.yaml b/stable/rabbitmq/values.yaml index ade7a4b38be0..c38e4d9921e0 100644 --- a/stable/rabbitmq/values.yaml +++ b/stable/rabbitmq/values.yaml @@ -43,11 +43,13 @@ rabbitmq: ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables ## # password: + # existingPasswordSecret: name-of-existing-secret ## Erlang cookie to determine whether different nodes are allowed to communicate with each other ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables ## # erlangCookie: + # existingErlangSecret: name-of-existing-secret ## Node name to cluster with. e.g.: `clusternode@hostname` ## ref: https://github.com/bitnami/bitnami-docker-rabbitmq#environment-variables From c286d3d94619a1dd52ffba15ddcd9bee542c61f6 Mon Sep 17 00:00:00 2001 From: davidhjelm <47514223+davidhjelm@users.noreply.github.com> Date: Mon, 11 Feb 2019 04:10:32 -0500 Subject: [PATCH 0114/1586] Replace Prestashop with Wordpress in README (#11317) Signed-off-by: David Hjelm --- stable/wordpress/Chart.yaml | 2 +- stable/wordpress/README.md | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/wordpress/Chart.yaml b/stable/wordpress/Chart.yaml index 9280712d753a..daf5359bdd40 100644 --- a/stable/wordpress/Chart.yaml +++ b/stable/wordpress/Chart.yaml @@ -1,5 +1,5 @@ name: wordpress -version: 5.2.1 +version: 5.2.2 appVersion: 5.0.3 description: Web publishing platform for building blogs and websites. icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png diff --git a/stable/wordpress/README.md b/stable/wordpress/README.md index d8f7d0bd4e8a..5ae6bb124b49 100644 --- a/stable/wordpress/README.md +++ b/stable/wordpress/README.md @@ -95,10 +95,10 @@ The following table lists the configurable parameters of the WordPress chart and | `ingress.enabled` | Enable ingress controller resource | `false` | | `ingress.certManager` | Add annotations for cert-manager | `false` | | `ingress.annotations` | Ingress annotations | `[]` | -| `ingress.hosts[0].name` | Hostname to your PrestaShop installation | `prestashop.local` | +| `ingress.hosts[0].name` | Hostname to your Wordpress installation | `wordpress.local` | | `ingress.hosts[0].path` | Path within the url structure | `/` | | `ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` | -| `ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `prestashop.local-tls` | +| `ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `wordpress.local-tls` | | `ingress.secrets[0].name` | TLS Secret Name | `nil` | | `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | | `ingress.secrets[0].key` | TLS Secret Key | `nil` | From 0e9aa00a5c482913b76ee61d2859b2b1286f1009 Mon Sep 17 00:00:00 2001 From: Jannis Oeltjen Date: Mon, 11 Feb 2019 10:19:59 +0100 Subject: [PATCH 0115/1586] [stable/jenkins] Add option to overwrite plugins (#11231) * [stable/jenkins] Add option to overwrite plugins Add an option to that will overwrite all installed plugins with their versions with the values provided via the Master.InstallPlugins parameter. Signed-off-by: Jannis Oeltjen * [stable/jenkins] bump version SemVer style Signed-off-by: Jannis Oeltjen --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/README.md | 1 + stable/jenkins/templates/config.yaml | 4 ++++ stable/jenkins/values.yaml | 2 ++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index 580a0e733cce..c5b521f5385c 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.30.0 +version: 0.31.0 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index d0baf1ab36b3..192540b92650 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -80,6 +80,7 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.SecretsFilesSecret` | Kubernetes secret that contains 'secrets' files | Not set | | `Master.Jobs` | Jenkins XML job configs | Not set | | `Master.InstallPlugins` | List of Jenkins plugins to install | `kubernetes:1.14.0 workflow-aggregator:2.6 credentials-binding:1.17 git:3.9.1 workflow-job:2.31` | +| `Master.OverwritePlugins` | Overwrite installed plugins on start.| `false` | | `Master.EnableRawHtmlMarkupFormatter` | Enable HTML parsing using (see below) | Not set | | `Master.ScriptApproval` | List of groovy functions to approve | Not set | | `Master.NodeSelector` | Node labels for pod assignment | `{}` | diff --git a/stable/jenkins/templates/config.yaml b/stable/jenkins/templates/config.yaml index ebbf771cb991..3db7695c3700 100644 --- a/stable/jenkins/templates/config.yaml +++ b/stable/jenkins/templates/config.yaml @@ -231,6 +231,10 @@ data: {{- end }} {{- end }} {{- end }} +{{- if .Values.Master.OverwritePlugins }} + # remove all plugins from shared volume + rm -rf /var/jenkins_home/plugins/* +{{- end }} {{- if .Values.Master.InstallPlugins }} # Install missing plugins cp /var/jenkins_config/plugins.txt /var/jenkins_home; diff --git a/stable/jenkins/values.yaml b/stable/jenkins/values.yaml index 85f4355f8977..65754ba0e162 100644 --- a/stable/jenkins/values.yaml +++ b/stable/jenkins/values.yaml @@ -138,6 +138,8 @@ Master: - credentials-binding:1.17 - git:3.9.1 + # Enable to always override the installed plugins with the values of 'Master.InstallPlugins' on upgrade or redeployment. + # OverwritePlugins: true # Enable HTML parsing using OWASP Markup Formatter Plugin (antisamy-markup-formatter), useful with ghprb plugin. # The plugin is not installed by default, please update Master.InstallPlugins. # EnableRawHtmlMarkupFormatter: true From 8df3775ffe6e10ad02a2a709979caba3abc2b1e2 Mon Sep 17 00:00:00 2001 From: Kyle von Bredow Date: Mon, 11 Feb 2019 08:34:18 -0500 Subject: [PATCH 0116/1586] [stable/prometheus-operator] update dependencies (#11044) * Updating dependencies Signed-off-by: Kyle von Bredow * Regenerated lock file for kube-state-metrics 0.13.1 Signed-off-by: Kyle von Bredow --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/requirements.lock | 10 +++++----- stable/prometheus-operator/requirements.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 17330e21b38c..f13b0435373b 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.1.6 +version: 2.2.0 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/requirements.lock b/stable/prometheus-operator/requirements.lock index 7335f4f21aae..1a41e263ee4e 100644 --- a/stable/prometheus-operator/requirements.lock +++ b/stable/prometheus-operator/requirements.lock @@ -1,12 +1,12 @@ dependencies: - name: kube-state-metrics repository: https://kubernetes-charts.storage.googleapis.com/ - version: 0.13.0 + version: 0.13.1 - name: prometheus-node-exporter repository: https://kubernetes-charts.storage.googleapis.com/ - version: 1.1.0 + version: 1.2.0 - name: grafana repository: https://kubernetes-charts.storage.googleapis.com/ - version: 1.25.0 -digest: sha256:db064dc47d3363e31d6e317385b29bffc30929ed42a0d2951109184e907721e2 -generated: 2019-01-15T16:00:38.946498-08:00 + version: 1.25.4 +digest: sha256:411bae69348d77ddf01781cba2d50c663b493cec7f594e189e7cf5f412a4b076 +generated: 2019-02-04T17:42:55.311259105-05:00 diff --git a/stable/prometheus-operator/requirements.yaml b/stable/prometheus-operator/requirements.yaml index 8d9a6aee0ac1..ea77ebe29d40 100644 --- a/stable/prometheus-operator/requirements.yaml +++ b/stable/prometheus-operator/requirements.yaml @@ -6,7 +6,7 @@ dependencies: condition: kubeStateMetrics.enabled - name: prometheus-node-exporter - version: 1.1.* + version: 1.2.* repository: https://kubernetes-charts.storage.googleapis.com/ condition: nodeExporter.enabled From 10309247151b460e1d2bc85da9c574c565aeb217 Mon Sep 17 00:00:00 2001 From: Steve Huff Date: Mon, 11 Feb 2019 15:26:03 +0100 Subject: [PATCH 0117/1586] Track upstream v3-release tag, use loopback IP for probes (#10324) * Track uswitch/kiam:v3.0, use loopback for probes Signed-off-by: Steve Huff * Update test certs for e2e per upstream doc Signed-off-by: Steve Huff --- stable/kiam/Chart.yaml | 4 ++-- stable/kiam/README.md | 6 +++--- stable/kiam/ci/test-values.yaml | 12 ++++++------ stable/kiam/values.yaml | 6 +++--- 4 files changed, 14 insertions(+), 14 deletions(-) diff --git a/stable/kiam/Chart.yaml b/stable/kiam/Chart.yaml index d77f448647cd..7a39733d8994 100644 --- a/stable/kiam/Chart.yaml +++ b/stable/kiam/Chart.yaml @@ -1,6 +1,6 @@ name: kiam -version: 2.0.1-rc7 -appVersion: 3.0-rc1 +version: 2.1.0 +appVersion: 3.0 description: Integrate AWS IAM with Kubernetes keywords: - kiam diff --git a/stable/kiam/README.md b/stable/kiam/README.md index 8932091b6705..cdc39c29c826 100644 --- a/stable/kiam/README.md +++ b/stable/kiam/README.md @@ -94,7 +94,7 @@ Parameter | Description | Default `agent.enabled` | If true, create agent | `true` `agent.name` | Agent container name | `agent` `agent.image.repository` | Agent image | `quay.io/uswitch/kiam` -`agent.image.tag` | Agent image tag | `v2.8` +`agent.image.tag` | Agent image tag | `v3.0` `agent.image.pullPolicy` | Agent image pull policy | `IfNotPresent` `agent.dnsPolicy` | Agent pod DNS policy | `ClusterFirstWithHostNet` `agent.extraArgs` | Additional agent container arguments | `{}` @@ -125,7 +125,7 @@ Parameter | Description | Default `server.name` | Server container name | `server` `server.gatewayTimeoutCreation` | Server's timeout when creating the kiam gateway | `50ms` `server.image.repository` | Server image | `quay.io/uswitch/kiam` -`server.image.tag` | Server image tag | `v2.8` +`server.image.tag` | Server image tag | `v3.0` `server.image.pullPolicy` | Server image pull policy | `Always` `server.assumeRoleArn` | IAM role for the server to assume before processing requests | `null` `server.cache.syncInterval` | Pod cache synchronization interval | `1m` @@ -140,7 +140,7 @@ Parameter | Description | Default `server.prometheus.syncInterval` | Server Prometheus synchronization interval | `5s` `server.podAnnotations` | Annotations to be added to server pods | `{}` `server.podLabels` | Labels to be added to server pods | `{}` -`server.probes.serverAddress` | Address that readyness and liveness probes will hit | `localhost` +`server.probes.serverAddress` | Address that readyness and liveness probes will hit | `127.0.0.1` `server.resources` | Server container resources | `{}` `server.roleBaseArn` | Base ARN for IAM roles. If not specified use EC2 metadata service to detect ARN prefix | `null` `server.sessionDuration` | Session duration for STS tokens generated by the server | `15m` diff --git a/stable/kiam/ci/test-values.yaml b/stable/kiam/ci/test-values.yaml index 5a35cf559dee..4df72842d5b3 100644 --- a/stable/kiam/ci/test-values.yaml +++ b/stable/kiam/ci/test-values.yaml @@ -3,15 +3,15 @@ agent: gatewayTimeoutCreation: 60s tlsFiles: # Base64-encoded PEMs. - key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNWE5eW9ZMnZqbFE3bFFaN0I1SWVEbFZoa0h6WHpUSmZ1RVhwQ0NDWU1iQ1pMRnJkCk1VTVBpNUYrdVdSVkVKOFV0MklDQVlmNnZjbDBrckkxeU9jakJhRnJtMEJQZ2dEL3R0ZVdnYmFhcmdxWEV2VHUKQjNFZEl6TDk4VEFXSWhtNnVJQjYvRUwxbWxieW5oZ0lpaUlaUnhYUXpXUCthenIyclpVSFBvT2MwZ0o1UWljdAovMWNjZzVLdm8xQ001R29wVUgzc1NnUUtaQmpRQzN0UW9FbGJuQW56elFUUjI5VTdCWWRadk9KN0p2RG1EWjA5CjNHcEtlZ1hmVVE3WE9jcVdRYjhmOStKYzVUSUlNazNhME51U1dtQmdSa1hWSVRRbVhnaERTeVo0QkdTR1NhcUgKclhPZFJxMy9sckpMN1F3bFZjTVpVSndmMk8wOGdFdFlLTjlTa1FJREFRQUJBb0lCQUQ5MlpybjBxQmt2ZFBjTQpQMW9zS1ZuVWhZeWlzZzNrYVVaRktzb3dGMTFEYWs4ekhBTE1nTE1UbEd3dEtNUGE4S0pxMWhzT00xM1ZGL3lnCmVQUDF5VnQ0Nm42UEdtalZWZEp6WndhWUtjMEU2QkU0MDd3Q3FRWmN4SVdydjdIVVloOHdnTXJLeFluTGxHWFMKUmluRW1pOWwrN2VFZFh1ell3MDdMREU5dEVyaUZmQkZXb29YbGNuVGg4Y3FtSmhlNWJXTzB5bHpFaEVVNktRUQpZVUNvQ3lVVC9xdHVSVGFJZ3V6NTAvQ0ZYOHdQaUhlbFBodHgzRE5EVFR5OEViSXg0b2ZRdmFEWWxPSXY5eitvCitIcXBtNDQvWmFVNm5udERjZE44dkt5bENNNitibTIvSGYvbnl6T29mT0d1eTJKOCt3WGtIYzVrWXlzWWxHcEUKWVBXTTNqRUNnWUVBL2tPcm5HR3FVRFVIMFAvQXI5eGw0NWN1Szdhc1R6aDZWcHd2aEUzVGJHMGxZek1TMGNNWApQRFN6Z3R4dUIrRHRDZWcwcDZrUFJSbzhLU1FIWnIzclp1T2lCckdkSTRmVGYxZURlVU9yQ3EyOGxaZnBKTmx1CkJRSWg1eXhWeHZ6TmxpR1VJZjEyeUYwNEZDRktFNWlPQWcvTmRHQUVkR0ZrQ3hCaE5Mazh6Yk1DZ1lFQTUwRFQKUzBhcjg1YTgxanRBUHJVQ1VmMGJZSXpyeU9qbnJvVmtmZCtJbVRaQnBpZWxNbW9YdUEwWlJQSVViTEdHZTJiQgpkVGowVlBycEZ1NkY5b2ZzUE52ajZCeEhoS1pPWmN5WDc5WGlBZjVCZEJoR2xQQzNobTJleEFuN0ZVdVNyaWtqCjNBOC9rcVRCMjdVSHJMOWR4U0pZY05KNklQdjZob0VKdER0NFpLc0NnWUE1SGZaMUFMT0RwUVlHZXcxTDlCU24KVlpTM21TZUgvRVh2SXRMQnc4SFV2NGdBaXI2VmhGKzUxSlRtdHFHNC8xd0FON3RzVmx2cHlBVHZzUHBBcURVegpQYnR1Q1lRbE1TUGZuVWNaZkl2MXNDV0c3VU1nVmYrUy9IR2xQcDVlUHZmbjI4OHMrNFV0YVZOcG9qakR3aWRVCmF6eGFBaCsrRFFxdU9aVzhoRWdXWlFLQmdRQ0EzVGJoTTdpT1BPbHQyQWFzNnVFb0h3c3FlbHpKMEQrS21QcXUKeWVtc3R2ZE9SN2xlcHBBaEYrdUU2QUZKc0lOb01KS05aL2QvZzNKd1BPcVp2cFIrTldxQzVYOVZBL2ViOHE2WQpEMitwL0swc3JIcG9kTnRRSmJYYk9GU2FRVXF6a21sUkw0NFZnWW9sakhPQ2FBRXc0VHEzWkJKNlh1LzBFK1A4CmMwZGJrUUtCZ1FEczZYbDhzWDB1cVRWcjJDdGFwdDJTcytCUGpaYXJ2WFBhMHI4RDN3RG50bkRzY0ZkNitLT2sKYlZCZ0Z1R1E4TVZpOUE5c3NLRWU4Y1c2VUk0dXgweERHRkpCNGRDWkdoSURPUzlLRnNuT0lpNVhudnA2YmxVZQpEU3RISVlIdnExSThlblIrV2dFYzA1aGNySHhZbXpZbE9GT3JBUXRRc0tsNFJ0dktqWjBkMnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= - cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQ2RENDQXRDZ0F3SUJBZ0lVVHBPaWJzYnZWcHJkbkhMTFlCTWJ2NGVOQlZBd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2JERU1NQW9HQTFVRUJoTURWVk5CTVFzd0NRWURWUVFJRXdKRFFURVVNQklHQTFVRUJ4TUxURzl6SUVGdQpaMlZzWlhNeEdUQVhCZ05WQkFvVEVFTnNiM1ZrSUZCdmMzTmxMQ0JNVEVNeEREQUtCZ05WQkFzVEEwOXdjekVRCk1BNEdBMVVFQXhNSFMybGhiU0JEUVRBZUZ3MHhPVEF4TURJd09UVTRNREJhRncweU1EQXhNREl3T1RVNE1EQmEKTUc4eEREQUtCZ05WQkFZVEExVlRRVEVMTUFrR0ExVUVDQk1DUTBFeEZEQVNCZ05WQkFjVEMweHZjeUJCYm1kbApiR1Z6TVJrd0Z3WURWUVFLRXhCRGJHOTFaQ0JRYjNOelpTd2dURXhETVF3d0NnWURWUVFMRXdOUGNITXhFekFSCkJnTlZCQU1UQ2t0cFlXMGdRV2RsYm5Rd2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUIKQVFEbHIzS2hqYStPVkR1VkJuc0hraDRPVldHUWZOZk5NbCs0UmVrSUlKZ3hzSmtzV3QweFF3K0xrWDY1WkZVUQpueFMzWWdJQmgvcTl5WFNTc2pYSTV5TUZvV3ViUUUrQ0FQKzIxNWFCdHBxdUNwY1M5TzRIY1Iwak12M3hNQllpCkdicTRnSHI4UXZXYVZ2S2VHQWlLSWhsSEZkRE5ZLzVyT3ZhdGxRYytnNXpTQW5sQ0p5My9WeHlEa3EralVJemsKYWlsUWZleEtCQXBrR05BTGUxQ2dTVnVjQ2ZQTkJOSGIxVHNGaDFtODRuc204T1lOblQzY2FrcDZCZDlSRHRjNQp5cFpCdngvMzRsemxNZ2d5VGRyUTI1SmFZR0JHUmRVaE5DWmVDRU5MSm5nRVpJWkpxb2V0YzUxR3JmK1dza3Z0CkRDVlZ3eGxRbkIvWTdUeUFTMWdvMzFLUkFnTUJBQUdqZnpCOU1BNEdBMVVkRHdFQi93UUVBd0lGb0RBZEJnTlYKSFNVRUZqQVVCZ2dyQmdFRkJRY0RBUVlJS3dZQkJRVUhBd0l3REFZRFZSMFRBUUgvQkFJd0FEQWRCZ05WSFE0RQpGZ1FVNitkNTlmTDE5MWlpbS9aOTVrblZXc3poTm5Nd0h3WURWUjBqQkJnd0ZvQVVDdlh5MGl1dE80cVk0Yi9qCk1wZDdmelRZWEt3d0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFIaHVvZVFGK2IxbUJ0b3k2ZnBybkdQTW02V2cKVFV3SDBzWlE3MlV6N0crZnAvSXBkY2NiejBoSWJlZCtpMy9xcGMwQVZiSVR2NzhoZEpkbHM5d1k5Rlg2V05hMQowVGtoTUt6K3BEMER6Y3V1VEo5OFVXWUU1TnZJVC8zQnYrcy9NQjV4VDRqTVVkMy9hbHlZMmVMRHM5RUhEUzFJCk9EMmRweVRnT1E3VXE0NTFJS1kvVUpGS1ZaeTAwYmhSeFBLYjBSRFRnUmtiNUZwSGRlT09xcWZwWHdEZjVJaG0KU0JvVUhydWVtN1Juc3o2LzdpVkN2ZWRZQmc3UXFDOVltanZ4WDRlZmNlZG13U0NBS1VLSzM0MEI0SXk0Q1NYZApkQ01WWGdpN1BhdVZJMVVxaC9vWW1jNE13dlBiaGtYTkZVbVpqbCtLODFYQmpMNDJvQ3UvdlNDZklIVT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= - ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxRENDQXBDZ0F3SUJBZ0lVRkwwZHRPSE55d0pmaWFoTG54M0psZzd1MjBZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2JERU1NQW9HQTFVRUJoTURWVk5CTVFzd0NRWURWUVFJRXdKRFFURVVNQklHQTFVRUJ4TUxURzl6SUVGdQpaMlZzWlhNeEdUQVhCZ05WQkFvVEVFTnNiM1ZrSUZCdmMzTmxMQ0JNVEVNeEREQUtCZ05WQkFzVEEwOXdjekVRCk1BNEdBMVVFQXhNSFMybGhiU0JEUVRBZUZ3MHhPVEF4TURJd09UVTRNREJhRncweU5EQXhNREV3T1RVNE1EQmEKTUd3eEREQUtCZ05WQkFZVEExVlRRVEVMTUFrR0ExVUVDQk1DUTBFeEZEQVNCZ05WQkFjVEMweHZjeUJCYm1kbApiR1Z6TVJrd0Z3WURWUVFLRXhCRGJHOTFaQ0JRYjNOelpTd2dURXhETVF3d0NnWURWUVFMRXdOUGNITXhFREFPCkJnTlZCQU1UQjB0cFlXMGdRMEV3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3QKODhMV1VOT3lHcDUxMVJYWlpXaVJzcVJkUmdUOStZUXQzN21lcCtOWndlcFFQUmNkblh1anYwYnV6RUdpK0k4SApSL1B6TzRUdytGeXN1KzJaRElRTG9aWE10YkdGZ0FFSVc1YUtVOHZRMTF6Y2dhMmYyQnJXRzNVai8zK3pWOWUvCmlaT3JlS1hmZFAzRnV4bDc3TllPY20xOVU5Nnk4TGNDOEduK29DZmJVcThOcHZVMDNmZGRjTC9qTy9ZTlJETGgKVy9zR1JmVnlNd0tVVjRjaUtNQ3hjQ0JxZWNZbmkyVTYweEF2QyswSFZwR3VnSmliWWpBZXZuaUM3NjVOa1pmMwpFWFRVSkJGT284WFBZdWgweThuYWRMT0RWMzB0bWZVRHlxaWMramJzU1FaREZQNVNJNGVLLzNEM21ldHZzd1loCkcvRUtJTUh0V0ZpZHBSRWMzYis3QWdNQkFBR2pRakJBTUE0R0ExVWREd0VCL3dRRUF3SUJCakFQQmdOVkhSTUIKQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJRSzlmTFNLNjA3aXBqaHYrTXlsM3QvTk5oY3JEQU5CZ2txaGtpRwo5dzBCQVFzRkFBT0NBUUVBRCsyNERKSEhZWlRibTlFRW93UFA4Sk5LdWMwYkQ0cC8rNms0RExDajRJTWtLRFpqClgwWHZlQWkvTm9sQWZVTkFBQi9WTnRLMTB0ZFZVSGhhZW8zRFQ4OFRKaEQra3VJOGdhbHlDZlhnSnVrdytRMHQKWEp2WS8vZ1NQT0xuQ3NMSTIrQUlYNlJ6SUwyODNzaDRIY2FBaE81YnRCc1Q0U3lqN2t6UGFuTGdQOVpVYTFoZQpxVUpjNms0Q1FzUFA2YmtZanQ4QktFaE5XVmJ6aXpOcyszSFFaMzVHeDRka1VLd1ZnVklWTGU2bmtJV1RJeHVJCmloRkNmWjJTRWphS0Uwdi9tM0p5RjhJTzVJQTBQTFFiMUw4Y1NyM2R4cUszank3cGVxY1ZRbmhGZzNIMkdHWEsKeFVlUlZjYm44WEFyV0NCWUJiM0JyZjZ2V082RFM3L1VjWnV3UkE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBenp6ZlVrVjE5SDR2eGFabUpEWUVoYUZHckdwY0ovbURqclp5dE1pOER6bGJKSEJQCkRGdjFRVHVEZmNSTDIyZm9HNmcvTWZRbDZRUVArc1hrMTlOL2UxTFpCb0FvWUI4R05XcXorUjBqSklTN1FBWGQKQW1wM0FyU2JkQzZZa1owdXFrTkhCOHY0aW82ZEZvSlQvNHhLYXFjSUxraEU3RmRTY3BucURjQ2ZvVVRxMXBWegpwWEcxR1hja0NrSnA1L2NiVHl5dWV6WUlXSjBaUHdheHYzTUhOMzVjM2NQSHk2dDJoR2FNM29aZldJQ1krVUVaCkRBcHAvWjI5bVlWZkFwSyttQ0dXcXBwVHBoRUtJaXdOdS9wNkt0eTVMRlFFTDBzRi9WZUdHSHRjVG93WjR2RW8KcWVxUUxlVy9Wc1RBRWIzWk96eXhoU0NxRWdYRmxvUVp3amt2ZlFJREFRQUJBb0lCQUFkTktMMFlUMmlXelk0VQpKOE1jMkJueExiRkRhZzNLZjdVV2ZvSWFGRzRnNGpJdGRzdURyZWRuZG1HRytmazM5dmlLZS9lQmw1aFhHVTBICmplR0F4UndPTmpGQmNLcTZUUml5c3JhVExUckxKbUhDRXlCVHFlL0JkenlucTU1dHdFZ2xhS3BBcUhnUlFEMmIKeCtQWUNJTXJjV0ZZRUgyWE1nTnhvc3ByUC9TSmpiOGR4NkdjRzY2MW9sczJodkdaN2xzTjErQUx5cC9mTldidgpaTWZ1QXB2MmJJaXkrTjRoMUY0bWZTN21LNS9RNXNjZ0VTQWRodUZTNVZOUnJJa0h0TGEzMXA0VUpWOVM3Tko1CkU5OG52TEdZTFQxNmx3Wmd1eUtUSXZLVzhMNFQ4YVhnMnJjWGxNNGZDV3VoR2R4dTUzRmcvL3kvYmhvemxYOFkKdzBic29nMENnWUVBejVWWVhVWDJoTjVDalREcW5MMEhzaUhwcHBWTXJnWlBPSTNuWlgvMksyQm0yNWQ2M0lvawo1ZHl0UEE0eWhvcWtKZ3VmUXpUTUVCSnRxMWVDNkZWMjVqamMvSHRLeXZXMEJMSjdCbFFXZkRpOTdZZVBzNDIwCnFRL2NKWWM2WnJUbEErKzJ1OVNxRDAxd055UVB0QVplMXR0NzFteDFmYnVUSkwrdFhqayticWNDZ1lFQS81TGsKVHQrdEtKbjI4QjNmdGhlb1dQM0poazJBWlJ6K2RzdHIxSGpVdUNTV0xNY1BiTm9kOVhCTjlMK01BQTNHYmtUTApLWWNmYXpzbWR1ZUtFd2xUaDlWSXF0TVh0MUEwcGU3Q25uOGJISUpnajE1RnBSNDduVExiVlVuNTl5WitOSFdPClppL000SHJyVThzWXFrN3ExS244eTlMKzVhU2xjTUcrb2RrSnVUc0NnWUJocHRIdzN1Ni9Sb2RzUUN5K0d6YTUKbDdhQXhROVRkbWhpSkc5TWtrdk4wQVhURzRtU29mSUZxREJlWmhkaXIyblU4L2F4K081ZVNTMEtRNXF6alREbgowS3cwb2hObk12ckNrdXZJNkZuRGlqWGV2YnplTExWbUtxM1hnYXY1a1BPRFRJdGNCUWtUTmN5cVErNlhNNy85CnR6YWtnbFVyRnNoN3F5ZjFnVnhiVlFLQmdRRGd5eWNkYVFnNWFoTVZhSEZaREwzNmFGOVZUZDNkRWYrUUphU1cKb2lFWVJyWUFkS1pRckJrbHhMNE14RjR6dmVvSEcyTkhCNTdQQnB2eWdmMmtlTk9MNmtHY1gwZkE2VDhscERoeQppSUlrTlZrUlFXNG9xY3J0bmNubDNzZUtaOFVpQnpSVkZUNHpSR3F3clRib3Riay9qTFRaNHFCcEJNU3Z4UG9VCkNYN1ArUUtCZ0YwZmNPaEpPcFVUN1RUalAzMkVPRzZPbnJGZkgwYm9zNXFvQjVDbU5nUS9BbHJPV2ZnRVRSN3oKUG40YXFETzhiUWRpdkhod0FZVzcvWGZ5SXp3NkpydWgxYUxWZWlRRzBacmZ0SytwaXRrbjhmb3M5ZVpFMjZUUQpKd09XNnNCUDQza1JrQ3lxbVpOWGxCTWpsNW1FV0pYd2ZUMVJzZ2twMUZKMDhVOXFDaEtVCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg== + cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQwakNDQXJxZ0F3SUJBZ0lVUkJOTGtXYkNPK25YYkNESFNqM2x1dDIyQjYwd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNWVXN4RHpBTkJnTlZCQWdUQmt4dmJtUnZiakVQTUEwR0ExVUVCeE1HVEc5dQpaRzl1TVJBd0RnWURWUVFLRXdkMVUzZHBkR05vTVF3d0NnWURWUVFMRXdOWFYxY3hFREFPQmdOVkJBTVRCMHRwCllXMGdRMEV3SGhjTk1Ua3dNVE13TVRRME9UQXdXaGNOTWpBd01UTXdNVFEwT1RBd1dqQmtNUXN3Q1FZRFZRUUcKRXdKVlN6RVBNQTBHQTFVRUNCTUdURzl1Wkc5dU1ROHdEUVlEVlFRSEV3Wk1iMjVrYjI0eEVEQU9CZ05WQkFvVApCM1ZUZDJsMFkyZ3hEREFLQmdOVkJBc1RBMWRYVnpFVE1CRUdBMVVFQXhNS1MybGhiU0JCWjJWdWREQ0NBU0l3CkRRWUpLb1pJaHZjTkFRRUJCUUFEZ2dFUEFEQ0NBUW9DZ2dFQkFNODgzMUpGZGZSK0w4V21aaVEyQklXaFJxeHEKWENmNWc0NjJjclRJdkE4NVd5UndUd3hiOVVFN2czM0VTOXRuNkJ1b1B6SDBKZWtFRC9yRjVOZlRmM3RTMlFhQQpLR0FmQmpWcXMva2RJeVNFdTBBRjNRSnFkd0swbTNRdW1KR2RMcXBEUndmTCtJcU9uUmFDVS8rTVNtcW5DQzVJClJPeFhVbktaNmczQW42RkU2dGFWYzZWeHRSbDNKQXBDYWVmM0cwOHNybnMyQ0ZpZEdUOEdzYjl6QnpkK1hOM0QKeDh1cmRvUm1qTjZHWDFpQW1QbEJHUXdLYWYyZHZabUZYd0tTdnBnaGxxcWFVNllSQ2lJc0RidjZlaXJjdVN4VQpCQzlMQmYxWGhoaDdYRTZNR2VMeEtLbnFrQzNsdjFiRXdCRzkyVHM4c1lVZ3FoSUZ4WmFFR2NJNUwzMENBd0VBCkFhTi9NSDB3RGdZRFZSMFBBUUgvQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQU1CZ05WSFJNQkFmOEVBakFBTUIwR0ExVWREZ1FXQkJUVExFck5KaXpDemdEUVVnUUt5bE1uVUNwNgovekFmQmdOVkhTTUVHREFXZ0JSR1JJazdFOHRuYW4zcURvMHlTMEJtL0RNT1R6QU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBZFAwT0xaK1Q5ZEVLRHVDMUdLRmxlbkFqTFRHUU5ySmVGSjZlSERFY3FEOTMvQ1ZzOFNnTlo2NEkKY1ZzNzlIYjFXeUZpZC9Ld3Iyd0J1Wk1UUmxIRjJPcHE1bDJrUTFXaE1ibmNMRjB2ZXl4M2VpWVE3clRzL0xDNwptNTRpTFRIYWRuYTkrNE9rM0h4NFREdTRtV3BGNDVJaUR4TFZIN3JRdFJoQk1nVmlGWm9UTGEyam9pdjlIekhECktZY1BVaDFsUSt1UndGWFdFTlJVQmtsb1lOdmRZMlF5eUdVUUZON2xOMEVXTm5zSFFUWmVXQUlFUWhhZXV5cUMKV2NuWExsQS91bzdWOUNTM0tvMzgrMFczOXNmL1R6NVliejlZalVxY3BYQTZORTdGeFdzd0V1bi9TVWp6Q1pNRwpad0g4R1FnVHo1aVpmRnQ1VWVLZTRMUVFZQUdZU0E9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURrakNDQW5xZ0F3SUJBZ0lVUjgwVU9rbzlPZk5jQWRRaytLbzd5ejNKZGZrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNWVXN4RHpBTkJnTlZCQWdUQmt4dmJtUnZiakVQTUEwR0ExVUVCeE1HVEc5dQpaRzl1TVJBd0RnWURWUVFLRXdkMVUzZHBkR05vTVF3d0NnWURWUVFMRXdOWFYxY3hFREFPQmdOVkJBTVRCMHRwCllXMGdRMEV3SGhjTk1Ua3dNVE13TVRRME9UQXdXaGNOTWpRd01USTVNVFEwT1RBd1dqQmhNUXN3Q1FZRFZRUUcKRXdKVlN6RVBNQTBHQTFVRUNCTUdURzl1Wkc5dU1ROHdEUVlEVlFRSEV3Wk1iMjVrYjI0eEVEQU9CZ05WQkFvVApCM1ZUZDJsMFkyZ3hEREFLQmdOVkJBc1RBMWRYVnpFUU1BNEdBMVVFQXhNSFMybGhiU0JEUVRDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1udnZ1R2xud3luRzlteE9YT2dlRWUza1p2a1loQU8KcCtxZmpLWkZpajBFSU5pYVNEK3J1cVRrZ3JueTVUWTkzMzA5aFYrS2IzTnR2NFEwYmhOUzRjZnJpd0k3cWhuMApHVTRJUkxKd1crMXc4enZhRFMrT1lHcnJnMVdlc2l6VlpSRERTQzNFZE5GZUdXMjlMZWNiZ3NXN0N6MlJOUWQrCmIrNG83K05uemhJSzhRclozcnFWSGVjOUZOVnlydDc4ei8ySVVlZXhkYnZvNFRyUXRZOEQydTV4QUg2Y2lHUDUKVi94cFI1RmJ2bjNUNy80aldJbmxSWHBHeWkxemE2Mi9EaFV6czRZcGcxd01yZXdQT25Ea0VIT0RoTExpVmQ2dgpxQWQxVGdqUFdmTnR0MXZnUEtIQWJ3VXU3LzVWYnRwbVJGRTgxMEpSbDBYa2NwUHQ0cjhtQ21jQ0F3RUFBYU5DCk1FQXdEZ1lEVlIwUEFRSC9CQVFEQWdFR01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZFWkUKaVRzVHkyZHFmZW9PalRKTFFHYjhNdzVQTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFESUxzQzhVYkM5eE5jcwpWQWZJcUt4R0QrSE85STdtOHNITU5TQzhZbGRJQmRCSE5YRlBhK0o4Mk1hRklUZS91L0NEQ25RTXBuRWVpVi9MCmJxQ0RZbk01MEVQckNXalJGSDJFZGpocGhJTWJNSUpsMlNndGE1ZzlIT3ErTit4eC9tS21ua0xWYWQ1WkVFa0wKZnJ6NTFQRkhabEZyUDZUQ2c1VW9FUERteWw2WHQwNk5tRk40ODBxYjhLSEgxR3o3UEFlNTdIaGJPWXlMQWh3UwoxYjl6bnQxOW9KOXA2ZDlKakIyeEh3R016aWVMWVpQME1rcnJaYWRQUWtkY0NsczJhMkRRVmpCWEQvVzlhYXRBCmZtMEQ4dmN1b0dBdCt0VXkyVHRWR2xUdk5tMnlUeWNMWlhuMGdORDVGNmFCNjVvMmFtNUcvTWRSWDBrd1RCQXgKYU0vZEVQREoKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= server: gatewayTimeoutCreation: 60s roleBaseArn: "arn:aws:iam::0123456789:role/" tlsFiles: # Base64-encoded PEMs. - key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBNld5ZWt6VGwyTHp0UGFXbnhRUy9iVlRsTEFPcWVTN20yNWV2a2t3Z3hFdHJxemJvClJBenp5ai84MUZkV0xGb0h0RGNoZG9xbm9KOGcvbUNzWUtrNXRsQzRBektHNHVPemZESFBkV3d5ZnJSMEFvK24KQXNXeEF4bjkya09SU0ZqeGkwRy9CcjIzb2loUk1Lc3VsSndyRWpVRmFERzd3Q3FVaHQwQnVmSzFJcklRbGU3awpjYU8yaXFIeThFN2lYNlk5R1lVTHQ0QjR3SmJBRzNjSVlqVTd6R3NsNUJPUlo1RGdHUmt2TzFSbmtRUW4rUWVvCnh1U29BYStBc1hZekNOZEEyby84WFNUSmhONTd0a0xXOGF1NHRxbFk1NlgwOE85WmNsVFVXSWlqZUNFK3ROS2cKYktTSjg2cHpRcUh2SnJUYjU4SGdWTnVhbHkyTUhPdXZ2SGdCd1FJREFRQUJBb0lCQVFDd0x4WDUwa0Z5T0JkeApJbW5oSVZaRGRZS01tQy9CekE3ZnpEdnUxcHNjempoMFFMdExNZU9JMG9kSTFxcnFTd0hwbW5zZGVFWlJ6QW9oCk5tS2xpdFZPc05wVFAzM2tIeTNJSGVpU25wbjJYTW43Yk9ZSUI2TTF6aFoyK2V6Y2lKVzRJR1hJOXNWMkZheEMKYWRKOHhPc1ZrUU9GdzVRTTFaYkp2R0tqTVhoYXVFN2R0SWwvclUrU3JsS1d3MWFlaHN0VkxYT1JtK1JpY2xLZQpoTCtvdVhaV3hTei9HblRXUzJ6QnBiMGxiVkhJKzd1QW4wbXE0Z0d2c09tVWlXS2MxamhxUTVrU0h2YzNyY0wzCkltY2h5YnlzdkN4cXUwaFltRitaZmlMSHJ6VXFYS05IOXRjTi8yNk82ZldLT0ZHQk9CcnhTaWc5MDNGbDk1aFQKbGIzM0NLdmhBb0dCQVAxeUEwbS9GdHNNbG94cWxyNU4rS1R1OUpNbVNpMm5jTUFzTGxwMzBkVzl5M1hJOGRPawpWdnNHZThKRmxiQVllQzFlTlRqZWVHL2dzY3BZMkY0bkhFTEU4VmkwMkRCWFJ4SWg5VlJHcm04T0xBMENEdjJoCktTS0ZOWVU3VGgzSlFOQ0J2YkpvbFJXak9FWEcxSDhqRGgyK3VETk12WHVOaXVXN1FQS08zQjRkQW9HQkFPdkcKOGNtbGU5QmRsZlRtRi9XRit0ZGJRblIrZGE0Y0d1TmFQVVdxNmJaUVpNWVpkVFZXcXhVNmJsRHlBWXM3S1FQTgorR2JFZWh0VEt0clRCd1Nvb2Uxb1AzMThidlNKL0ZaVlFDTGFHYi9UNzhjaTFkNy9zdUQwa05KeFc1NXNVdDR3CmRtS2NRem1TdDhXNmxFc3JNVU5uN3E4aUNYeDhReklZN3U1QnBQRDFBb0dBYllieUNOSzk2OWdhejMvWXVWRTAKM1FJdlM5QkdTa2lNSDJCNGY3dzhRR1NQSXMyK1JEcEhKS0IrcDB3dkRqVGs2cVpGMWRlK3NJcW9Dc3d1WlRIOQpzcFV0djZvWHEzeHNTRmZJajYwa0FQWmM3eG91cEVrYlg4RzFpV2hCci9tak92aDJwRDB5QUhIVEJjU1JYSWduCnQ0OE9SNDBvYmRhVGFnaHNYdWFDRmJrQ2dZQkpBTHgwdHl4ekE4Y2VvTy9pTWEzTmFKQlhDYURlWEExblA5V2cKOEo2VXVLZTdQcjZ2MlRuM3hMUExsR010L1E5aUFqQmJnWkpkUzQ4RldqbmVFMml2M1l0ckMxQS9uMG5tWVZjTwpjNEZ0aCszQ051TUp2UnBoMU5mU2tRN1JLckV0NHN1RkZPVXJ1bVgwYnlUamNXZzdlcjdJc3oxRXNpVU1LZlF4CkNWcE0wUUtCZ1FDNmExNHZMZkEwSVdTNnc3RlMwU2F5TThIaFcrRVJkblIxU3RnRGNOdllUUEpCOVk1S1J5MkQKNGw0SW1OMGtRNHFwNm1pVlNjUEJRcDlFMzJ6VDAzbnVJNi9Tc0tpeE4xS0RKRnlDWjdKYXllakRjQTdnTGFmRQp2M3BFZktjOVJIMmRmZHJxcVZqODFCQWlEWkVSbmxJSHJXWnlwaUZ4K3oxdjZUaVdLYkh5NFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= - cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVQakNDQXlhZ0F3SUJBZ0lVV3praFJoak0yc0pjT2FtRnNQYWljbFFuUlRVd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2JERU1NQW9HQTFVRUJoTURWVk5CTVFzd0NRWURWUVFJRXdKRFFURVVNQklHQTFVRUJ4TUxURzl6SUVGdQpaMlZzWlhNeEdUQVhCZ05WQkFvVEVFTnNiM1ZrSUZCdmMzTmxMQ0JNVEVNeEREQUtCZ05WQkFzVEEwOXdjekVRCk1BNEdBMVVFQXhNSFMybGhiU0JEUVRBZUZ3MHhPVEF4TURJd09UVTRNREJhRncweU1EQXhNREl3T1RVNE1EQmEKTUhBeEREQUtCZ05WQkFZVEExVlRRVEVMTUFrR0ExVUVDQk1DUTBFeEZEQVNCZ05WQkFjVEMweHZjeUJCYm1kbApiR1Z6TVJrd0Z3WURWUVFLRXhCRGJHOTFaQ0JRYjNOelpTd2dURXhETVF3d0NnWURWUVFMRXdOUGNITXhGREFTCkJnTlZCQU1UQzB0cFlXMGdVMlZ5ZG1WeU1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0MKQVFFQTZXeWVrelRsMkx6dFBhV254UVMvYlZUbExBT3FlUzdtMjVldmtrd2d4RXRycXpib1JBenp5ai84MUZkVwpMRm9IdERjaGRvcW5vSjhnL21Dc1lLazV0bEM0QXpLRzR1T3pmREhQZFd3eWZyUjBBbytuQXNXeEF4bjkya09SClNGanhpMEcvQnIyM29paFJNS3N1bEp3ckVqVUZhREc3d0NxVWh0MEJ1ZksxSXJJUWxlN2tjYU8yaXFIeThFN2kKWDZZOUdZVUx0NEI0d0piQUczY0lZalU3ekdzbDVCT1JaNURnR1Jrdk8xUm5rUVFuK1Flb3h1U29BYStBc1hZegpDTmRBMm8vOFhTVEpoTjU3dGtMVzhhdTR0cWxZNTZYMDhPOVpjbFRVV0lpamVDRSt0TktnYktTSjg2cHpRcUh2CkpyVGI1OEhnVk51YWx5Mk1IT3V2dkhnQndRSURBUUFCbzRIVE1JSFFNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWQKQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFkQmdOVgpIUTRFRmdRVXVsZTNNT2JPVWFTMmgxOHI0M1Y1OWcrNzd2SXdId1lEVlIwakJCZ3dGb0FVQ3ZYeTBpdXRPNHFZCjRiL2pNcGQ3ZnpUWVhLd3dVUVlEVlIwUkJFb3dTSUlMYTJsaGJTMXpaWEoyWlhLQ0QydHBZVzB0YzJWeWRtVnkKT2pRME00SUpiRzlqWVd4b2IzTjBnZzFzYjJOaGJHaHZjM1E2TkRRemdnNXNiMk5oYkdodmMzUTZPVFl4TURBTgpCZ2txaGtpRzl3MEJBUXNGQUFPQ0FRRUFjMktPSDBHRldRU0t2bU5rcnFwZEVvZGxaalI5enRkeUUyYlk1citXCkw1THIwNVE3MVBSalVpNXFHQ3prOUFkR3VYZE83bTgvejY0bS9zTnNXTS9adHFIaklGd3hWT3JrOU5NMjVNSGUKWDVYNWdVT3UvOENnV2wyWVZoejhnMC8wTEx4dlYvQjA0dTBmZEhudkg1Um83ZVYvNFk2MEUrTlRBYmtvN2dYeApHYXpSRXZHMXRaTHN1WUlIb1NEQ2Vqb2RWRTNrcXNWMEhKUlhuUE11K2Z1T3EvR0J5U05MZjJaR2FIV2pFcTIwCjYvbTN3WW9mbUl4Q0FSbjcyanpjdGRzQVRVa2RBRUJoN3dkWWxmTWpuODdoMnJRYUNKejVUNkVSNWs1cVMyU3IKZ3piVVU1QnpvYnI5VzY1L25CODNLQ0ExK2tXTlRldFUzQ3lWQW5qVk9QRUROdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K - ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURxRENDQXBDZ0F3SUJBZ0lVRkwwZHRPSE55d0pmaWFoTG54M0psZzd1MjBZd0RRWUpLb1pJaHZjTkFRRUwKQlFBd2JERU1NQW9HQTFVRUJoTURWVk5CTVFzd0NRWURWUVFJRXdKRFFURVVNQklHQTFVRUJ4TUxURzl6SUVGdQpaMlZzWlhNeEdUQVhCZ05WQkFvVEVFTnNiM1ZrSUZCdmMzTmxMQ0JNVEVNeEREQUtCZ05WQkFzVEEwOXdjekVRCk1BNEdBMVVFQXhNSFMybGhiU0JEUVRBZUZ3MHhPVEF4TURJd09UVTRNREJhRncweU5EQXhNREV3T1RVNE1EQmEKTUd3eEREQUtCZ05WQkFZVEExVlRRVEVMTUFrR0ExVUVDQk1DUTBFeEZEQVNCZ05WQkFjVEMweHZjeUJCYm1kbApiR1Z6TVJrd0Z3WURWUVFLRXhCRGJHOTFaQ0JRYjNOelpTd2dURXhETVF3d0NnWURWUVFMRXdOUGNITXhFREFPCkJnTlZCQU1UQjB0cFlXMGdRMEV3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRQ3QKODhMV1VOT3lHcDUxMVJYWlpXaVJzcVJkUmdUOStZUXQzN21lcCtOWndlcFFQUmNkblh1anYwYnV6RUdpK0k4SApSL1B6TzRUdytGeXN1KzJaRElRTG9aWE10YkdGZ0FFSVc1YUtVOHZRMTF6Y2dhMmYyQnJXRzNVai8zK3pWOWUvCmlaT3JlS1hmZFAzRnV4bDc3TllPY20xOVU5Nnk4TGNDOEduK29DZmJVcThOcHZVMDNmZGRjTC9qTy9ZTlJETGgKVy9zR1JmVnlNd0tVVjRjaUtNQ3hjQ0JxZWNZbmkyVTYweEF2QyswSFZwR3VnSmliWWpBZXZuaUM3NjVOa1pmMwpFWFRVSkJGT284WFBZdWgweThuYWRMT0RWMzB0bWZVRHlxaWMramJzU1FaREZQNVNJNGVLLzNEM21ldHZzd1loCkcvRUtJTUh0V0ZpZHBSRWMzYis3QWdNQkFBR2pRakJBTUE0R0ExVWREd0VCL3dRRUF3SUJCakFQQmdOVkhSTUIKQWY4RUJUQURBUUgvTUIwR0ExVWREZ1FXQkJRSzlmTFNLNjA3aXBqaHYrTXlsM3QvTk5oY3JEQU5CZ2txaGtpRwo5dzBCQVFzRkFBT0NBUUVBRCsyNERKSEhZWlRibTlFRW93UFA4Sk5LdWMwYkQ0cC8rNms0RExDajRJTWtLRFpqClgwWHZlQWkvTm9sQWZVTkFBQi9WTnRLMTB0ZFZVSGhhZW8zRFQ4OFRKaEQra3VJOGdhbHlDZlhnSnVrdytRMHQKWEp2WS8vZ1NQT0xuQ3NMSTIrQUlYNlJ6SUwyODNzaDRIY2FBaE81YnRCc1Q0U3lqN2t6UGFuTGdQOVpVYTFoZQpxVUpjNms0Q1FzUFA2YmtZanQ4QktFaE5XVmJ6aXpOcyszSFFaMzVHeDRka1VLd1ZnVklWTGU2bmtJV1RJeHVJCmloRkNmWjJTRWphS0Uwdi9tM0p5RjhJTzVJQTBQTFFiMUw4Y1NyM2R4cUszank3cGVxY1ZRbmhGZzNIMkdHWEsKeFVlUlZjYm44WEFyV0NCWUJiM0JyZjZ2V082RFM3L1VjWnV3UkE9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== + key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcGdJQkFBS0NBUUVBeGc2Q1RlcWlYUEpKaVJTZDVEVXBjcENMKzFBRlZhdTBqWE1HN0MvVWRGZkU5WmtmCnlmdmprcHg1N0JMZ1ltVFVtOHVWenFHaFJpSUo2ZTNQUi9qQ00rZWoxdi9QSkRRT0MwNThCS3VlTkY1MThzY2MKajVwUVBOR3pobUdsc3cwclc1M21vb3Zmend0Ty9yZ3ZiQ2lxYytlQVkwajRRRHJmbWt1UVV3RXV6SkVQQUlVMQpSdEhmMkhRcHhjdCtnUnZKR3d2TFo5bEF4dmxvUjJJS0dLcjgwQS9zZ3BHZXpOd2FaM2ptSkE2am5TQTJ4YnpmCml4Y2lUbDR3dHN3ZlhHVFpiWmxjNVZkUTNZVVAvVmJmTWk5bE5XSVNzTzJUbnFhQ2JmbFV6OFJPZ1hGdCtaQ2wKQWZuMVBDbk1YNzZ4WDdRbSt4enJERGN1ekh3c296TmNmMGxwL3dJREFRQUJBb0lCQVFDcitTazRFc2FNd20wTAp0SFV0Rk9RNmNEeThLVTJZaUJHc3lQWjMyMGcxQllrbVlLRnp0MTV4amFGb1ZUTzAvQ3lJWXd4ZmNZVWg2cWlGCkVWTnRBUmxRREpEOVBQNVdSMFR5bUdHamhJbEltOFQ2MjkxMjY5MUVFaW82UTB1bjM0V0lkZUV2dnhqRkpPS2cKMXJtR3h3REt4M2Q1dm9DZzlQMzNjaW1OaVhkamRBQ0FOQWh0ZkY5QnovQThodHR2b1NpOGliN2JiVFMwelZTVwp5U0tYVVJMNXpMRVU5OFM1emFRU1VIOVhyTUN2SjZWbzRJZmhDak5hSUZjNDBRVHZIYkdFOFBFb2d0b1ZpYkphClluQ25YWnoycFJ1am13aDI1b0ViUmZrMS9KMkZNMERQTDNhUTgvNXBicmdJUFR2eEdKY2FObGZPam1BZjZobjIKZmhEYlhWYmhBb0dCQU12T0d4SEk2Y0lybGlDS3VVTFBxYzI4TzVDTkZXQi85S01mUUZydlBOd2c0SVdXV3gxaApFTXNadW44UUNrV0t1VDJuRU1NZ2pFWUhVM1ltS1NpWG9XYmcwM0MrSDVHbTJOUFMyMlBoaS9NaTBaU3hmaHY1CjFKNncyaXhzc0s1NE1rN1JtQndhLzd0NDN0RitUSFZFbjVNSy95SzdvWHR0YjFqVkhmdk01TC9KQW9HQkFQakgKaGp2K1hkQ3ZRVmJHdllQTGxyVU1nMUxoakg5RXdFdGpDY0VWR1FuNG9hNkVCVHFQY0pjemhla0I0TXBodUl5TwpYVzl0V1dhTDQvMUdVNndDYlplcEx6dy80MmRUaE9QdDJ1SmpqTENoS1lhZmZEbW5IQjRENWdnaHhCNUhLWmRVCnZYcEhuN1RybjJkdHZveU1rZUhlY0d3cllWQzdqeXYxTkIvWXo0K0hBb0dCQUoyYzBFeHB2M1hkZFdYSFFzekwKZ250TUZoaU5Nem9FMnJHSVNxSElvSjF3ZzVKc0hCelZZMEplckY3MWphd0lRNGZOZXVZY2RyNzFqWE15d2VQVgptQW5TMTFJNmhubUN1ZTdmQTdIenpPS0VTK2FkZVhTek9kNWIwTzVJUkQ4NVQxYXJPdUtKY3JxT0dHdVZMQllJCnN3dnBsalJMUFBBU1N1azlMOG42dy9FWkFvR0JBUElZT0dqcGdDSTBha0VuNWdUN2VnMTF2OVpINTVGeU5pOG0Ka2JkejhJbmppbk5weGl6V3FacDZhVFgydmVvMGJvTlpoMU9IOWhmMHlra094eDM4dnVsM21wL25ERVRnNGRGdApCalNJNjhCM0ZSSU00YmE1Q0lPdEI0MmlUbGVvcUxDN3BpZjR5MUlrZVZzTlVRRTFTa0dqVllQdU15VjlZRFpHCnlCSzF5a2JCQW9HQkFJc1QvUkpqY203aFlqUlBmTnFLYkorYnE0bVVHZnFNd0JFaFN1VFhjQTBLcktQR2YvKzAKMzVhSGZzald5T204cGx2Vmd6dWlTTVRhdWtONktsVjlDVjB3MDdERTk5TStBcTB1L3RoK3hhbXRxNjhOQWU5VwprZE9rdUR6VWNSYm9QSzREdXJ4Qm1nSVNaT05hRUhMUUJzcFNwOFpIOW9ZdHdUQ1R2SEhjdEpTZwotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo= + cert: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUVEVENDQXZXZ0F3SUJBZ0lVT1pLd2tJd1J2OXdHSEExcG9sTDNSMTQ1UXQ0d0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNWVXN4RHpBTkJnTlZCQWdUQmt4dmJtUnZiakVQTUEwR0ExVUVCeE1HVEc5dQpaRzl1TVJBd0RnWURWUVFLRXdkMVUzZHBkR05vTVF3d0NnWURWUVFMRXdOWFYxY3hFREFPQmdOVkJBTVRCMHRwCllXMGdRMEV3SGhjTk1Ua3dNVE13TVRRME9UQXdXaGNOTWpBd01UTXdNVFEwT1RBd1dqQlBNUXN3Q1FZRFZRUUcKRXdKVlN6RVBNQTBHQTFVRUNCTUdURzl1Wkc5dU1ROHdEUVlEVlFRSEV3Wk1iMjVrYjI0eEVEQU9CZ05WQkFvVApCM1ZUZDJsMFkyZ3hEREFLQmdOVkJBc1RBMWRYVnpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRGdnRVBBRENDCkFRb0NnZ0VCQU1ZT2drM3FvbHp5U1lrVW5lUTFLWEtRaS90UUJWV3J0STF6QnV3djFIUlh4UFdaSDhuNzQ1S2MKZWV3UzRHSmsxSnZMbGM2aG9VWWlDZW50ejBmNHdqUG5vOWIvenlRMERndE9mQVNybmpSZWRmTEhISSthVUR6UgpzNFpocGJNTksxdWQ1cUtMMzg4TFR2NjRMMndvcW5QbmdHTkkrRUE2MzVwTGtGTUJMc3lSRHdDRk5VYlIzOWgwCktjWExmb0VieVJzTHkyZlpRTWI1YUVkaUNoaXEvTkFQN0lLUm5zemNHbWQ0NWlRT281MGdOc1c4MzRzWElrNWUKTUxiTUgxeGsyVzJaWE9WWFVOMkZELzFXM3pJdlpUVmlFckR0azU2bWdtMzVWTS9FVG9GeGJmbVFwUUg1OVR3cAp6Risrc1YrMEp2c2M2d3czTHN4OExLTXpYSDlKYWY4Q0F3RUFBYU9CempDQnl6QU9CZ05WSFE4QkFmOEVCQU1DCkJhQXdIUVlEVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUF3R0ExVWRFd0VCL3dRQ01BQXcKSFFZRFZSME9CQllFRkdMYjZYcmlGVTRXSnNqYXkrTXVybFkrOEh3ck1COEdBMVVkSXdRWU1CYUFGRVpFaVRzVAp5MmRxZmVvT2pUSkxRR2I4TXc1UE1Fd0dBMVVkRVFSRk1FT0NDMnRwWVcwdGMyVnlkbVZ5Z2cweE1qY3VNQzR3CkxqRTZORFF6Z2c0eE1qY3VNQzR3TGpFNk9UWXhNSWNFZndBQUFZWVBhMmxoYlMxelpYSjJaWEk2TkRRek1BMEcKQ1NxR1NJYjNEUUVCQ3dVQUE0SUJBUUJBNmZIMWdCQUJFWks3OTJLazY2VytSQUNvMytqeHVwSVlVVmpjTk9LWApEWVBRcEZHc0g4bVdxc00wN1lxQ050THpFaS9rUHJkaSs5QTJOMXUvU3h5by9NbFJoYURsTXdZSExaTDZLNTRMCk1Sb3pnVjFzK1JxS1A4Y2t0aGhEcFNFRE5Tc0ZxQU9QRnNQUkkxR01XWHpleXdNZ29TTU1TTjA2UzN2cXhTcWQKQW5UTXBrRkxDYXFCS2xFSlM0VEROQmluNEpOMkdPTkgyQThmK2FNcmc1d3RMbW1GUFQvOGI2WEFqWVYzOWNQMQo2ak9JN3VydEFTWVI1NkdRRFQvbWNsajlUWDBqczluSE5NaENlU3JRa1JURVZ3MGtvSGUvTklkNisxVVptU3hMCmRXZXhpV3N0QTY0a0paMW5INDJtV2JPVDAxQStwQ1VNeno5S0h2dGNZd21RCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K + ca: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURrakNDQW5xZ0F3SUJBZ0lVUjgwVU9rbzlPZk5jQWRRaytLbzd5ejNKZGZrd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1lURUxNQWtHQTFVRUJoTUNWVXN4RHpBTkJnTlZCQWdUQmt4dmJtUnZiakVQTUEwR0ExVUVCeE1HVEc5dQpaRzl1TVJBd0RnWURWUVFLRXdkMVUzZHBkR05vTVF3d0NnWURWUVFMRXdOWFYxY3hFREFPQmdOVkJBTVRCMHRwCllXMGdRMEV3SGhjTk1Ua3dNVE13TVRRME9UQXdXaGNOTWpRd01USTVNVFEwT1RBd1dqQmhNUXN3Q1FZRFZRUUcKRXdKVlN6RVBNQTBHQTFVRUNCTUdURzl1Wkc5dU1ROHdEUVlEVlFRSEV3Wk1iMjVrYjI0eEVEQU9CZ05WQkFvVApCM1ZUZDJsMFkyZ3hEREFLQmdOVkJBc1RBMWRYVnpFUU1BNEdBMVVFQXhNSFMybGhiU0JEUVRDQ0FTSXdEUVlKCktvWklodmNOQVFFQkJRQURnZ0VQQURDQ0FRb0NnZ0VCQU1udnZ1R2xud3luRzlteE9YT2dlRWUza1p2a1loQU8KcCtxZmpLWkZpajBFSU5pYVNEK3J1cVRrZ3JueTVUWTkzMzA5aFYrS2IzTnR2NFEwYmhOUzRjZnJpd0k3cWhuMApHVTRJUkxKd1crMXc4enZhRFMrT1lHcnJnMVdlc2l6VlpSRERTQzNFZE5GZUdXMjlMZWNiZ3NXN0N6MlJOUWQrCmIrNG83K05uemhJSzhRclozcnFWSGVjOUZOVnlydDc4ei8ySVVlZXhkYnZvNFRyUXRZOEQydTV4QUg2Y2lHUDUKVi94cFI1RmJ2bjNUNy80aldJbmxSWHBHeWkxemE2Mi9EaFV6czRZcGcxd01yZXdQT25Ea0VIT0RoTExpVmQ2dgpxQWQxVGdqUFdmTnR0MXZnUEtIQWJ3VXU3LzVWYnRwbVJGRTgxMEpSbDBYa2NwUHQ0cjhtQ21jQ0F3RUFBYU5DCk1FQXdEZ1lEVlIwUEFRSC9CQVFEQWdFR01BOEdBMVVkRXdFQi93UUZNQU1CQWY4d0hRWURWUjBPQkJZRUZFWkUKaVRzVHkyZHFmZW9PalRKTFFHYjhNdzVQTUEwR0NTcUdTSWIzRFFFQkN3VUFBNElCQVFESUxzQzhVYkM5eE5jcwpWQWZJcUt4R0QrSE85STdtOHNITU5TQzhZbGRJQmRCSE5YRlBhK0o4Mk1hRklUZS91L0NEQ25RTXBuRWVpVi9MCmJxQ0RZbk01MEVQckNXalJGSDJFZGpocGhJTWJNSUpsMlNndGE1ZzlIT3ErTit4eC9tS21ua0xWYWQ1WkVFa0wKZnJ6NTFQRkhabEZyUDZUQ2c1VW9FUERteWw2WHQwNk5tRk40ODBxYjhLSEgxR3o3UEFlNTdIaGJPWXlMQWh3UwoxYjl6bnQxOW9KOXA2ZDlKakIyeEh3R016aWVMWVpQME1rcnJaYWRQUWtkY0NsczJhMkRRVmpCWEQvVzlhYXRBCmZtMEQ4dmN1b0dBdCt0VXkyVHRWR2xUdk5tMnlUeWNMWlhuMGdORDVGNmFCNjVvMmFtNUcvTWRSWDBrd1RCQXgKYU0vZEVQREoKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo= diff --git a/stable/kiam/values.yaml b/stable/kiam/values.yaml index 02a00dec4b7c..8271588cf7da 100644 --- a/stable/kiam/values.yaml +++ b/stable/kiam/values.yaml @@ -11,7 +11,7 @@ agent: image: repository: quay.io/uswitch/kiam - tag: v3.0-rc1 + tag: v3.0 pullPolicy: IfNotPresent ## Logging settings @@ -122,7 +122,7 @@ server: image: repository: quay.io/uswitch/kiam - tag: v3.0-rc1 + tag: v3.0 pullPolicy: IfNotPresent ## Logging settings @@ -198,7 +198,7 @@ server: ## Server probe configuration probes: - serverAddress: localhost + serverAddress: 127.0.0.1 ## Base64-encoded PEM values for server's CA certificate(s), certificate and private key ## From 7c5332d44a81a9c073c4a30b79c0a01f7bbb0e35 Mon Sep 17 00:00:00 2001 From: Jeff Billimek Date: Mon, 11 Feb 2019 09:35:30 -0500 Subject: [PATCH 0118/1586] [stable/unifi] Revert #10789 (#11278) * Revert "Simplify for unifi (#10789)" This reverts commit df3b21e90db01931c93e4da25ae4e4b21941aa92. Signed-off-by: Jeff Billimek * bumping chart version as part of reversion Signed-off-by: Jeff Billimek --- stable/unifi/Chart.yaml | 2 +- stable/unifi/README.md | 28 ++++++++---- stable/unifi/templates/controller-svc.yaml | 14 ------ stable/unifi/templates/discovery-svc.yaml | 52 ++++++++++++++++++++++ stable/unifi/templates/stun-svc.yaml | 52 ++++++++++++++++++++++ stable/unifi/values.yaml | 48 +++++++++++++++++--- 6 files changed, 167 insertions(+), 29 deletions(-) create mode 100644 stable/unifi/templates/discovery-svc.yaml create mode 100644 stable/unifi/templates/stun-svc.yaml diff --git a/stable/unifi/Chart.yaml b/stable/unifi/Chart.yaml index a7b53925d0ab..b06d19d2c661 100644 --- a/stable/unifi/Chart.yaml +++ b/stable/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.3.0 +version: 0.3.1 keywords: - ubiquiti - unifi diff --git a/stable/unifi/README.md b/stable/unifi/README.md index 961105f6514d..097d8386e8ac 100644 --- a/stable/unifi/README.md +++ b/stable/unifi/README.md @@ -53,8 +53,20 @@ The following tables lists the configurable parameters of the Unifi chart and th | `controllerService.loadBalancerIP` | Loadbalance IP for the Unifi Controller | `{}` | | `controllerService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | | `controllerService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | -| `controllerService.stun.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | -| `controllerService.discovery.port` | Kubernetes UDP port for AP discovery | `10001` | +| `stunService.type` | Kubernetes service type for the Unifi STUN | `NodePort` | +| `stunService.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | +| `stunService.annotations` | Service annotations for the Unifi STUN | `{}` | +| `stunService.labels` | Custom labels | `{}` | +| `stunService.loadBalancerIP` | Loadbalance IP for the Unifi STUN | `{}` | +| `stunService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | +| `stunService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | +| `discoveryService.type` | Kubernetes service type for AP discovery | `NodePort` | +| `discoveryService.port` | Kubernetes UDP port for AP discovery | `10001` | +| `discoveryService.annotations` | Service annotations for AP discovery | `{}` | +| `discoveryService.labels` | Custom labels | `{}` | +| `discoveryService.loadBalancerIP` | Loadbalance IP for AP discovery | `{}` | +| `discoveryService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | +| `discoveryService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | | `ingress.enabled` | Enables Ingress | `false` | | `ingress.annotations` | Ingress annotations | `{}` | | `ingress.labels` | Custom labels | `{}` | @@ -105,12 +117,12 @@ Read through the [values.yaml](values.yaml) file. It has several commented out s devices run. If you run this as a `NodePort` (the default setting), make sure that there is an external load balancer that is directing traffic from port 8080 to the `NodePort` for this service. - - the `controllerService` exposes two additional ports: - - `discovery`: This needs to be reachable by the unifi devices on network but only during the discovery - phase. This is a UDP service. - - `stun`: Also used periodically by the unifi devices to communicate - with the controller using UDP. See [this article][ubnt 3] and [this other article][ubnt 4] for more information. +- `discoveryService`: This needs to be reachable by the unifi devices on the + network similar to the controller `Service` but only during the discovery + phase. This is a UDP service. +- `stunService`: Also used periodically by the unifi devices to communicate + with the controller using UDP. See [this article][ubnt 3] and [this other + article][ubnt 4] for more information. [docker]: https://hub.docker.com/r/jacobalberty/unifi/tags/ [github]: https://github.com/jacobalberty/unifi-docker diff --git a/stable/unifi/templates/controller-svc.yaml b/stable/unifi/templates/controller-svc.yaml index 3e6fea913be2..7cac96a6d5f1 100644 --- a/stable/unifi/templates/controller-svc.yaml +++ b/stable/unifi/templates/controller-svc.yaml @@ -46,20 +46,6 @@ spec: name: controller {{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.nodePort))) }} nodePort: {{.Values.controllerService.nodePort}} -{{ end }} - - port: {{ .Values.controllerService.stun.port }} - targetPort: stun - protocol: UDP - name: stun -{{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.stun.nodePort))) }} - nodePort: {{.Values.controllerService.stun.nodePort}} -{{ end }} - - port: {{ .Values.controllerService.discovery.port }} - targetPort: discovery - protocol: UDP - name: discovery -{{ if (and (eq .Values.controllerService.type "NodePort") (not (empty .Values.controllerService.discovery.nodePort))) }} - nodePort: {{.Values.controllerService.discovery.nodePort}} {{ end }} selector: app: {{ template "unifi.name" . }} diff --git a/stable/unifi/templates/discovery-svc.yaml b/stable/unifi/templates/discovery-svc.yaml new file mode 100644 index 000000000000..b3f7b685d3bf --- /dev/null +++ b/stable/unifi/templates/discovery-svc.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-discovery + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.discoveryService.labels }} +{{ toYaml .Values.discoveryService.labels | indent 4 }} +{{- end }} +{{- with .Values.discoveryService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.discoveryService.type "ClusterIP") (empty .Values.discoveryService.type)) }} + type: ClusterIP + {{- if .Values.discoveryService.clusterIP }} + clusterIP: {{ .Values.discoveryService.clusterIP }} + {{end}} +{{- else if eq .Values.discoveryService.type "LoadBalancer" }} + type: {{ .Values.discoveryService.type }} + {{- if .Values.discoveryService.loadBalancerIP }} + loadBalancerIP: {{ .Values.discoveryService.loadBalancerIP }} + {{- end }} + {{- if .Values.discoveryService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.discoveryService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.discoveryService.type }} +{{- end }} +{{- if .Values.discoveryService.externalIPs }} + externalIPs: +{{ toYaml .Values.discoveryService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.discoveryService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.discoveryService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.discoveryService.port }} + targetPort: discovery + protocol: UDP + name: discovery +{{ if (and (eq .Values.discoveryService.type "NodePort") (not (empty .Values.discoveryService.nodePort))) }} + nodePort: {{.Values.discoveryService.nodePort}} +{{ end }} + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} diff --git a/stable/unifi/templates/stun-svc.yaml b/stable/unifi/templates/stun-svc.yaml new file mode 100644 index 000000000000..335e0c9b5dc9 --- /dev/null +++ b/stable/unifi/templates/stun-svc.yaml @@ -0,0 +1,52 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "unifi.fullname" . }}-stun + labels: + app: {{ template "unifi.name" . }} + chart: {{ template "unifi.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- if .Values.stunService.labels }} +{{ toYaml .Values.stunService.labels | indent 4 }} +{{- end }} +{{- with .Values.stunService.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: +{{- if (or (eq .Values.stunService.type "ClusterIP") (empty .Values.stunService.type)) }} + type: ClusterIP + {{- if .Values.stunService.clusterIP }} + clusterIP: {{ .Values.stunService.clusterIP }} + {{end}} +{{- else if eq .Values.stunService.type "LoadBalancer" }} + type: {{ .Values.stunService.type }} + {{- if .Values.stunService.loadBalancerIP }} + loadBalancerIP: {{ .Values.stunService.loadBalancerIP }} + {{- end }} + {{- if .Values.stunService.loadBalancerSourceRanges }} + loadBalancerSourceRanges: +{{ toYaml .Values.stunService.loadBalancerSourceRanges | indent 4 }} + {{- end -}} +{{- else }} + type: {{ .Values.stunService.type }} +{{- end }} +{{- if .Values.stunService.externalIPs }} + externalIPs: +{{ toYaml .Values.stunService.externalIPs | indent 4 }} +{{- end }} + {{- if .Values.stunService.externalTrafficPolicy }} + externalTrafficPolicy: {{ .Values.stunService.externalTrafficPolicy }} + {{- end }} + ports: + - port: {{ .Values.stunService.port }} + targetPort: stun + protocol: UDP + name: stun +{{ if (and (eq .Values.stunService.type "NodePort") (not (empty .Values.stunService.nodePort))) }} + nodePort: {{.Values.stunService.nodePort}} +{{ end }} + selector: + app: {{ template "unifi.name" . }} + release: {{ .Release.Name }} \ No newline at end of file diff --git a/stable/unifi/values.yaml b/stable/unifi/values.yaml index b04bb50865b1..817b99b1424e 100644 --- a/stable/unifi/values.yaml +++ b/stable/unifi/values.yaml @@ -50,12 +50,48 @@ controllerService: # loadBalancerSourceRanges: [] ## Set the externalTrafficPolicy in the Service to either Cluster or Local # externalTrafficPolicy: Cluster - stun: - port: 3478 - # nodePort: - discovery: - port: 10001 - # nodePort: + +stunService: + type: NodePort + port: 3478 # udp + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster + +discoveryService: + type: NodePort + port: 10001 # udp + ## Specify the nodePort value for the LoadBalancer and NodePort service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-nodeport + ## + # nodePort: + ## Provide any additional annotations which may be required. This can be used to + ## set the LoadBalancer service type to internal only. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer + ## + annotations: {} + labels: {} + ## Use loadBalancerIP to request a specific static IP, + ## otherwise leave blank + ## + loadBalancerIP: + # loadBalancerSourceRanges: [] + ## Set the externalTrafficPolicy in the Service to either Cluster or Local + # externalTrafficPolicy: Cluster ingress: enabled: false From 5bad465540039f0ae41ed55126db4f3da971cfbf Mon Sep 17 00:00:00 2001 From: Taehyun Kim Date: Tue, 12 Feb 2019 00:00:02 +0900 Subject: [PATCH 0119/1586] [stable/hackmd] bump hackmd (codimd) (#8593) * codimd Signed-off-by: Taehyun Kim * add variables in README Signed-off-by: Taehyun Kim * remove NODE_ENV, add HMD_DB_URL Signed-off-by: Taehyun Kim * bump chart version Signed-off-by: Paul Czarkowski --- stable/hackmd/Chart.yaml | 2 +- stable/hackmd/README.md | 2 ++ stable/hackmd/templates/deployment.yaml | 15 +++++++++++++-- stable/hackmd/templates/secret.yaml | 16 ++++++++++++++++ stable/hackmd/values.yaml | 2 ++ 5 files changed, 34 insertions(+), 3 deletions(-) create mode 100644 stable/hackmd/templates/secret.yaml diff --git a/stable/hackmd/Chart.yaml b/stable/hackmd/Chart.yaml index fe5049690a2d..8c2e25f736a3 100644 --- a/stable/hackmd/Chart.yaml +++ b/stable/hackmd/Chart.yaml @@ -1,6 +1,6 @@ name: hackmd apiVersion: v1 -version: "1.0.1" +version: "1.1.0" appVersion: "1.2.1-alpine" description: Realtime collaborative markdown notes on all platforms. icon: https://hackmd.io/favicon.png diff --git a/stable/hackmd/README.md b/stable/hackmd/README.md index 143b02a7e54b..24dc4664d8a4 100644 --- a/stable/hackmd/README.md +++ b/stable/hackmd/README.md @@ -45,6 +45,8 @@ Parameter | Description | Default `persistence.size` | Persistent Volume size | `2Gi` `persistence.storageClass` | Persistent Volume Storage Class | `unset` `extraVars` | Hackmd's extra environment variables | `[]` +`podAnnotations` | Pod annotations | `{}` +`sessionSecret` | Hackmd's session secret | `""` (Randomly generated) `postgresql.install` | Enable PostgreSQL as a chart dependency | `true` `postgresql.imageTag` | The image tag for PostgreSQL | `9.6.2` `postgresql.postgresUser` | PostgreSQL User to create | `hackmd` diff --git a/stable/hackmd/templates/deployment.yaml b/stable/hackmd/templates/deployment.yaml index ac3046e57da3..32a41d2cba5d 100644 --- a/stable/hackmd/templates/deployment.yaml +++ b/stable/hackmd/templates/deployment.yaml @@ -18,6 +18,10 @@ spec: labels: app: {{ template "hackmd.name" . }} release: {{ .Release.Name }} +{{- with .Values.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} spec: containers: - name: {{ .Chart.Name }} @@ -38,7 +42,7 @@ spec: port: 3000 initialDelaySeconds: 30 env: - - name: HMD_DB_PASSWORD + - name: CMD_DB_PASSWORD {{- if .Values.postgresql.install }} valueFrom: secretKeyRef: @@ -47,8 +51,15 @@ spec: {{- else }} value: {{ .Values.postgresql.postgresPassword }} {{- end }} + - name: CMD_SESSION_SECRET + valueFrom: + secretKeyRef: + name: {{ template "hackmd.fullname" . }} + key: sessionSecret + - name: CMD_DB_URL + value: postgres://{{ .Values.postgresql.postgresUser }}:$(CMD_DB_PASSWORD)@{{ template "hackmd.database.host" . }}:5432/{{ .Values.postgresql.postgresDatabase }} - name: HMD_DB_URL - value: postgres://{{ .Values.postgresql.postgresUser }}:$(HMD_DB_PASSWORD)@{{ template "hackmd.database.host" . }}:5432/{{ .Values.postgresql.postgresDatabase }} + value: postgres://{{ .Values.postgresql.postgresUser }}:$(CMD_DB_PASSWORD)@{{ template "hackmd.database.host" . }}:5432/{{ .Values.postgresql.postgresDatabase }} {{- if .Values.extraVars }} {{ toYaml .Values.extraVars | indent 12 }} {{- end }} diff --git a/stable/hackmd/templates/secret.yaml b/stable/hackmd/templates/secret.yaml new file mode 100644 index 000000000000..f04b4f4fdccc --- /dev/null +++ b/stable/hackmd/templates/secret.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "hackmd.fullname" . }} + labels: + app: {{ template "hackmd.name" . }} + chart: {{ template "hackmd.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +type: Opaque +data: + {{- if .Values.sessionSecret }} + sessionSecret: {{ .Values.sessionSecret | b64enc | quote }} + {{- else }} + sessionSecret: {{ randAlphaNum 10 | b64enc | quote }} + {{- end }} diff --git a/stable/hackmd/values.yaml b/stable/hackmd/values.yaml index e9ee2efb5433..ccc2cb295bfc 100644 --- a/stable/hackmd/values.yaml +++ b/stable/hackmd/values.yaml @@ -64,6 +64,8 @@ persistence: ## # storageClass: "-" +podAnnotations: {} + extraVars: [] nodeSelector: {} From 92c8dd63baa197a53be7b00c9c0e2e4fc72bf0c6 Mon Sep 17 00:00:00 2001 From: Paul Czarkowski Date: Mon, 11 Feb 2019 09:00:16 -0600 Subject: [PATCH 0120/1586] [stable/spinnaker] use spinnaker service settings to set service type (#11102) * [stable/spinnaker] use spinnaker service settings to set service type Instead of using a helm hook to patch the services, we can use service settings to tell spinnaker to set the service type. This sets up a service-settings configmap and puts the existing service-settings bits into that and has a switch for setting two things needed for ingress, type to NodePort and also the `useExecHealthcheck` to false to ensure GCP ingress works. Signed-off-by: Paul Czarkowski * bump version Signed-off-by: Paul Czarkowski --- stable/spinnaker/Chart.yaml | 2 +- .../configmap/halyard-init-script.yaml | 20 +++------- .../templates/configmap/service-settings.yaml | 33 +++++++++++++++ .../templates/hooks/expose-nodeports.yaml | 40 ------------------- .../templates/statefulsets/halyard.yaml | 5 +++ 5 files changed, 44 insertions(+), 56 deletions(-) create mode 100644 stable/spinnaker/templates/configmap/service-settings.yaml delete mode 100644 stable/spinnaker/templates/hooks/expose-nodeports.yaml diff --git a/stable/spinnaker/Chart.yaml b/stable/spinnaker/Chart.yaml index a75b4c0894bd..9e8e4a2dcdf4 100644 --- a/stable/spinnaker/Chart.yaml +++ b/stable/spinnaker/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence. name: spinnaker -version: 1.6.1 +version: 1.7.0 appVersion: 1.11.6 home: http://spinnaker.io/ sources: diff --git a/stable/spinnaker/templates/configmap/halyard-init-script.yaml b/stable/spinnaker/templates/configmap/halyard-init-script.yaml index 71d550685c2c..957af131e95f 100644 --- a/stable/spinnaker/templates/configmap/halyard-init-script.yaml +++ b/stable/spinnaker/templates/configmap/halyard-init-script.yaml @@ -11,24 +11,14 @@ data: # Override Halyard daemon's listen address cp /opt/halyard/config/* /tmp/config printf 'server.address: 0.0.0.0\n' > /tmp/config/halyard-local.yml - + # Use Redis deployed via the dependent Helm chart + rm -rf /tmp/spinnaker/.hal/default/service-settings mkdir -p /tmp/spinnaker/.hal/default/service-settings - - {{- if .Values.redis.enabled }} - printf 'overrideBaseUrl: redis://:{{ .Values.redis.password }}@{{ .Release.Name }}-redis-master:6379\nskipLifeCycleManagement: true\n' > /tmp/spinnaker/.hal/default/service-settings/redis.yml - {{- else }} - {{ if .Values.redis.external.password }} - printf 'overrideBaseUrl: redis://:{{ .Values.redis.external.password }}@{{ .Values.redis.external.host }}:{{ .Values.redis.external.port }}\nskipLifeCycleManagement: true\n' > /tmp/spinnaker/.hal/default/service-settings/redis.yml - {{- else }} - printf 'overrideBaseUrl: redis://{{ .Values.redis.external.host }}:{{ .Values.redis.external.port }}\nskipLifeCycleManagement: true\n' > /tmp/spinnaker/.hal/default/service-settings/redis.yml - {{- end }} - {{- end }} - # Route the /gate path of Deck to Gate - printf 'env:\n API_HOST: http://spin-gate.{{ .Release.Namespace }}:8084\n' > /tmp/spinnaker/.hal/default/service-settings/deck.yml + cp /tmp/service-settings/* /tmp/spinnaker/.hal/default/service-settings/ {{- if .Values.halyard.additionalProfileConfigMaps.create }} - rm -rf /tmp/spinnaker/.hal/default/profiles && \ - mkdir -p /tmp/spinnaker/.hal/default/profiles && \ + rm -rf /tmp/spinnaker/.hal/default/profiles + mkdir -p /tmp/spinnaker/.hal/default/profiles cp /tmp/additionalProfileConfigMaps/* /tmp/spinnaker/.hal/default/profiles/ {{- end }} diff --git a/stable/spinnaker/templates/configmap/service-settings.yaml b/stable/spinnaker/templates/configmap/service-settings.yaml new file mode 100644 index 000000000000..4075765b8afa --- /dev/null +++ b/stable/spinnaker/templates/configmap/service-settings.yaml @@ -0,0 +1,33 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "spinnaker.fullname" . }}-service-settings + labels: +{{ include "spinnaker.standard-labels" . | indent 4 }} +data: + redis.yml: |- + + {{- if .Values.redis.enabled }} + overrideBaseUrl: redis://:{{ .Values.redis.password }}@{{ .Release.Name }}-redis-master:6379 + {{- else }} + {{ if .Values.redis.external.password }} + overrideBaseUrl: redis://:{{ .Values.redis.external.password }}@{{ .Values.redis.external.host }}:{{ .Values.redis.external.port }} + {{- else }} + overrideBaseUrl: redis://{{ .Values.redis.external.host }}:{{ .Values.redis.external.port }} + {{- end }} + {{- end }} + skipLifeCycleManagement: true + gate.yml: |- + env: + API_HOST: http://spin-gate.{{ .Release.Namespace }}:8084 + kubernetes: + {{- if .Values.ingress.enabled }} + useExecHealthCheck: false + serviceType: NodePort + {{- end }} + deck.yml: |- + kubernetes: + {{- if .Values.ingress.enabled }} + useExecHealthCheck: false + serviceType: NodePort + {{- end }} diff --git a/stable/spinnaker/templates/hooks/expose-nodeports.yaml b/stable/spinnaker/templates/hooks/expose-nodeports.yaml deleted file mode 100644 index f8874ecb76d1..000000000000 --- a/stable/spinnaker/templates/hooks/expose-nodeports.yaml +++ /dev/null @@ -1,40 +0,0 @@ -{{- if .Values.ingress.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ .Release.Name }}-expose-nodeports" - labels: -{{ include "spinnaker.standard-labels" . | indent 4 }} - component: halyard - annotations: - "helm.sh/hook": "post-install, post-upgrade" - "helm.sh/hook-weight": "5" - "helm.sh/hook-delete-policy": "before-hook-creation" -spec: - template: - metadata: - labels: -{{ include "spinnaker.standard-labels" . | indent 8 }} - component: halyard - spec: - {{- if .Values.serviceAccount.halyardName }} - serviceAccountName: {{ .Values.serviceAccount.halyardName }} - {{- else }} - serviceAccountName: {{ template "spinnaker.fullname" . }}-halyard - {{- end }} - restartPolicy: OnFailure - containers: - - name: patch-services - image: {{ .Values.halyard.image.repository }}:{{ .Values.halyard.image.tag }} - command: - - bash - - -c - - | - PATCH='{"spec": {"type":"NodePort"}}' - if [ "$(kubectl get service --namespace {{ .Release.Namespace }} spin-deck -o=jsonpath='{.spec.type}')" = "ClusterIP" ]; then - kubectl patch service --namespace {{ .Release.Namespace }} spin-deck --patch "$PATCH" - fi - if [ "$(kubectl get service --namespace {{ .Release.Namespace }} spin-gate -o=jsonpath='{.spec.type}')" = "ClusterIP" ]; then - kubectl patch service --namespace {{ .Release.Namespace }} spin-gate --patch "$PATCH" - fi -{{- end }} diff --git a/stable/spinnaker/templates/statefulsets/halyard.yaml b/stable/spinnaker/templates/statefulsets/halyard.yaml index cb761fb30b63..7d16ae7f8f8f 100644 --- a/stable/spinnaker/templates/statefulsets/halyard.yaml +++ b/stable/spinnaker/templates/statefulsets/halyard.yaml @@ -34,6 +34,8 @@ spec: volumeMounts: - name: halyard-config mountPath: /tmp/config + - name: service-settings + mountPath: /tmp/service-settings - name: halyard-home mountPath: /tmp/spinnaker {{- if .Values.halyard.additionalProfileConfigMaps.create }} @@ -90,6 +92,9 @@ spec: {{- end }} - name: halyard-config emptyDir: {} + - name: service-settings + configMap: + name: {{ template "spinnaker.fullname" . }}-service-settings - name: halyard-initscript configMap: name: {{ template "spinnaker.fullname" . }}-halyard-init-script From 3d53bc430201815381f9afe9c832a0e1218e3c35 Mon Sep 17 00:00:00 2001 From: jeredepp Date: Mon, 11 Feb 2019 16:11:35 +0100 Subject: [PATCH 0121/1586] Mention upgrades (#10939) * Mention upgrades Since the default behaviour of the chart is to break the installation during an upgrade, i'd recommend mentioning this somehow and explaining what happens when upgrading nontheless Signed-off-by: stefan * bump version Signed-off-by: Paul Czarkowski * bump version above master Signed-off-by: Paul Czarkowski --- stable/sentry/Chart.yaml | 2 +- stable/sentry/README.md | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/sentry/Chart.yaml b/stable/sentry/Chart.yaml index 40219a256379..8f3b60f3094e 100644 --- a/stable/sentry/Chart.yaml +++ b/stable/sentry/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Sentry is a cross-platform crash reporting and aggregation platform. name: sentry -version: 1.3.0 +version: 1.3.1 appVersion: 9.0 keywords: - debugging diff --git a/stable/sentry/README.md b/stable/sentry/README.md index a9e9595ded79..67465c8d5359 100644 --- a/stable/sentry/README.md +++ b/stable/sentry/README.md @@ -34,6 +34,8 @@ The command deploys Sentry on the Kubernetes cluster in the default configuratio > **Tip**: List all releases using `helm list` +> **Warning**: This Chart does not support `helm upgrade` an upgrade will currently reset your installation + ## Uninstalling the Chart To uninstall/delete the `my-release` deployment: From 577a4184c160e8a5378f808ec81c6e98e9542229 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20de=20Saint=20Martin?= Date: Mon, 11 Feb 2019 18:20:03 +0100 Subject: [PATCH 0122/1586] [stable/elasticsearch-exporter] ServiceMonitor: set namespace to monitor + Add OWNER and add myself to owners. (#11323) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/elasticsearch-exporter] ServiceMonitor: set namespace to monitor. Signed-off-by: Cédric de Saint Martin * [stable/elasticsearch-exporter] Add owner file, add myself to owners. Signed-off-by: Cédric de Saint Martin * .helmignore: use other common patterns from helm create Signed-off-by: Cédric de Saint Martin --- stable/elasticsearch-exporter/.helmignore | 24 +++++++++++++++++++ stable/elasticsearch-exporter/Chart.yaml | 2 +- stable/elasticsearch-exporter/OWNERS | 6 +++++ .../templates/servicemonitor.yaml | 3 +++ 4 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 stable/elasticsearch-exporter/.helmignore create mode 100644 stable/elasticsearch-exporter/OWNERS diff --git a/stable/elasticsearch-exporter/.helmignore b/stable/elasticsearch-exporter/.helmignore new file mode 100644 index 000000000000..9e7b0bbbcdc6 --- /dev/null +++ b/stable/elasticsearch-exporter/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +# OWNERS file for Kubernetes +OWNERS +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/stable/elasticsearch-exporter/Chart.yaml b/stable/elasticsearch-exporter/Chart.yaml index 937bfb1ed52f..0dfa8969d309 100644 --- a/stable/elasticsearch-exporter/Chart.yaml +++ b/stable/elasticsearch-exporter/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Elasticsearch stats exporter for Prometheus name: elasticsearch-exporter -version: 1.1.0 +version: 1.1.1 appVersion: 1.0.2 home: https://github.com/justwatchcom/elasticsearch_exporter sources: diff --git a/stable/elasticsearch-exporter/OWNERS b/stable/elasticsearch-exporter/OWNERS new file mode 100644 index 000000000000..7668bc3eacb1 --- /dev/null +++ b/stable/elasticsearch-exporter/OWNERS @@ -0,0 +1,6 @@ +approvers: +- desaintmartin +- svenmueller +reviewers: +- desaintmartin +- svenmueller diff --git a/stable/elasticsearch-exporter/templates/servicemonitor.yaml b/stable/elasticsearch-exporter/templates/servicemonitor.yaml index 0553893399aa..43a36175f79a 100644 --- a/stable/elasticsearch-exporter/templates/servicemonitor.yaml +++ b/stable/elasticsearch-exporter/templates/servicemonitor.yaml @@ -23,4 +23,7 @@ spec: matchLabels: app: {{ template "elasticsearch-exporter.name" . }} release: "{{ .Release.Name }}" + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} {{- end }} From e41880e99673510d9790ef9ea05848ffad01ff9d Mon Sep 17 00:00:00 2001 From: Christian Ingenhaag Date: Mon, 11 Feb 2019 19:21:15 +0100 Subject: [PATCH 0123/1586] add nextcloud chart (#10922) * add nextcloud chart Signed-off-by: Christian Ingenhaag * insert suggestions from reviews in #5180 Signed-off-by: Christian Ingenhaag * disable ingress per default Signed-off-by: Christian Ingenhaag * fix nextcloud e2e tests Signed-off-by: Christian Ingenhaag --- stable/nextcloud/.helmignore | 21 +++ stable/nextcloud/Chart.yaml | 17 ++ stable/nextcloud/README.md | 119 +++++++++++++ stable/nextcloud/requirements.lock | 6 + stable/nextcloud/requirements.yaml | 5 + stable/nextcloud/templates/NOTES.txt | 94 ++++++++++ stable/nextcloud/templates/_helpers.tpl | 61 +++++++ stable/nextcloud/templates/db-secret.yaml | 15 ++ stable/nextcloud/templates/deployment.yaml | 144 ++++++++++++++++ stable/nextcloud/templates/ingress.yaml | 27 +++ stable/nextcloud/templates/nextcloud-pvc.yaml | 21 +++ stable/nextcloud/templates/secrets.yaml | 18 ++ stable/nextcloud/templates/service.yaml | 21 +++ .../templates/tests/test-connection.yaml | 18 ++ stable/nextcloud/values-mariadb.yaml | 5 + stable/nextcloud/values.yaml | 160 ++++++++++++++++++ 16 files changed, 752 insertions(+) create mode 100644 stable/nextcloud/.helmignore create mode 100644 stable/nextcloud/Chart.yaml create mode 100644 stable/nextcloud/README.md create mode 100644 stable/nextcloud/requirements.lock create mode 100644 stable/nextcloud/requirements.yaml create mode 100644 stable/nextcloud/templates/NOTES.txt create mode 100644 stable/nextcloud/templates/_helpers.tpl create mode 100644 stable/nextcloud/templates/db-secret.yaml create mode 100644 stable/nextcloud/templates/deployment.yaml create mode 100644 stable/nextcloud/templates/ingress.yaml create mode 100644 stable/nextcloud/templates/nextcloud-pvc.yaml create mode 100644 stable/nextcloud/templates/secrets.yaml create mode 100644 stable/nextcloud/templates/service.yaml create mode 100644 stable/nextcloud/templates/tests/test-connection.yaml create mode 100644 stable/nextcloud/values-mariadb.yaml create mode 100644 stable/nextcloud/values.yaml diff --git a/stable/nextcloud/.helmignore b/stable/nextcloud/.helmignore new file mode 100644 index 000000000000..f0c131944441 --- /dev/null +++ b/stable/nextcloud/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/stable/nextcloud/Chart.yaml b/stable/nextcloud/Chart.yaml new file mode 100644 index 000000000000..effadc52450a --- /dev/null +++ b/stable/nextcloud/Chart.yaml @@ -0,0 +1,17 @@ +name: nextcloud +version: 1.0.0 +appVersion: 15.0.2 +description: A file sharing server that puts the control and security of your own data back into your hands. +keywords: +- nextcloud +- storage +- http +- web +- php +home: https://nextcloud.com/ +icon: https://cdn.rawgit.com/docker-library/docs/defa5ffc7123177acd60ddef6e16bddf694cc35f/nextcloud/logo.svg +sources: +- https://github.com/nextcloud/docker +maintainers: +- name: chrisingenhaag + email: christian.ingenhaag@googlemail.com diff --git a/stable/nextcloud/README.md b/stable/nextcloud/README.md new file mode 100644 index 000000000000..4c51eda2cc36 --- /dev/null +++ b/stable/nextcloud/README.md @@ -0,0 +1,119 @@ +# nextcloud + +[nextcloud](https://nextcloud.com/) is a file sharing server that puts the control and security of your own data back into your hands. + +## TL;DR; + +```console +$ helm install stable/nextcloud +``` + +## Introduction + +This chart bootstraps an [nextcloud](https://hub.docker.com/_/nextcloud/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the nextcloud application. + +## Prerequisites + +- Kubernetes 1.9+ with Beta APIs enabled +- PV provisioner support in the underlying infrastructure + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install --name my-release stable/nextcloud +``` + +The command deploys nextcloud on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the nextcloud chart and their default values. + +| Parameter | Description | Default | +|-------------------------------------|-------------------------------------------|-------------------------------------------------------- | +| `image.repository` | nextcloud Image name | `nextcloud` | +| `image.tag` | nextcloud Image tag | `{VERSION}` | +| `image.pullPolicy` | Image pull policy | `Always` if `imageTag` is `latest`, else `IfNotPresent` | +| `image.pullSecrets` | Specify image pull secrets | `nil` | +| `ingress.enabled` | Enable use of ingress controllers | `false` | +| `ingress.servicePort` | Ingress' backend servicePort | `http` | +| `ingress.annotations` | An array of service annotations | `nil` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `nextcloud.host` | nextcloud host to create application URLs | `nextcloud.kube.home` | +| `nextcloud.username` | User of the application | `admin` | +| `nextcloud.password` | Application password | `changeme` | +| `internalDatabase.enabled` | Whether to use internal sqlite database | `true` | +| `internalDatabase.database` | Name of the existing database | `nextcloud` | +| `externalDatabase.enabled` | Whether to use external database | `false` | +| `externalDatabase.host` | Host of the external database | `nil` | +| `externalDatabase.database` | Name of the existing database | `nextcloud` | +| `externalDatabase.user` | Existing username in the external db | `nextcloud` | +| `externalDatabase.password` | Password for the above username | `nil` | +| `mariadb.enabled` | Whether to use the MariaDB chart | `false` | +| `mariadb.db.name` | Database name to create | `nextcloud` | +| `mariadb.db.password` | Password for the database | `changeme` | +| `mariadb.db.user` | Database user to create | `nextcloud` | +| `mariadb.rootUser.password` | MariaDB admin password | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIp` | +| `service.loadBalancerIP` | LoadBalancerIp for service type LoadBalancer | `nil` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.storageClass` | PVC Storage Class for nextcloud volume | `nil` (uses alpha storage class annotation) | +| `persistence.existingClaim`| An Existing PVC name for nextcloud volume | `nil` (uses alpha storage class annotation) | +| `persistence.accessMode` | PVC Access Mode for nextcloud volume | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request for nextcloud volume | `8Gi` | +| `resources` | CPU/Memory resource requests/limits | `{}` | + +> **Note**: +> +> For nextcloud to function correctly, you should specify the `nextcloud.host` parameter to specify the FQDN (recommended) or the public IP address of the nextcloud service. +> +> Optionally, you can specify the `service.loadBalancerIP` parameter to assign a reserved IP address to the nextcloud service of the chart. However please note that this feature is only available on a few cloud providers (f.e. GKE). +> +> To reserve a public IP address on GKE: +> +> ```bash +> $ gcloud compute addresses create nextcloud-public-ip +> ``` +> +> The reserved IP address can be associated to the nextcloud service by specifying it as the value of the `service.loadBalancerIP` parameter while installing the chart. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install --name my-release \ + --set nextcloud.username=admin,nextcloud.password=password,mariadb.rootUser.password=secretpassword \ + stable/nextcloud +``` + +The above command sets the nextcloud administrator account username and password to `admin` and `password` respectively. Additionally, it sets the MariaDB `root` user password to `secretpassword`. + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +$ helm install --name my-release -f values.yaml stable/nextcloud +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Persistence + +The [Nextcloud](https://hub.docker.com/_/nextcloud/) image stores the nextcloud data and configurations at the `/var/www/html` paths of the container. + +Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. +See the [Configuration](#configuration) section to configure the PVC or to disable persistence. \ No newline at end of file diff --git a/stable/nextcloud/requirements.lock b/stable/nextcloud/requirements.lock new file mode 100644 index 000000000000..222b19649568 --- /dev/null +++ b/stable/nextcloud/requirements.lock @@ -0,0 +1,6 @@ +dependencies: +- name: mariadb + repository: https://kubernetes-charts.storage.googleapis.com/ + version: 5.5.0 +digest: sha256:66e8bec50806f6576f4954c145d45b44a55975cad4f10b3bdd6cc4e208055bca +generated: 2019-01-26T18:57:18.847326+01:00 diff --git a/stable/nextcloud/requirements.yaml b/stable/nextcloud/requirements.yaml new file mode 100644 index 000000000000..6582ce49e328 --- /dev/null +++ b/stable/nextcloud/requirements.yaml @@ -0,0 +1,5 @@ +dependencies: +- name: mariadb + version: ~5.5.0 + repository: https://kubernetes-charts.storage.googleapis.com/ + condition: mariadb.enabled diff --git a/stable/nextcloud/templates/NOTES.txt b/stable/nextcloud/templates/NOTES.txt new file mode 100644 index 000000000000..c755176247de --- /dev/null +++ b/stable/nextcloud/templates/NOTES.txt @@ -0,0 +1,94 @@ +{{- if or .Values.mariadb.enabled .Values.externalDatabase.host -}} + +{{- if empty (include "nextcloud.host" .) -}} +################################################################################# +### WARNING: You did not provide an external host in your 'helm install' call ### +################################################################################# + +This deployment will be incomplete until you configure nextcloud with a resolvable +host. To configure nextcloud with the URL of your service: + +1. Get the nextcloud URL by running: + + {{- if contains "NodePort" .Values.service.type }} + + export APP_PORT=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "nextcloud.fullname" . }} -o jsonpath="{.spec.ports[0].nodePort}") + export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + + {{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "nextcloud.fullname" . }}' + + export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "nextcloud.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") + export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "nextcloud.fullname" . }} -o jsonpath="{.data.nextcloud-password}" | base64 --decode) + {{- if .Values.mariadb.db.password }} + export APP_DATABASE_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "nextcloud.mariadb.fullname" . }} -o jsonpath="{.data.mariadb-password}" | base64 --decode) + {{- end }} + {{- end }} + +2. Complete your nextcloud deployment by running: + +{{- if .Values.mariadb.enabled }} + + helm upgrade {{ .Release.Name }} stable/nextcloud \ + --set nextcloud.host=$APP_HOST,nextcloud.password=$APP_PASSWORD{{ if .Values.mariadb.db.password }},mariadb.db.password=$APP_DATABASE_PASSWORD{{ end }} +{{- else }} + + ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## + + helm upgrade {{ .Release.Name }} stable/nextcloud \ + --set nextcloud.password=$APP_PASSWORD,nextcloud.host=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.host) }},externalDatabase.host={{ .Values.externalDatabase.host }}{{- end }}{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }} +{{- end }} + +{{- else -}} +1. Get the nextcloud URL by running: + +{{- if eq .Values.service.type "ClusterIP" }} + + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "nextcloud.fullname" . }}" -o jsonpath="{.items[0].metadata.name}") + echo http://127.0.0.1:8080/ + kubectl port-forward $POD_NAME 8080:8080 +{{- else }} + + echo http://{{ include "nextcloud.host" . }}{{ if .Values.nextcloudPort }}:{{ .Values.nextcloudPort }}{{ end }}/ +{{- end }} + +2. Get your nextcloud login credentials by running: + + echo User: {{ .Values.nextcloud.username }} + echo Password: $(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "nextcloud.fullname" . }} -o jsonpath="{.data.nextcloud-password}" | base64 --decode) +{{- end }} + +{{- else -}} + +####################################################################################################### +## WARNING: You did not provide an external database host in your 'helm install' call ## +## Running Nextcloud with the integrated sqlite database is not recommended for production instances ## +####################################################################################################### + +For better performance etc. you have to configure nextcloud with a resolvable database +host. To configure nextcloud to use and external database host: + + +1. Complete your nextcloud deployment by running: + +{{- if contains "NodePort" .Values.service.type }} + export APP_HOST=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") +{{- else if contains "LoadBalancer" .Values.service.type }} + + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + Watch the status with: 'kubectl get svc --namespace {{ .Release.Namespace }} -w {{ template "nextcloud.fullname" . }}' + + export APP_HOST=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "nextcloud.fullname" . }} --template "{{ "{{ range (index .status.loadBalancer.ingress 0) }}{{ . }}{{ end }}" }}") +{{- else }} + + export APP_HOST=127.0.0.1 +{{- end }} + export APP_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "nextcloud.fullname" . }} -o jsonpath="{.data.nextcloud-password}" | base64 --decode) + + ## PLEASE UPDATE THE EXTERNAL DATABASE CONNECTION PARAMETERS IN THE FOLLOWING COMMAND AS NEEDED ## + + helm upgrade {{ .Release.Name }} stable/nextcloud \ + --set nextcloud.password=$APP_PASSWORD,nextcloud.host=$APP_HOST,service.type={{ .Values.service.type }},mariadb.enabled=false{{- if not (empty .Values.externalDatabase.user) }},externalDatabase.user={{ .Values.externalDatabase.user }}{{- end }}{{- if not (empty .Values.externalDatabase.password) }},externalDatabase.password={{ .Values.externalDatabase.password }}{{- end }}{{- if not (empty .Values.externalDatabase.database) }},externalDatabase.database={{ .Values.externalDatabase.database }}{{- end }},externalDatabase.host=YOUR_EXTERNAL_DATABASE_HOST +{{- end }} \ No newline at end of file diff --git a/stable/nextcloud/templates/_helpers.tpl b/stable/nextcloud/templates/_helpers.tpl new file mode 100644 index 000000000000..0c406c3aa1f2 --- /dev/null +++ b/stable/nextcloud/templates/_helpers.tpl @@ -0,0 +1,61 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "nextcloud.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "nextcloud.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "nextcloud.mariadb.fullname" -}} +{{- printf "%s-%s" .Release.Name "mariadb" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Get the user defined LoadBalancerIP for this release. +Note, returns 127.0.0.1 if using ClusterIP. +*/}} +{{- define "nextcloud.serviceIP" -}} +{{- if eq .Values.service.type "ClusterIP" -}} +127.0.0.1 +{{- else -}} +{{- index .Values (printf "%sLoadBalancerIP" .Chart.Name) | default "" -}} +{{- end -}} +{{- end -}} + +{{/* +Gets the host to be used for this application. +If not using ClusterIP, or if a host or LoadBalancerIP is not defined, the value will be empty. +*/}} +{{- define "nextcloud.host" -}} +{{- $host := index .Values (printf "%sHost" .Chart.Name) | default "" -}} +{{- default (include "nextcloud.serviceIP" .) $host -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "nextcloud.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/stable/nextcloud/templates/db-secret.yaml b/stable/nextcloud/templates/db-secret.yaml new file mode 100644 index 000000000000..2bcdc0e7a7f3 --- /dev/null +++ b/stable/nextcloud/templates/db-secret.yaml @@ -0,0 +1,15 @@ +{{- if .Values.mariadb.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ printf "%s-%s" .Release.Name "db" }} + labels: + app.kubernetes.io/name: {{ include "nextcloud.name" . }} + helm.sh/chart: {{ include "nextcloud.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + db-password: {{ default "" .Values.mariadb.db.password | b64enc | quote }} + db-username: {{ default "" .Values.mariadb.db.user | b64enc | quote }} +{{- end }} diff --git a/stable/nextcloud/templates/deployment.yaml b/stable/nextcloud/templates/deployment.yaml new file mode 100644 index 000000000000..e06a1041a18c --- /dev/null +++ b/stable/nextcloud/templates/deployment.yaml @@ -0,0 +1,144 @@ +{{- if include "nextcloud.host" . -}} +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "nextcloud.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "nextcloud.name" . }} + helm.sh/chart: {{ include "nextcloud.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + strategy: + type: Recreate + selector: + matchLabels: + app.kubernetes.io/name: {{ include "nextcloud.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "nextcloud.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end }} + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + {{- if .Values.internalDatabase.enabled }} + - name: SQLITE_DATABASE + value: {{ .Values.internalDatabase.name | quote }} + {{- else if .Values.mariadb.enabled }} + - name: MYSQL_HOST + value: {{ template "nextcloud.mariadb.fullname" . }} + - name: MYSQL_DATABASE + value: {{ .Values.mariadb.db.name | quote }} + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: {{ printf "%s-%s" .Release.Name "db" }} + key: db-username + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ printf "%s-%s" .Release.Name "db" }} + key: db-password + {{- else }} + - name: MYSQL_HOST + value: {{ .Values.externalDatabase.host | quote }} + - name: MYSQL_DATABASE + value: {{ .Values.externalDatabase.database | quote }} + - name: MYSQL_USER + valueFrom: + secretKeyRef: + name: {{ printf "%s-%s" .Release.Name "db" }} + key: db-username + - name: MYSQL_PASSWORD + valueFrom: + secretKeyRef: + name: {{ printf "%s-%s" .Release.Name "db" }} + key: db-password + {{- end }} + - name: NEXTCLOUD_ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "nextcloud.fullname" . }} + key: nextcloud-username + - name: NEXTCLOUD_ADMIN_PASSWORD + valueFrom: + secretKeyRef: + name: {{ template "nextcloud.fullname" . }} + key: nextcloud-password + - name: NEXTCLOUD_TRUSTED_DOMAINS + value: {{ .Values.nextcloud.host }} + ports: + - name: http + containerPort: 80 + protocol: TCP + livenessProbe: + httpGet: + path: /status.php + port: http + httpHeaders: + - name: Host + value: {{ include "nextcloud.host" . | quote }} + initialDelaySeconds: 30 + timeoutSeconds: 5 + failureThreshold: 6 + readinessProbe: + httpGet: + path: /status.php + port: http + httpHeaders: + - name: Host + value: {{ include "nextcloud.host" . | quote }} + initialDelaySeconds: 30 + timeoutSeconds: 3 + periodSeconds: 5 + resources: +{{ toYaml .Values.resources | indent 10 }} + volumeMounts: + - name: nextcloud-data + mountPath: /var/www/html/ + subPath: root + - name: nextcloud-data + mountPath: /var/www/html/data + subPath: data + - name: nextcloud-data + mountPath: /var/www/html/config + subPath: config + - name: nextcloud-data + mountPath: /var/www/html/custom_apps + subPath: custom_apps + - name: nextcloud-data + mountPath: /var/www/html/themes + subPath: themes + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + volumes: + - name: nextcloud-data + {{- if .Values.persistence.enabled }} + persistentVolumeClaim: + claimName: {{ if .Values.persistence.existingClaim }}{{ .Values.persistence.existingClaim }}{{- else }}{{ template "nextcloud.fullname" . }}-nextcloud{{- end }} + {{- else }} + emptyDir: {} + {{- end }} +{{- end -}} diff --git a/stable/nextcloud/templates/ingress.yaml b/stable/nextcloud/templates/ingress.yaml new file mode 100644 index 000000000000..b02ece4201f2 --- /dev/null +++ b/stable/nextcloud/templates/ingress.yaml @@ -0,0 +1,27 @@ +{{- if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ template "nextcloud.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "nextcloud.name" . }} + helm.sh/chart: {{ include "nextcloud.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- if .Values.ingress.annotations }} + annotations: +{{ toYaml .Values.ingress.annotations | indent 4 }} +{{- end }} +spec: + rules: + - host: {{ .Values.nextcloud.host }} + http: + paths: + - backend: + serviceName: {{ template "nextcloud.fullname" . }} + servicePort: {{ .Values.service.port }} +{{- if .Values.ingress.tls }} + tls: +{{ toYaml .Values.ingress.tls | indent 4 }} +{{- end -}} +{{- end }} diff --git a/stable/nextcloud/templates/nextcloud-pvc.yaml b/stable/nextcloud/templates/nextcloud-pvc.yaml new file mode 100644 index 000000000000..f1a00da58d74 --- /dev/null +++ b/stable/nextcloud/templates/nextcloud-pvc.yaml @@ -0,0 +1,21 @@ +{{- if .Values.persistence.enabled -}} +{{- if not .Values.persistence.existingClaim -}} +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: {{ template "nextcloud.fullname" . }}-nextcloud +spec: + accessModes: + - {{ .Values.persistence.accessMode | quote }} + resources: + requests: + storage: {{ .Values.persistence.size | quote }} +{{- if .Values.persistence.storageClass }} +{{- if (eq "-" .Values.persistence.storageClass) }} + storageClassName: "" +{{- else }} + storageClassName: "{{ .Values.persistence.storageClass }}" +{{- end }} +{{- end }} +{{- end -}} +{{- end -}} diff --git a/stable/nextcloud/templates/secrets.yaml b/stable/nextcloud/templates/secrets.yaml new file mode 100644 index 000000000000..b24aa69966a2 --- /dev/null +++ b/stable/nextcloud/templates/secrets.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "nextcloud.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "nextcloud.name" . }} + helm.sh/chart: {{ include "nextcloud.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +type: Opaque +data: + nextcloud-username: {{ .Values.nextcloud.username | b64enc | quote }} + {{ if .Values.nextcloud.password }} + nextcloud-password: {{ .Values.nextcloud.password | b64enc | quote }} + {{ else }} + nextcloud-password: {{ randAlphaNum 10 | b64enc | quote }} + {{ end }} + \ No newline at end of file diff --git a/stable/nextcloud/templates/service.yaml b/stable/nextcloud/templates/service.yaml new file mode 100644 index 000000000000..290098051a4c --- /dev/null +++ b/stable/nextcloud/templates/service.yaml @@ -0,0 +1,21 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "nextcloud.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "nextcloud.name" . }} + helm.sh/chart: {{ include "nextcloud.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + {{- if eq .Values.service.type "LoadBalancer" }} + loadBalancerIP: {{ default "" .Values.service.loadBalancerIP }} + {{- end }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "nextcloud.name" . }} diff --git a/stable/nextcloud/templates/tests/test-connection.yaml b/stable/nextcloud/templates/tests/test-connection.yaml new file mode 100644 index 000000000000..b1de9095cf7d --- /dev/null +++ b/stable/nextcloud/templates/tests/test-connection.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "nextcloud.fullname" . }}-test-connection" + labels: + app.kubernetes.io/name: {{ include "nextcloud.name" . }} + helm.sh/chart: {{ include "nextcloud.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['--header', 'Host: {{ .Values.nextcloud.host }}', '{{ include "nextcloud.fullname" . }}:{{ .Values.service.port }}/status.php'] + restartPolicy: Never diff --git a/stable/nextcloud/values-mariadb.yaml b/stable/nextcloud/values-mariadb.yaml new file mode 100644 index 000000000000..cc769937eb84 --- /dev/null +++ b/stable/nextcloud/values-mariadb.yaml @@ -0,0 +1,5 @@ +internalDatabase: + enabled: false + +mariadb: + enabled: true \ No newline at end of file diff --git a/stable/nextcloud/values.yaml b/stable/nextcloud/values.yaml new file mode 100644 index 000000000000..11862bb3471f --- /dev/null +++ b/stable/nextcloud/values.yaml @@ -0,0 +1,160 @@ +## Official nextcloud image version +## ref: https://hub.docker.com/r/library/nextcloud/tags/ +## +image: + repository: nextcloud + tag: 15.0.2-apache + pullPolicy: IfNotPresent + # pullSecrets: + # - myRegistrKeySecretName + +nameOverride: "" +fullnameOverride: "" + +# Number of replicas to be deployed +replicaCount: 1 + +## Allowing use of ingress controllers +## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ +## +ingress: + enabled: false + annotations: {} + # nginx.ingress.kubernetes.io/proxy-body-size: 4G + # kubernetes.io/tls-acme: "true" + # certmanager.k8s.io/cluster-issuer: letsencrypt-prod + # nginx.ingress.kubernetes.io/server-snippet: |- + # add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;"; + # add_header X-Robots-Tag none; + # add_header X-Download-Options noopen; + # add_header X-Permitted-Cross-Domain-Policies none; + # add_header X-Content-Type-Options nosniff; + # add_header X-XSS-Protection "1; mode=block"; + # add_header Referrer-Policy no-referrer; + # rewrite ^/.well-known/webfinger /public.php?service=webfinger last; + # rewrite ^/.well-known/host-meta /public.php?service=host-meta last; + # rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json; + # location = /.well-known/carddav { + # return 301 $scheme://$host/remote.php/dav; + # } + # location = /.well-known/caldav { + # return 301 $scheme://$host/remote.php/dav; + # } + # location = /robots.txt { + # allow all; + # log_not_found off; + # access_log off; + # } + # location ~ \.(?:png|html|ttf|ico|jpg|jpeg)$ { + # try_files $uri /index.php$request_uri; + # # Optional: Don't log access to other assets + # access_log off; + # } + # location / { + # rewrite ^ /index.php$request_uri; + # } + # location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ { + # deny all; + # } + # location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) { + # deny all; + # } + # tls: + # - secretName: nextcloud-tls + # hosts: + # - nextcloud.kube.home + +nextcloud: + host: nextcloud.kube.home + username: admin + password: changeme + + +internalDatabase: + enabled: true + name: nextcloud + + +## +## External database configuration +## +externalDatabase: + enabled: false + + ## Database host + host: + + ## Database user + user: nextcloud + + ## Database password + password: + + ## Database name + database: nextcloud + +## +## MariaDB chart configuration +## +mariadb: + ## Whether to deploy a mariadb server to satisfy the applications database requirements. To use an external database set this to false and configure the externalDatabase parameters + enabled: false + + db: + name: nextcloud + user: nextcloud + password: changeme + + ## Enable persistence using Persistent Volume Claims + ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ + ## + persistence: + enabled: false + accessMode: ReadWriteOnce + size: 8Gi + +service: + type: ClusterIP + port: 8080 + loadBalancerIP: nil + + +## Enable persistence using Persistent Volume Claims +## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ +## +persistence: + enabled: false + ## nextcloud data Persistent Volume Storage Class + ## If defined, storageClassName: + ## If set to "-", storageClassName: "", which disables dynamic provisioning + ## If undefined (the default) or set to null, no storageClassName spec is + ## set, choosing the default provisioner. (gp2 on AWS, standard on + ## GKE, AWS & OpenStack) + ## + # storageClass: "-" + + ## A manually managed Persistent Volume and Claim + ## Requires persistence.enabled: true + ## If defined, PVC must be created manually before volume will be bound + # existingClaim: + + accessMode: ReadWriteOnce + size: 8Gi + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From a5d1dff5b5c9ccf07ce65df76851c490c92e31d3 Mon Sep 17 00:00:00 2001 From: manzoon Date: Mon, 11 Feb 2019 19:25:14 +0000 Subject: [PATCH 0124/1586] =?UTF-8?q?[stable/fluent-bit]=20Parametrize=20f?= =?UTF-8?q?lush=20interval=20and=20log=20level=20in=20the=20S=E2=80=A6=20(?= =?UTF-8?q?#11305)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/fluent-bit] Parametrize flush interval and log level in the SERVICE section Signed-off-by: Marcin Kubrak * [stable/fluent-bit] bump chart version Signed-off-by: Marcin Kubrak * [stable/fluent-bit] Bump minor version instead of the patch version Signed-off-by: Marcin Kubrak --- stable/fluent-bit/Chart.yaml | 2 +- stable/fluent-bit/README.md | 2 ++ stable/fluent-bit/templates/config.yaml | 4 ++-- stable/fluent-bit/values.yaml | 4 ++++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/stable/fluent-bit/Chart.yaml b/stable/fluent-bit/Chart.yaml index e3352eb8309b..79939fb253fb 100755 --- a/stable/fluent-bit/Chart.yaml +++ b/stable/fluent-bit/Chart.yaml @@ -1,5 +1,5 @@ name: fluent-bit -version: 1.6.0 +version: 1.7.0 appVersion: 1.0.4 description: Fast and Lightweight Log/Data Forwarder for Linux, BSD and OSX keywords: diff --git a/stable/fluent-bit/README.md b/stable/fluent-bit/README.md index a76d75d1b0c4..27ddf7e9e50e 100644 --- a/stable/fluent-bit/README.md +++ b/stable/fluent-bit/README.md @@ -87,6 +87,8 @@ The following table lists the configurable parameters of the Fluent-Bit chart an | `extraPorts` | List of extra ports | | | `extraVolumeMounts` | Mount an extra volume, required to mount ssl certificates when elasticsearch has tls enabled | | | `extraVolume` | Extra volume | | +| `service.flush` | Interval to flush output (seconds) | `1` | +| `service.logLevel` | Diagnostic level (error/warning/info/debug/trace) | `info` | | `filter.enableExclude` | Enable the use of monitoring for a pod annotation of `fluentbit.io/exclude: true`. If present, discard logs from that pod. | `true` | | `filter.enableParser` | Enable the use of monitoring for a pod annotation of `fluentbit.io/parser: parser_name`. parser_name must be the name of a parser contained within parsers.conf | `true` | | `filter.kubeURL` | Optional custom configmaps | `https://kubernetes.default.svc:443` | diff --git a/stable/fluent-bit/templates/config.yaml b/stable/fluent-bit/templates/config.yaml index ef5f8055d5ad..7ab07b478de4 100644 --- a/stable/fluent-bit/templates/config.yaml +++ b/stable/fluent-bit/templates/config.yaml @@ -11,9 +11,9 @@ metadata: data: fluent-bit-service.conf: |- [SERVICE] - Flush 1 + Flush {{ .Values.service.flush }} Daemon Off - Log_Level info + Log_Level {{ .Values.service.logLevel }} Parsers_File parsers.conf {{- if .Values.parsers.enabled }} Parsers_File parsers_custom.conf diff --git a/stable/fluent-bit/values.yaml b/stable/fluent-bit/values.yaml index dfda08dd7570..46e68d286afe 100644 --- a/stable/fluent-bit/values.yaml +++ b/stable/fluent-bit/values.yaml @@ -178,6 +178,10 @@ tolerations: [] nodeSelector: {} affinity: {} +service: + flush: 1 + logLevel: info + input: tail: memBufLimit: 5MB From eef006ab1bef548b782c1780c3a45eb07840f521 Mon Sep 17 00:00:00 2001 From: Ken Wronkiewicz Date: Mon, 11 Feb 2019 12:48:56 -0800 Subject: [PATCH 0125/1586] Add redisHost variable, clear up postgresHost mysteries (#11336) * Add redisHost variable, clear up postgresHost mysteries * Removed postgresql.uri field that doesn't do anything * Clarified docs in a few places about the right place to configure postgresql * Added redisHost that works in the same way as postgresHost * Removed unnecessary extra printf's. Signed-off-by: Ken Wronkiewicz * Version bump. Signed-off-by: Ken Wronkiewicz * Fix lint. Signed-off-by: Ken Wronkiewicz --- stable/airflow/Chart.yaml | 2 +- stable/airflow/README.md | 1 + stable/airflow/templates/_helpers.tpl | 12 ++++++++---- stable/airflow/values.yaml | 11 ++++++----- 4 files changed, 16 insertions(+), 10 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index e676c496836c..ed8b03f5a6ae 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,6 +1,6 @@ description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 0.16.0 +version: 0.17.0 appVersion: 1.10.0 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/README.md b/stable/airflow/README.md index 7e350e0ca392..256c5ff9bdd7 100644 --- a/stable/airflow/README.md +++ b/stable/airflow/README.md @@ -327,6 +327,7 @@ The following table lists the configurable parameters of the Airflow chart and t | `postgresql.persistance.storageClass` | Persistant class | (undefined) | | `postgresql.persistance.accessMode` | Access mode | `ReadWriteOnce` | | `redis.enabled` | Create a Redis cluster | `true` | +| `redis.redisHost` | Redis Hostname | (undefined) | | `redis.password` | Redis password | `airflow` | | `redis.master.persistence.enabled` | Enable Redis PVC | `false` | | `redis.cluster.enabled` | enable master-slave cluster | `false` | diff --git a/stable/airflow/templates/_helpers.tpl b/stable/airflow/templates/_helpers.tpl index 3bae58afe560..182b307a85c3 100644 --- a/stable/airflow/templates/_helpers.tpl +++ b/stable/airflow/templates/_helpers.tpl @@ -38,7 +38,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this */}} {{- define "airflow.postgresql.fullname" -}} {{- if .Values.postgresql.postgresHost }} - {{- printf "%s" .Values.postgresql.postgresHost -}} + {{- .Values.postgresql.postgresHost -}} {{- else }} {{- $name := default "postgresql" .Values.postgresql.nameOverride -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} @@ -46,12 +46,16 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- end -}} {{/* -Create a default fully qualified redis cluster name. +Create a default fully qualified redis cluster name or use the `redisHost` value if defined We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "airflow.redis.fullname" -}} -{{- $name := default "redis" .Values.redis.nameOverride -}} -{{- printf "%s-%s-master" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- if .Values.redis.redisHost }} + {{- .Values.redis.redisHost -}} +{{- else }} + {{- $name := default "redis" .Values.redis.nameOverride -}} + {{- printf "%s-%s-master" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} {{- end -}} {{/* diff --git a/stable/airflow/values.yaml b/stable/airflow/values.yaml index 02a18b8c3fe5..2dbfff0ecd3e 100644 --- a/stable/airflow/values.yaml +++ b/stable/airflow/values.yaml @@ -379,11 +379,8 @@ postgresql: ## Set to false if bringing your own PostgreSQL. enabled: true ## - ## If bringing your own PostgreSQL, the full uri to use - ## e.g. postgres://airflow:changeme@my-postgres.com:5432/airflow?sslmode=disable - # uri: - ## - ## PostgreSQL hostname + ## If you are bringing your own PostgreSQL, you should set postgresHost and + ## also probably service.port, postgresUser, postgresPassword, and postgresDatabase ## postgresHost: ## ## PostgreSQL port @@ -421,7 +418,11 @@ redis: ## Set to false if bringing your own redis. enabled: true ## + ## If you are bringing your own redis, you can set the host in redisHost. + ## redisHost: + ## ## Redis password + ## password: airflow ## ## Master configuration From a0366c6083a7d566b67773f0d48503f307f1efad Mon Sep 17 00:00:00 2001 From: Markus Maga Date: Tue, 12 Feb 2019 00:14:35 +0100 Subject: [PATCH 0126/1586] Ambassador chart (#11294) * Ambassador chart Signed-off-by: Markus Maga * fix default values, remove timings in favor of envs Signed-off-by: Markus Maga * fix default pod annotations Signed-off-by: Markus Maga * fix lint and invalid value paths Signed-off-by: Markus Maga * add ci values Signed-off-by: Markus Maga * merge daemonset and deployment template Signed-off-by: Markus Maga * remove single namespace env from template Signed-off-by: Markus Maga * add some migration info Signed-off-by: Markus Maga * format readme Signed-off-by: Markus Maga * add external traffic policy value Signed-off-by: Markus Maga * sort parameters Signed-off-by: Markus Maga * fix parameters Signed-off-by: Markus Maga * change default to run as non-root Signed-off-by: Markus Maga * readme fixes Signed-off-by: Markus Maga * remove unneccesary imageTag template and bump tag to 0.50.1 Signed-off-by: Markus Maga * fix typo, note that default target ports changed Signed-off-by: Markus Maga * update homepage url Signed-off-by: Markus Maga * add source link to prometheus statsd exporter Signed-off-by: Markus Maga * add simple test Signed-off-by: Markus Maga * fix Signed-off-by: Markus Maga * tweak migration readme section Signed-off-by: Markus Maga * allow setting entire security context for the pod Signed-off-by: Markus Maga * add default values for ci and use daemonSet in ci Signed-off-by: Markus Maga * test disable kubewatch for ci Signed-off-by: Markus Maga * rename config to exporter-config Signed-off-by: Markus Maga * add possibility to set ambassador config to be mounted as file Signed-off-by: Markus Maga * use mounted config in ci Signed-off-by: Markus Maga * only run test for deployment Signed-off-by: Markus Maga --- stable/ambassador/.helmignore | 23 +++ stable/ambassador/Chart.yaml | 20 +++ stable/ambassador/OWNERS | 6 + stable/ambassador/README.md | 165 ++++++++++++++++++ stable/ambassador/ci/ci-values.yaml | 26 +++ stable/ambassador/ci/default-values.yaml | 9 + stable/ambassador/templates/NOTES.txt | 26 +++ stable/ambassador/templates/_helpers.tpl | 43 +++++ .../ambassador/templates/admin-service.yaml | 24 +++ stable/ambassador/templates/config.yaml | 14 ++ stable/ambassador/templates/deployment.yaml | 150 ++++++++++++++++ .../ambassador/templates/exporter-config.yaml | 17 ++ stable/ambassador/templates/rbac.yaml | 40 +++++ stable/ambassador/templates/service.yaml | 48 +++++ .../ambassador/templates/serviceaccount.yaml | 11 ++ .../templates/tests/test-ready.yaml | 20 +++ stable/ambassador/values.yaml | 137 +++++++++++++++ 17 files changed, 779 insertions(+) create mode 100644 stable/ambassador/.helmignore create mode 100644 stable/ambassador/Chart.yaml create mode 100644 stable/ambassador/OWNERS create mode 100755 stable/ambassador/README.md create mode 100644 stable/ambassador/ci/ci-values.yaml create mode 100644 stable/ambassador/ci/default-values.yaml create mode 100644 stable/ambassador/templates/NOTES.txt create mode 100644 stable/ambassador/templates/_helpers.tpl create mode 100644 stable/ambassador/templates/admin-service.yaml create mode 100644 stable/ambassador/templates/config.yaml create mode 100644 stable/ambassador/templates/deployment.yaml create mode 100644 stable/ambassador/templates/exporter-config.yaml create mode 100644 stable/ambassador/templates/rbac.yaml create mode 100644 stable/ambassador/templates/service.yaml create mode 100644 stable/ambassador/templates/serviceaccount.yaml create mode 100644 stable/ambassador/templates/tests/test-ready.yaml create mode 100644 stable/ambassador/values.yaml diff --git a/stable/ambassador/.helmignore b/stable/ambassador/.helmignore new file mode 100644 index 000000000000..a0482efdf830 --- /dev/null +++ b/stable/ambassador/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +OWNERS diff --git a/stable/ambassador/Chart.yaml b/stable/ambassador/Chart.yaml new file mode 100644 index 000000000000..304c30428e8d --- /dev/null +++ b/stable/ambassador/Chart.yaml @@ -0,0 +1,20 @@ +apiVersion: v1 +appVersion: 0.50.1 +description: A Helm chart for Datawire Ambassador +name: ambassador +version: 1.0.0 +home: https://www.getambassador.io/ +sources: + - https://github.com/datawire/ambassador + - https://github.com/prometheus/statsd_exporter +keywords: + - api gateway + - ambassador + - datawire + - envoy +maintainers: + - name: flydiverny + email: markus@maga.se + - name: kflynn + email: flynn@datawire.io +engine: gotpl diff --git a/stable/ambassador/OWNERS b/stable/ambassador/OWNERS new file mode 100644 index 000000000000..21b46605c80a --- /dev/null +++ b/stable/ambassador/OWNERS @@ -0,0 +1,6 @@ +approvers: +- kflynn +- flydiverny +reviewers: +- kflynn +- flydiverny diff --git a/stable/ambassador/README.md b/stable/ambassador/README.md new file mode 100755 index 000000000000..524bfd440254 --- /dev/null +++ b/stable/ambassador/README.md @@ -0,0 +1,165 @@ +# Ambassador + +Ambassador is an open source, Kubernetes-native [microservices API gateway](https://www.getambassador.io/about/microservices-api-gateways) built on the [Envoy Proxy](https://www.envoyproxy.io/). + +## TL;DR; + +```console +$ helm install stable/ambassador +``` + +## Introduction + +This chart bootstraps an [Ambassador](https://www.getambassador.io) deployment on +a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.7+ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install --name my-release stable/ambassador +``` + +The command deploys Ambassador API gateway on the Kubernetes cluster in the default configuration. +The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete --purge my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following tables lists the configurable parameters of the Ambassador chart and their default values. + +| Parameter | Description | Default | +| ---------------------------------- | ------------------------------------------------------------------------------- | ----------------------------- | +| `adminService.create` | If `true`, create a service for Ambassador's admin UI | `true` | +| `adminService.nodePort` | If explicit NodePort for admin service is required | `true` | +| `adminService.type` | Ambassador's admin service type to be used | `ClusterIP` | +| `ambassador.id` | Set the identifier of the Ambassador instance | `default` | +| `ambassadorConfig` | Config thats mounted to `/ambassador/ambassador-config` | `""` | +| `daemonSet` | If `true`, Create a daemonSet. By default Deployment controller will be created | `false` | +| `env` | Any additional environment variables for ambassador pods | `{}` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.repository` | Image | `quay.io/datawire/ambassador` | +| `image.tag` | Image tag | `0.50.1` | +| `imagePullSecrets` | Image pull secrets | `[]` | +| `namespace.name` | Set the `AMBASSADOR_NAMESPACE` environment variable | `metadata.namespace` | +| `podAnnotations` | Additional annotations for ambassador pods | `{}` | +| `prometheusExporter.enabled` | Prometheus exporter side-car enabled | `false` | +| `prometheusExporter.pullPolicy` | Image pull policy | `IfNotPresent` | +| `prometheusExporter.repository` | Prometheus exporter image | `prom/statsd-exporter` | +| `prometheusExporter.tag` | Prometheus exporter image | `v0.8.1` | +| `rbac.create` | If `true`, create and use RBAC resources | `true` | +| `replicaCount` | Number of Ambassador replicas | `1` | +| `resources` | CPU/memory resource requests/limits | `{}` | +| `securityContext` | Set security context for pod | `{ "runAsUser": "8888" }` | +| `service.annotations` | Annotations to apply to Ambassador service | `{"getambassador.io/config":"---\napiVersion: ambassador/v1\nkind: Module\nname: ambassador\nconfig:\n service_port: 8080"}` | +| `service.externalTrafficPolicy` | Sets the external traffic policy for the service | `""` | +| `service.http.enabled` | if port 80 should be opened for service | `true` | +| `service.http.nodePort` | If explicit NodePort is required | None | +| `service.http.port` | if port 443 should be opened for service | `true` | +| `service.http.targetPort` | Sets the targetPort that maps to the service's cleartext port | `8080` | +| `service.https.enabled` | if port 443 should be opened for service | `true` | +| `service.https.nodePort` | If explicit NodePort is required | None | +| `service.https.port` | if port 443 should be opened for service | `true` | +| `service.https.targetPort` | Sets the targetPort that maps to the service's TLS port | `8443` | +| `service.loadBalancerIP` | IP address to assign (if cloud provider supports it) | `""` | +| `service.loadBalancerSourceRanges` | Passed to cloud provider load balancer if created (e.g: AWS ELB) | None | +| `service.type` | Service type to be used | `LoadBalancer` | +| `serviceAccount.create` | If `true`, create a new service account | `true` | +| `serviceAccount.name` | Service account to be used | `ambassador` | +| `volumeMounts` | Volume mounts for the ambassador service | `[]` | +| `volumes` | Volumes for the ambassador service | `[]` | + +**NOTE:** Make sure the configured `service.http.targetPort` and `service.https.targetPort` ports match your [Ambassador Module's](https://www.getambassador.io/reference/modules/#the-ambassador-module) `service_port` and `redirect_cleartext_from` configurations. + +If you intend to use `service.annotations`, remember to include the annotation key, for example: + +``` +service: + type: LoadBalancer + + http: + port: 80 + targetPort: 8080 + + annotations: + getambassador.io/config: | + --- + apiVersion: ambassador/v1 + kind: Module + name: ambassador + config: + redirect_cleartext_from: 8080 +``` + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm upgrade --install --wait my-release \ + --set adminService.type=NodePort \ + stable/ambassador +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +$ helm upgrade --install --wait my-release -f values.yaml stable/ambassador +``` + +--- + +# Upgrading + +## Migrating from `datawire/ambassador` chart (chart version 0.40.0 or 0.50.0) + +Chart now runs ambassador as non-root by default, so you might need to update your ambassador module config to match this. + +### Timings + +Timings values have been removed in favor of setting the env variables using `env´ + +| Parameter | Env variables | +| ----------------- | -------------------------- | +| `timing.restart` | `AMBASSADOR_RESTART_TIME` | +| `timing.drain` | `AMBASSADOR_DRAIN_TIME` | +| `timing.shutdown` | `AMBASSADOR_SHUTDOWN_TIME` | + +### Single namespace + +| Parameter | Env variables | +| ------------------ | ----------------------------- | +| `namespace.single` | `AMBASSADOR_SINGLE_NAMESPACE` | + +### Renamed values + +Service ports values have changed names and target ports have new defaults. + +| Previous parameter | New parameter | New default value | +| --------------------------- | -------------------------- | ---------- | +| `service.enableHttp` | `service.http.enabled` | | +| `service.httpPort` | `service.http.port` | | +| `service.httpNodePort` | `service.http.nodePort` | | +| `service.targetPorts.http` | `service.http.targetPort` | `8080` | +| `service.enableHttps` | `service.https.enabled` | | +| `service.httpsPort` | `service.https.port` | | +| `service.httpsNodePort` | `service.https.nodePort` | | +| `service.targetPorts.https` | `service.https.targetPort` | `8443` | + +### Exporter sidecar + +Pre version `0.50.0` ambassador was using socat and required a sidecar to export statsd metrics. In `0.50.0` ambassador no longer uses socat and doesn't need a sidecar anymore to export its statsd metrics. Statsd metrics are disabled by default and can be enabled by setting environment `STATSD_ENABLED`, this will (in 0.50) send metrics to a service named `statsd-sink`, if you want to send it to another service or namespace it can be changed by setting `STATSD_HOST` + +If you are using prometheus the chart allows you to enable a sidecar which can export to prometheus see the `prometheusExporter` values. diff --git a/stable/ambassador/ci/ci-values.yaml b/stable/ambassador/ci/ci-values.yaml new file mode 100644 index 000000000000..d1d42dd5c969 --- /dev/null +++ b/stable/ambassador/ci/ci-values.yaml @@ -0,0 +1,26 @@ +daemonSet: true +rbac: + create: false + +prometheusExporter: + enabled: true + +env: + AMBASSADOR_SINGLE_NAMESPACE: true + AMBASSADOR_NO_KUBEWATCH: no_kubewatch + +volumes: + - name: nothing + emptyDir: {} + +volumeMounts: + - mountPath: /var/nothing + name: nothing + readOnly: true + +ambassadorConfig: | + apiVersion: ambassador/v1 + kind: Module + name: ambassador + config: + service_port: 8080 diff --git a/stable/ambassador/ci/default-values.yaml b/stable/ambassador/ci/default-values.yaml new file mode 100644 index 000000000000..8fb6aad6a2a2 --- /dev/null +++ b/stable/ambassador/ci/default-values.yaml @@ -0,0 +1,9 @@ +env: + AMBASSADOR_NO_KUBEWATCH: no_kubewatch + +ambassadorConfig: | + apiVersion: ambassador/v1 + kind: Module + name: ambassador + config: + service_port: 8080 diff --git a/stable/ambassador/templates/NOTES.txt b/stable/ambassador/templates/NOTES.txt new file mode 100644 index 000000000000..f84fd5f2862f --- /dev/null +++ b/stable/ambassador/templates/NOTES.txt @@ -0,0 +1,26 @@ +Congratuations! You've successfully installed Ambassador. + +For help, visit our Slack at https://d6e.co/slack or view the documentation online at https://www.getambassador.io. + +To get the IP address of Ambassador, run the following commands: + +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "ambassador.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} +NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w --namespace {{ .Release.Namespace }} {{ include "ambassador.fullname" . }}' + + On GKE/Azure: + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + + On AWS: + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "ambassador.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].hostname}') + + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ include "ambassador.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/stable/ambassador/templates/_helpers.tpl b/stable/ambassador/templates/_helpers.tpl new file mode 100644 index 000000000000..6540f582fbfa --- /dev/null +++ b/stable/ambassador/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "ambassador.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "ambassador.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "ambassador.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "ambassador.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "ambassador.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/stable/ambassador/templates/admin-service.yaml b/stable/ambassador/templates/admin-service.yaml new file mode 100644 index 000000000000..1ad80e356868 --- /dev/null +++ b/stable/ambassador/templates/admin-service.yaml @@ -0,0 +1,24 @@ +{{- if .Values.adminService.create -}} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "ambassador.fullname" . }}-admins + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + type: {{ .Values.adminService.type }} + ports: + - port: {{ .Values.adminService.port }} + targetPort: admin + protocol: TCP + name: admin + {{- if (and (eq .Values.adminService.type "NodePort") (not (empty .Values.adminService.nodePort))) }} + nodePort: {{ .Values.adminService.nodePort }} + {{- end }} + selector: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end -}} diff --git a/stable/ambassador/templates/config.yaml b/stable/ambassador/templates/config.yaml new file mode 100644 index 000000000000..7f8b836ed1cc --- /dev/null +++ b/stable/ambassador/templates/config.yaml @@ -0,0 +1,14 @@ +{{- if .Values.ambassadorConfig }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: '{{ include "ambassador.fullname" . }}-file-config' + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: + ambassadorConfig: |- + {{- .Values.ambassadorConfig | nindent 4 }} +{{- end }} diff --git a/stable/ambassador/templates/deployment.yaml b/stable/ambassador/templates/deployment.yaml new file mode 100644 index 000000000000..d2509937c7ea --- /dev/null +++ b/stable/ambassador/templates/deployment.yaml @@ -0,0 +1,150 @@ +apiVersion: apps/v1 +{{- if .Values.daemonSet }} +kind: DaemonSet +{{- else }} +kind: Deployment +{{- end }} +metadata: + name: {{ include "ambassador.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: +{{- if not .Values.daemonSet }} + replicas: {{ .Values.replicaCount }} +{{- end }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + annotations: + checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} + {{- if .Values.podAnnotations }} + {{- toYaml .Values.podAnnotations | nindent 8 }} + {{- end }} + spec: + {{- with .Values.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} + serviceAccountName: {{ include "ambassador.serviceAccountName" . }} + volumes: + {{- if .Values.prometheusExporter.enabled }} + - name: stats-exporter-mapping-config + configMap: + name: {{ include "ambassador.fullname" . }}-exporter-config + items: + - key: exporterConfiguration + path: mapping-config.yaml + {{- end }} + {{- if .Values.ambassadorConfig }} + - name: ambassador-config + configMap: + name: {{ include "ambassador.fullname" . }}-file-config + items: + - key: ambassadorConfig + path: ambassador-config.yaml + {{- end }} + {{- with .Values.volumes }} + {{- toYaml . | nindent 8 }} + {{- end }} + containers: + {{- if .Values.prometheusExporter.enabled }} + - name: prometheus-exporter + image: "{{ .Values.prometheusExporter.repository }}:{{ .Values.prometheusExporter.tag }}" + imagePullPolicy: {{ .Values.prometheusExporter.pullPolicy }} + ports: + - name: metrics + containerPort: 9102 + - name: listener + containerPort: 8125 + args: + - --statsd.listen-udp=:8125 + - --web.listen-address=:9102 + - --statsd.mapping-config=/statsd-exporter/mapping-config.yaml + volumeMounts: + - name: stats-exporter-mapping-config + mountPath: /statsd-exporter/ + readOnly: true + {{- end }} + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + {{- if .Values.service.http.enabled }} + - name: http + containerPort: {{ .Values.service.http.targetPort }} + {{- end }} + {{- if .Values.service.https.enabled }} + - name: https + containerPort: {{ .Values.service.https.targetPort }} + {{- end }} + - name: admin + containerPort: 8877 + env: + {{- if .Values.prometheusExporter.enabled }} + - name: STATSD_ENABLED + value: "true" + - name: STATSD_HOST + value: "localhost" + {{- end }} + - name: AMBASSADOR_ID + value: {{ .Values.ambassador.id | quote }} + - name: AMBASSADOR_NAMESPACE + {{- if .Values.namespace.name }} + value: {{ .Values.namespace.name | quote }} + {{ else }} + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- end -}} + {{- if .Values.env }} + {{- range $key,$value := .Values.env }} + - name: {{ $key | upper | quote}} + value: {{ $value | quote}} + {{- end }} + {{- end }} + livenessProbe: + httpGet: + path: /ambassador/v0/check_alive + port: admin + initialDelaySeconds: 30 + periodSeconds: 3 + readinessProbe: + httpGet: + path: /ambassador/v0/check_ready + port: admin + initialDelaySeconds: 30 + periodSeconds: 3 + volumeMounts: + {{- if .Values.ambassadorConfig }} + - name: ambassador-config + mountPath: /ambassador/ambassador-config/ambassador-config.yaml + subPath: ambassador-config.yaml + {{- end }} + {{- with .Values.volumeMounts }} + {{- toYaml . | nindent 12 }} + {{- end }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + imagePullSecrets: + {{- toYaml .Values.imagePullSecrets | nindent 8 }} diff --git a/stable/ambassador/templates/exporter-config.yaml b/stable/ambassador/templates/exporter-config.yaml new file mode 100644 index 000000000000..735da2e62f16 --- /dev/null +++ b/stable/ambassador/templates/exporter-config.yaml @@ -0,0 +1,17 @@ +{{- if .Values.prometheusExporter.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: '{{ include "ambassador.fullname" . }}-exporter-config' + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: + exporterConfiguration: +{{- if .Values.prometheusExporter.configuration }} | + {{- .Values.prometheusExporter.configuration | nindent 4 }} +{{- else }} '' +{{- end }} +{{- end }} diff --git a/stable/ambassador/templates/rbac.yaml b/stable/ambassador/templates/rbac.yaml new file mode 100644 index 000000000000..65f46137c167 --- /dev/null +++ b/stable/ambassador/templates/rbac.yaml @@ -0,0 +1,40 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + name: {{ include "ambassador.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +rules: + - apiGroups: [""] + resources: + - namespaces + - services + - secrets + verbs: ["get", "list", "watch"] + - apiGroups: [""] + resources: + - configmaps + verbs: ["create", "update", "patch", "get", "list", "watch"] +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + name: {{ include "ambassador.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ include "ambassador.fullname" . }} +subjects: + - name: {{ include "ambassador.serviceAccountName" . }} + namespace: {{ .Release.Namespace | quote }} + kind: ServiceAccount +{{- end -}} diff --git a/stable/ambassador/templates/service.yaml b/stable/ambassador/templates/service.yaml new file mode 100644 index 000000000000..33dd3b41bc27 --- /dev/null +++ b/stable/ambassador/templates/service.yaml @@ -0,0 +1,48 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "ambassador.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- with .Values.service.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + type: {{ .Values.service.type }} + {{- if .Values.service.loadBalancerIP }} + loadBalancerIP: "{{ .Values.service.loadBalancerIP }}" + {{- end }} + {{- if .Values.service.externalTrafficPolicy }} + externalTrafficPolicy: "{{ .Values.service.externalTrafficPolicy }}" + {{- end }} + type: {{ .Values.service.type }} + ports: + {{- if .Values.service.http.enabled }} + - port: {{ .Values.service.http.port }} + targetPort: http + protocol: TCP + name: http + {{- with .Values.service.http.nodePort }} + nodePort: {{ toYaml . }} + {{- end }} + {{- end }} + {{- if .Values.service.https.enabled }} + - port: {{ .Values.service.https.port }} + targetPort: https + protocol: TCP + name: https + {{- with .Values.service.https.nodePort }} + nodePort: {{ toYaml . }} + {{- end }} + {{- end }} + selector: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + {{- with .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{- toYaml . | nindent 4 }} + {{- end }} diff --git a/stable/ambassador/templates/serviceaccount.yaml b/stable/ambassador/templates/serviceaccount.yaml new file mode 100644 index 000000000000..4708472a1f72 --- /dev/null +++ b/stable/ambassador/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "ambassador.serviceAccountName" . }} + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end -}} diff --git a/stable/ambassador/templates/tests/test-ready.yaml b/stable/ambassador/templates/tests/test-ready.yaml new file mode 100644 index 000000000000..73f4bbb94e60 --- /dev/null +++ b/stable/ambassador/templates/tests/test-ready.yaml @@ -0,0 +1,20 @@ +{{- if not .Values.daemonSet }} +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "ambassador.fullname" . }}-test-ready" + labels: + app.kubernetes.io/name: {{ include "ambassador.name" . }} + helm.sh/chart: {{ include "ambassador.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "ambassador.fullname" . }}:{{ .Values.service.http.port }}/ambassador/v0/check_ready'] + restartPolicy: Never +{{- end }} diff --git a/stable/ambassador/values.yaml b/stable/ambassador/values.yaml new file mode 100644 index 000000000000..ed23a06f01e3 --- /dev/null +++ b/stable/ambassador/values.yaml @@ -0,0 +1,137 @@ +# Default values for ambassador. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 +daemonSet: false + +ambassador: + id: default + +namespace: + single: false + # name: default + +# Additional container environment variable +env: + {} + # Exposing statistics via StatsD + # STATSD_ENABLED: true + # STATSD_HOST: statsd-sink + # sets the minimum number of seconds between Envoy restarts + # AMBASSADOR_RESTART_TIME: 15 + # sets the number of seconds that the Envoy will wait for open connections to drain on a restart + # AMBASSADOR_DRAIN_TIME: 5 + # sets the number of seconds that Ambassador will wait for the old Envoy to clean up and exit on a restart + # AMBASSADOR_SHUTDOWN_TIME: 10 + # sets the number of seconds that Ambassador will wait for the old Envoy to clean up and exit on a restart + # AMBASSADOR_SINGLE_NAMESPACE: true + +imagePullSecrets: [] + +securityContext: + runAsUser: 8888 + +image: + repository: quay.io/datawire/ambassador + tag: 0.50.1 + pullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" + +service: + type: LoadBalancer + + # Note that target http ports need to match your ambassador configurations service_port + # https://www.getambassador.io/reference/modules/#the-ambassador-module + http: + enabled: true + port: 80 + targetPort: 8080 + # nodePort: 30080 + + https: + enabled: true + port: 443 + targetPort: 8443 + # nodePort: 30443 + + annotations: + getambassador.io/config: | + --- + apiVersion: ambassador/v1 + kind: Module + name: ambassador + config: + service_port: 8080 + # diagnostics: + # enabled: false + + # externalTrafficPolicy: + # loadBalancerSourceRanges: + # - YOUR_IP_RANGE + +adminService: + create: true + type: ClusterIP + port: 8877 + # NodePort used if type is NodePort + # nodePort: 38877 + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a service account should be created + create: true + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: + +volumes: [] + +volumeMounts: [] + +podAnnotations: + {} + # prometheus.io/scrape: "true" + # prometheus.io/port: "9102" + +resources: + {} + # If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} + +# Enabling the prometheus exporter creates a sidecar and configures ambassador to use it +prometheusExporter: + enabled: false + repository: prom/statsd-exporter + tag: v0.8.1 + pullPolicy: IfNotPresent + # You can configure the statsd exporter to modify the behavior of mappings and other features. + # See documentation: https://github.com/prometheus/statsd_exporter/tree/v0.8.1#metric-mapping-and-configuration + # Uncomment the following line if you wish to specify a custom configuration: + # configuration: | + # --- + # mappings: + # - match: 'envoy.cluster.*.upstream_cx_connect_ms' + # name: "envoy_cluster_upstream_cx_connect_time" + # timer_type: 'histogram' + # labels: + # cluster_name: "$1" + +ambassadorConfig: "" From 84725d0e7921fb75860199fc8f52f2ee58e3d0a4 Mon Sep 17 00:00:00 2001 From: Jake Martin Date: Mon, 11 Feb 2019 16:49:00 -0800 Subject: [PATCH 0127/1586] Cutting version 1.0.0 release for kuberhealthy (#11341) Signed-off-by: Jake Martin --- stable/kuberhealthy/Chart.yaml | 4 ++-- stable/kuberhealthy/README.md | 2 +- stable/kuberhealthy/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/kuberhealthy/Chart.yaml b/stable/kuberhealthy/Chart.yaml index 2fb9795c73f4..7604862064ab 100644 --- a/stable/kuberhealthy/Chart.yaml +++ b/stable/kuberhealthy/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v1 -appVersion: "0.1.1" +appVersion: "1.0.0" home: https://comcast.github.io/kuberhealthy/ description: The official Helm chart for Kuberhealthy. name: kuberhealthy -version: 0.1.2 +version: 1.0.0 maintainers: - name: integrii email: eric.greer@comcast.com diff --git a/stable/kuberhealthy/README.md b/stable/kuberhealthy/README.md index f4a48988e7c2..18d5d9746c21 100644 --- a/stable/kuberhealthy/README.md +++ b/stable/kuberhealthy/README.md @@ -37,7 +37,7 @@ app: name: "kuberhealthy" # what to name the kuberhealthy deployment image: repository: quay.io/comcast/kuberhealthy - tag: 0.1.1 + tag: 1.0.0 resources: requests: cpu: 100m diff --git a/stable/kuberhealthy/values.yaml b/stable/kuberhealthy/values.yaml index e717fd7e4eeb..4934e4c9019b 100644 --- a/stable/kuberhealthy/values.yaml +++ b/stable/kuberhealthy/values.yaml @@ -11,7 +11,7 @@ prometheus: image: repository: quay.io/comcast/kuberhealthy - tag: 0.1.1 + tag: 1.0.0 resources: requests: From 895ef9b7d095ddaace220c2f8230cccf45346eef Mon Sep 17 00:00:00 2001 From: Alexander Awitin Date: Tue, 12 Feb 2019 15:48:47 +0800 Subject: [PATCH 0128/1586] [stable/postgresql] Fix "Can't initialize iptables table 'nat': Permission denied (you must be root)" error when installed on an Istio-enabled cluster. (#11226) Only define the `securityContext` on the main container instead of defining it on the top level `spec` which results into injected containers by Istio inheriting this definition (i.e. istio-init). Related topic: https://github.com/istio/old_issues_repo/issues/316 Signed-off-by: Alexander Awitin --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/templates/statefulset-slaves.yaml | 10 +++++----- stable/postgresql/templates/statefulset.yaml | 10 +++++----- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 6bb649cb3b9f..7675f70b33f9 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.10.1 +version: 3.10.2 appVersion: 10.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml index b3eb95aeda2a..464e5f9bacc7 100644 --- a/stable/postgresql/templates/statefulset-slaves.yaml +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -26,11 +26,6 @@ spec: heritage: {{ .Release.Service | quote }} role: slave spec: - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} @@ -79,6 +74,11 @@ spec: imagePullPolicy: "{{ .Values.image.pullPolicy }}" resources: {{ toYaml .Values.resources | indent 10 }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} env: {{- if .Values.image.debug}} - name: BASH_DEBUG diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index 80d9c2855164..1bd7d1e85698 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -27,11 +27,6 @@ spec: heritage: {{ .Release.Service | quote }} role: master spec: - {{- if .Values.securityContext.enabled }} - securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} - {{- end }} {{- if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} @@ -83,6 +78,11 @@ spec: imagePullPolicy: "{{ .Values.image.pullPolicy }}" resources: {{ toYaml .Values.resources | indent 10 }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} env: {{- if .Values.image.debug}} - name: BASH_DEBUG From 59e13b1249a18382911acd699f9025568bb7a15d Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 12 Feb 2019 09:13:23 +0100 Subject: [PATCH 0129/1586] stable/drupal: update to 8.6.9 (#11330) Signed-off-by: Bitnami Containers --- stable/drupal/Chart.yaml | 4 ++-- stable/drupal/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/drupal/Chart.yaml b/stable/drupal/Chart.yaml index 76628153e9b1..179dd52898a6 100644 --- a/stable/drupal/Chart.yaml +++ b/stable/drupal/Chart.yaml @@ -1,6 +1,6 @@ name: drupal -version: 3.0.5 -appVersion: 8.6.8 +version: 3.0.6 +appVersion: 8.6.9 description: One of the most versatile open source content management systems. keywords: - drupal diff --git a/stable/drupal/values.yaml b/stable/drupal/values.yaml index beb290cbdfaa..1e953f6b2254 100644 --- a/stable/drupal/values.yaml +++ b/stable/drupal/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/drupal - tag: 8.6.8 + tag: 8.6.9 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 88e6c8b1bdf8494ce37eabe62c2e9c52f4c502e8 Mon Sep 17 00:00:00 2001 From: Greg Date: Tue, 12 Feb 2019 11:41:03 +0100 Subject: [PATCH 0130/1586] [stable/mongodb] Fix clusterIP indent in svc-primary-rs (#11238) * [stable/mongodb] Fix clusterIP indent in svc-primary-rs Signed-off-by: gferreux * [stable/mongodb] Bump chart version Signed-off-by: gferreux --- stable/mongodb/Chart.yaml | 2 +- stable/mongodb/templates/svc-primary-rs.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index f762d1cdbcc7..760f5ec1d4c3 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,5 +1,5 @@ name: mongodb -version: 5.3.2 +version: 5.3.3 appVersion: 4.0.6 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: diff --git a/stable/mongodb/templates/svc-primary-rs.yaml b/stable/mongodb/templates/svc-primary-rs.yaml index ccc73ecb353f..e514384900ba 100644 --- a/stable/mongodb/templates/svc-primary-rs.yaml +++ b/stable/mongodb/templates/svc-primary-rs.yaml @@ -14,9 +14,9 @@ metadata: {{- end }} spec: type: {{ .Values.service.type }} - {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} - clusterIP: {{ .Values.service.clusterIP }} - {{- end }} + {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} ports: - name: mongodb port: 27017 From d3e48b81ea314a32556209dab168a20d37f45d62 Mon Sep 17 00:00:00 2001 From: Lucas Bickel Date: Tue, 12 Feb 2019 11:50:08 +0100 Subject: [PATCH 0131/1586] Update Rocketchat to 0.74.2 (#11346) Signed-off-by: Lucas Bickel --- stable/rocketchat/Chart.yaml | 4 ++-- stable/rocketchat/README.md | 2 +- stable/rocketchat/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/rocketchat/Chart.yaml b/stable/rocketchat/Chart.yaml index de0b0c3c2037..64c6988ca0bf 100644 --- a/stable/rocketchat/Chart.yaml +++ b/stable/rocketchat/Chart.yaml @@ -1,6 +1,6 @@ name: rocketchat -version: 0.3.3 -appVersion: 0.74.1 +version: 0.3.4 +appVersion: 0.74.2 description: Prepare to take off with the ultimate chat platform, experience the next level of team communications keywords: diff --git a/stable/rocketchat/README.md b/stable/rocketchat/README.md index 1b12be11f696..4f14d3c6ce99 100644 --- a/stable/rocketchat/README.md +++ b/stable/rocketchat/README.md @@ -20,7 +20,7 @@ $ helm install --set mongodb.mongodbUsername=,mongodb.mongod ### If you want to install another version of rocket.chat image you can set the version like this: ```bash -$ helm install --set mongodb.mongodbUsername=,mongodb.mongodbPassword=,tag=0.74.1 --name my-rocketchat stable/rocketchat +$ helm install --set mongodb.mongodbUsername=,mongodb.mongodbPassword=,tag=0.74.2 --name my-rocketchat stable/rocketchat ``` diff --git a/stable/rocketchat/values.yaml b/stable/rocketchat/values.yaml index 9cc8b2262912..e950f8557d84 100644 --- a/stable/rocketchat/values.yaml +++ b/stable/rocketchat/values.yaml @@ -3,7 +3,7 @@ ## image: repository: rocketchat/rocket.chat - tag: 0.74.1 + tag: 0.74.2 pullPolicy: IfNotPresent ## Host for the application From 3696090b9360398a4b79fcff3623b3c6ced8539b Mon Sep 17 00:00:00 2001 From: Torsten Walter Date: Tue, 12 Feb 2019 12:32:03 +0100 Subject: [PATCH 0132/1586] Merge Sidecard configs (#11339) - renamed Sidecar to Sidecars - moved image, pullPolicy and resources below configAutoReload - renamed SidecarContainers to Master.Sidecars.other - increased chart version Signed-off-by: Torsten Walter --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/README.md | 8 +-- stable/jenkins/templates/config.yaml | 8 +-- stable/jenkins/templates/jcasc_config.yaml | 4 +- .../templates/jenkins-master-deployment.yaml | 34 ++++++------ stable/jenkins/templates/secret.yaml | 2 +- stable/jenkins/values.yaml | 54 +++++++++---------- 7 files changed, 56 insertions(+), 56 deletions(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index c5b521f5385c..1f56ea9ddc23 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.31.0 +version: 0.32.0 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index 192540b92650..dbb4afef0b1b 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -74,7 +74,8 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.Ingress.Path` | Ingress path | Not set | | `Master.Ingress.TLS` | Ingress TLS configuration | `[]` | | `Master.JCasC.ConfigScripts` | List of Jenkins Config as Code scripts | False | -| `Master.Sidecar.configAutoReload` | Jenkins Config as Code auto-reload settings | False | +| `Master.Sidecars.configAutoReload` | Jenkins Config as Code auto-reload settings | False | +| `Master.Sidecars.others` | Configures additional sidecar container(s) for Jenkins master | `{}` | | `Master.InitScripts` | List of Jenkins init scripts | Not set | | `Master.CredentialsXmlSecret` | Kubernetes secret that contains a 'credentials.xml' file | Not set | | `Master.SecretsFilesSecret` | Kubernetes secret that contains 'secrets' files | Not set | @@ -87,7 +88,6 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.Affinity` | Affinity settings | `{}` | | `Master.Tolerations` | Toleration labels for pod assignment | `{}` | | `Master.PodAnnotations` | Annotations for master pod | `{}` | -| `Master.SidecarContainers` | Configures sidecar container(s) for Jenkins master | `{}` | | `Master.CustomConfigMap` | Deprecated: Use a custom ConfigMap | `false` | | `Master.AdditionalConfig` | Deprecated: Add additional config files | `{}` | | `NetworkPolicy.Enabled` | Enable creation of NetworkPolicy resources. | `false` | @@ -241,7 +241,7 @@ ConfigScripts: Further JCasC examples can be found [here.](https://github.com/jenkinsci/configuration-as-code-plugin/tree/master/demos) ### Config as Code with and without auto-reload -Config as Code changes (to Master.JCasC.ConfigScripts) can either force a new pod to be created and only be applied at next startup, or can be auto-reloaded on-the-fly. If you choose `Master.Sidecar.autoConfigReload.enabled: true`, a second, auxiliary container will be installed into the Jenkins master pod, known as a "sidecar". This watches for changes to ConfigScripts, copies the content onto the Jenkins file-system and issues a CLI command via SSH to reload configuration. The admin user (or account you specify in Master.AdminUser) will have a random SSH private key (RSA 4096) assigned unless you specify `Master.OwnSshKey: true`. This will be saved to a k8s secret. You can monitor this sidecar's logs using command `kubectl logs -c jenkins-sc-config -f` +Config as Code changes (to Master.JCasC.ConfigScripts) can either force a new pod to be created and only be applied at next startup, or can be auto-reloaded on-the-fly. If you choose `Master.Sidecars.autoConfigReload.enabled: true`, a second, auxiliary container will be installed into the Jenkins master pod, known as a "sidecar". This watches for changes to ConfigScripts, copies the content onto the Jenkins file-system and issues a CLI command via SSH to reload configuration. The admin user (or account you specify in Master.AdminUser) will have a random SSH private key (RSA 4096) assigned unless you specify `Master.OwnSshKey: true`. This will be saved to a k8s secret. You can monitor this sidecar's logs using command `kubectl logs -c jenkins-sc-config -f` ### Auto-reload with non-Jenkins identities When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist. Since the admin account is used by the sidecar to reload config, in order to use auto-reload, you must change the .Master.AdminUser to a valid username on your LDAP (or other) server. If you use the matrix-auth plugin, this user must also be granted Overall\Administer rights in Jenkins. Failure to do this will cause the sidecar container to fail to authenticate via SSH and enter a restart loop. You can enable LDAP using the example above and add a Config as Code block for matrix security that includes: @@ -254,7 +254,7 @@ ConfigScripts: grantedPermissions: - "Overall/Administer:" ``` -You can instead grant this permission via the UI. When this is done, you can set `Master.Sidecar.configAutoReload.enabled: true` and upon the next Helm upgrade, auto-reload will be successfully enabled. +You can instead grant this permission via the UI. When this is done, you can set `Master.Sidecars.configAutoReload.enabled: true` and upon the next Helm upgrade, auto-reload will be successfully enabled. ## RBAC diff --git a/stable/jenkins/templates/config.yaml b/stable/jenkins/templates/config.yaml index 3db7695c3700..0be426866ada 100644 --- a/stable/jenkins/templates/config.yaml +++ b/stable/jenkins/templates/config.yaml @@ -246,7 +246,7 @@ data: {{- if .Values.Master.ScriptApproval }} yes n | cp -i /var/jenkins_config/scriptapproval.xml /var/jenkins_home/scriptApproval.xml; {{- end }} -{{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecar.configAutoReload.enabled) }} +{{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecars.configAutoReload.enabled) }} {{- if not .Values.Master.InitScripts }} mkdir -p /var/jenkins_home/init.groovy.d/; yes n | cp -i /var/jenkins_config/*.groovy /var/jenkins_home/init.groovy.d/; @@ -257,7 +257,7 @@ data: yes n | cp -i /var/jenkins_config/*.groovy /var/jenkins_home/init.groovy.d/; {{- end }} {{- if .Values.Master.JCasC.enabled }} - {{- if .Values.Master.Sidecar.configAutoReload.enabled }} + {{- if .Values.Master.Sidecars.configAutoReload.enabled }} bash -c 'ssh-keygen -y -f <(echo "${ADMIN_PRIVATE_KEY}") > /var/jenkins_home/key.pub' {{- else }} mkdir -p /var/jenkins_home/casc_configs; @@ -282,7 +282,7 @@ data: {{ $val | indent 4 }} {{- end }} {{- if .Values.Master.JCasC.enabled }} - {{- if .Values.Master.Sidecar.configAutoReload.enabled }} + {{- if .Values.Master.Sidecars.configAutoReload.enabled }} init-add-ssh-key-to-admin.groovy: |- import jenkins.security.* import hudson.model.User @@ -295,7 +295,7 @@ data: u.addProperty(keys_param) def inst = Jenkins.getInstance() def sshDesc = inst.getDescriptor("org.jenkinsci.main.modules.sshd.SSHD") - sshDesc.setPort({{ .Values.Master.Sidecar.configAutoReload.sshTcpPort | default 1044 }}) + sshDesc.setPort({{ .Values.Master.Sidecars.configAutoReload.sshTcpPort | default 1044 }}) sshDesc.getActualPort() sshDesc.save() {{- else }} diff --git a/stable/jenkins/templates/jcasc_config.yaml b/stable/jenkins/templates/jcasc_config.yaml index 2b9ed47f1e67..13a8850c14a9 100644 --- a/stable/jenkins/templates/jcasc_config.yaml +++ b/stable/jenkins/templates/jcasc_config.yaml @@ -1,5 +1,5 @@ {{- $root := . }} -{{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecar.configAutoReload.enabled) }} +{{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecars.configAutoReload.enabled) }} {{- range $key, $val := .Values.Master.JCasC.ConfigScripts }} --- apiVersion: v1 @@ -7,7 +7,7 @@ kind: ConfigMap metadata: name: jenkins-config-{{ template "jenkins.fullname" $root }}-{{ $key }} labels: - {{ $.Values.Master.Sidecar.configAutoReload.label | default "jenkins_config" }}: "true" + {{ $.Values.Master.Sidecars.configAutoReload.label | default "jenkins_config" }}: "true" release: {{ $root.Release.Name }} chart: "{{ $root.Chart.Name }}-{{ $root.Chart.Version }}" component: "{{ $root.Release.Name }}-{{ $.Values.Master.Name }}" diff --git a/stable/jenkins/templates/jenkins-master-deployment.yaml b/stable/jenkins/templates/jenkins-master-deployment.yaml index 6f53bd3f447f..2a976568b4f7 100644 --- a/stable/jenkins/templates/jenkins-master-deployment.yaml +++ b/stable/jenkins/templates/jenkins-master-deployment.yaml @@ -78,7 +78,7 @@ spec: secretKeyRef: name: {{ template "jenkins.fullname" . }} key: jenkins-admin-user - {{- if or (.Values.Master.OwnSshKey) (.Values.Master.Sidecar.configAutoReload.enabled) }} + {{- if or (.Values.Master.OwnSshKey) (.Values.Master.Sidecars.configAutoReload.enabled) }} {{- if .Values.Master.JCasC.enabled }} - name: ADMIN_PRIVATE_KEY valueFrom: @@ -130,21 +130,21 @@ spec: mountPath: /usr/share/jenkins/ref/secrets/ name: secrets-dir containers: -{{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecar.configAutoReload.enabled) }} +{{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecars.configAutoReload.enabled) }} - name: {{ template "jenkins.name" . }}-sc-config - image: "{{ .Values.Master.Sidecar.image }}" - imagePullPolicy: {{ .Values.Master.Sidecar.imagePullPolicy }} + image: "{{ .Values.Master.Sidecars.configAutoReload.image }}" + imagePullPolicy: {{ .Values.Master.Sidecars.configAutoReload.imagePullPolicy }} env: - name: JENKINSRELOADCONFIG value: "true" - name: LABEL - value: "{{ .Values.Master.Sidecar.configAutoReload.label }}" + value: "{{ .Values.Master.Sidecars.configAutoReload.label }}" - name: FOLDER - value: "{{ .Values.Master.Sidecar.configAutoReload.folder }}" + value: "{{ .Values.Master.Sidecars.configAutoReload.folder }}" - name: NAMESPACE - value: "{{ .Values.Master.Sidecar.configAutoReload.searchNamespace }}" + value: "{{ .Values.Master.Sidecars.configAutoReload.searchNamespace }}" - name: SSH_PORT - value: "{{ .Values.Master.Sidecar.configAutoReload.sshTcpPort }}" + value: "{{ .Values.Master.Sidecars.configAutoReload.sshTcpPort }}" - name: JENKINS_PORT value: "{{ .Values.Master.ServicePort }}" {{- if .Values.Master.UseSecurity }} @@ -153,7 +153,7 @@ spec: secretKeyRef: name: {{ template "jenkins.fullname" . }} key: jenkins-admin-user - {{- if or (.Values.Master.OwnSshKey) (.Values.Master.Sidecar.configAutoReload.enabled) }} + {{- if or (.Values.Master.OwnSshKey) (.Values.Master.Sidecars.configAutoReload.enabled) }} {{- if .Values.Master.JCasC.enabled }} - name: ADMIN_PRIVATE_KEY valueFrom: @@ -164,10 +164,10 @@ spec: {{- end }} {{- end }} resources: -{{ toYaml .Values.Master.Sidecar.resources | indent 12 }} +{{ toYaml .Values.Master.Sidecars.configAutoReload.resources | indent 12 }} volumeMounts: - name: sc-config-volume - mountPath: {{ .Values.Master.Sidecar.configAutoReload.folder | quote }} + mountPath: {{ .Values.Master.Sidecars.configAutoReload.folder | quote }} - name: jenkins-home mountPath: /var/jenkins_home {{- if .Values.Persistence.SubPath }} @@ -196,7 +196,7 @@ spec: secretKeyRef: name: {{ template "jenkins.fullname" . }} key: jenkins-admin-user - {{- if or (.Values.Master.OwnSshKey) (.Values.Master.Sidecar.configAutoReload.enabled) }} + {{- if or (.Values.Master.OwnSshKey) (.Values.Master.Sidecars.configAutoReload.enabled) }} {{- if .Values.Master.JCasC.enabled }} - name: ADMIN_PRIVATE_KEY valueFrom: @@ -211,7 +211,7 @@ spec: {{- end }} {{- if .Values.Master.JCasC.enabled }} - name: CASC_JENKINS_CONFIG - value: {{ .Values.Master.Sidecar.configAutoReload.folder | default "/var/jenkins_home/casc_configs" | quote }} + value: {{ .Values.Master.Sidecars.configAutoReload.folder | default "/var/jenkins_home/casc_configs" | quote }} {{- end }} ports: - containerPort: 8080 @@ -295,12 +295,12 @@ spec: mountPath: /usr/share/jenkins/ref/secrets/ name: secrets-dir readOnly: false -{{- if .Values.Master.SidecarContainers}} -{{ tpl (toYaml .Values.Master.SidecarContainers | indent 8) .}} +{{- if .Values.Master.Sidecars.other}} +{{ tpl (toYaml .Values.Master.Sidecars.other | indent 8) .}} {{- end }} - {{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecar.configAutoReload.enabled) }} + {{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecars.configAutoReload.enabled) }} - name: sc-config-volume - mountPath: {{ .Values.Master.Sidecar.configAutoReload.folder | default "/var/jenkins_home/casc_configs" | quote }} + mountPath: {{ .Values.Master.Sidecars.configAutoReload.folder | default "/var/jenkins_home/casc_configs" | quote }} {{- end }} volumes: {{- if .Values.Persistence.volumes }} diff --git a/stable/jenkins/templates/secret.yaml b/stable/jenkins/templates/secret.yaml index 8642ad30391b..edf1250b2bb4 100644 --- a/stable/jenkins/templates/secret.yaml +++ b/stable/jenkins/templates/secret.yaml @@ -15,7 +15,7 @@ data: {{ else }} jenkins-admin-password: {{ randAlphaNum 10 | b64enc | quote }} {{ end }} - {{ if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecar.configAutoReload.enabled) }} + {{ if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecars.configAutoReload.enabled) }} {{ if not .Values.Master.OwnSshKey }} {{ ( include "jenkins.gen-key" . ) }} {{ end }} diff --git a/stable/jenkins/values.yaml b/stable/jenkins/values.yaml index 65754ba0e162..287841ea8d1b 100644 --- a/stable/jenkins/values.yaml +++ b/stable/jenkins/values.yaml @@ -178,22 +178,22 @@ Master: jenkins: systemMessage: Welcome to our CI\CD server. This Jenkins is configured and managed 'as code'. - Sidecar: - image: shadwell/k8s-sidecar:0.0.2 - imagePullPolicy: IfNotPresent - resources: - # limits: - # cpu: 100m - # memory: 100Mi - # requests: - # cpu: 50m - # memory: 50Mi + Sidecars: configAutoReload: # If enabled: true, Jenkins Configuration as Code will be reloaded on-the-fly without a reboot. If false or not-specified, # jcasc changes will cause a reboot and will only be applied at the subsequent start-up. Auto-reload uses the Jenkins CLI # over SSH to reapply config when changes to the ConfigScripts are detected. The admin user (or account you specify in # Master.AdminUser) will have a random SSH private key (RSA 4096) assigned unless you specify OwnSshKey: true. This will be saved to a k8s secret. enabled: false + image: shadwell/k8s-sidecar:0.0.2 + imagePullPolicy: IfNotPresent + resources: + # limits: + # cpu: 100m + # memory: 100Mi + # requests: + # cpu: 50m + # memory: 50Mi # SSH port value can be set to any unused TCP port. The default, 1044, is a non-standard SSH port that has been chosen at random. # Is only used to reload jcasc config from the sidecar container running in the Jenkins master pod. # This TCP port will not be open in the pod (unless you specifically configure this), so Jenkins will not be @@ -209,6 +209,23 @@ Master: # It's also possible to specify ALL to search in all namespaces: # searchNamespace: + # Allows you to inject additional/other sidecars + other: + ## The example below runs the client for https://smee.io as sidecar container next to Jenkins, + ## that allows to trigger build behind a secure firewall. + ## https://jenkins.io/blog/2019/01/07/webhook-firewalls/#triggering-builds-with-webhooks-behind-a-secure-firewall + ## + ## Note: To use it you should go to https://smee.io/new and update the url to the generete one. + # - name: smee + # image: docker.io/twalter/smee-client:1.0.2 + # args: ["--port", "{{ .Values.Master.ServicePort }}", "--path", "/github-webhook/", "--url", "https://smee.io/new"] + # resources: + # limits: + # cpu: 50m + # memory: 128Mi + # requests: + # cpu: 10m + # memory: 32Mi # Node labels and tolerations for pod assignment # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature @@ -237,23 +254,6 @@ Master: # - jenkins.cluster.local AdditionalConfig: {} - SidecarContainers: - ## The example below runs the client for https://smee.io as sidecar container next to Jenkins, - ## that allows to trigger build behind a secure firewall. - ## https://jenkins.io/blog/2019/01/07/webhook-firewalls/#triggering-builds-with-webhooks-behind-a-secure-firewall - ## - ## Note: To use it you should go to https://smee.io/new and update the url to the generete one. - # - name: smee - # image: docker.io/twalter/smee-client:1.0.2 - # args: ["--port", "{{ .Values.Master.ServicePort }}", "--path", "/github-webhook/", "--url", "https://smee.io/new"] - # resources: - # limits: - # cpu: 50m - # memory: 128Mi - # requests: - # cpu: 10m - # memory: 32Mi - Agent: Enabled: true Image: jenkins/jnlp-slave From dea84cfd139f0e7bd7721abfa53e4853c1379c0a Mon Sep 17 00:00:00 2001 From: Don Bowman Date: Tue, 12 Feb 2019 07:10:27 -0500 Subject: [PATCH 0133/1586] [stable/oauth2-proxy] Bump default image to version 3.1.0 for TLS updates (#11338) The 3.0.0 container by default has older TLS ca certificates causing issues on GKE environment. Resolve by moving to 3.1.0. Signed-off-by: Don Bowman --- stable/oauth2-proxy/Chart.yaml | 4 ++-- stable/oauth2-proxy/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/oauth2-proxy/Chart.yaml b/stable/oauth2-proxy/Chart.yaml index f3eb1bf082a2..ccb1824907e2 100644 --- a/stable/oauth2-proxy/Chart.yaml +++ b/stable/oauth2-proxy/Chart.yaml @@ -1,7 +1,7 @@ name: oauth2-proxy -version: 0.8.0 +version: 0.9.0 apiVersion: v1 -appVersion: 3.0.0 +appVersion: 3.1.0 home: http://www.videntity.com/ description: A reverse proxy that provides authentication with Google, Github or other providers keywords: diff --git a/stable/oauth2-proxy/values.yaml b/stable/oauth2-proxy/values.yaml index 681c1e79c7bb..e20c3ddd01e1 100644 --- a/stable/oauth2-proxy/values.yaml +++ b/stable/oauth2-proxy/values.yaml @@ -18,7 +18,7 @@ config: image: repository: "quay.io/pusher/oauth2_proxy" - tag: "v3.0.0" + tag: "v3.1.0" pullPolicy: "IfNotPresent" # Optionally specify an array of imagePullSecrets. From 5bde35fa9d0c59927b410273c8cbfac3f0642c32 Mon Sep 17 00:00:00 2001 From: Naseem Date: Tue, 12 Feb 2019 07:23:30 -0500 Subject: [PATCH 0134/1586] Update image (#11314) Signed-off-by: Naseem Ullah --- stable/prometheus-redis-exporter/Chart.yaml | 4 ++-- stable/prometheus-redis-exporter/README.md | 2 +- stable/prometheus-redis-exporter/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/prometheus-redis-exporter/Chart.yaml b/stable/prometheus-redis-exporter/Chart.yaml index cef664e4e12f..8469e7cc30bc 100644 --- a/stable/prometheus-redis-exporter/Chart.yaml +++ b/stable/prometheus-redis-exporter/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 0.25.0 +appVersion: 0.28.0 description: Prometheus exporter for Redis metrics name: prometheus-redis-exporter -version: 1.0.1 +version: 1.0.2 home: https://github.com/oliver006/redis_exporter sources: - https://github.com/oliver006/redis_exporter diff --git a/stable/prometheus-redis-exporter/README.md b/stable/prometheus-redis-exporter/README.md index b0a807c3c025..3c5feb61d359 100644 --- a/stable/prometheus-redis-exporter/README.md +++ b/stable/prometheus-redis-exporter/README.md @@ -44,7 +44,7 @@ The following table lists the configurable parameters and their default values. | ---------------------- | --------------------------------------------------- | ------------------------- | | `replicaCount` | desired number of prometheus-redis-exporter pods | `1` | | `image.repository` | prometheus-redis-exporter image repository | `oliver006/redis_exporter`| -| `image.tag` | prometheus-redis-exporter image tag | `v0.25.0` | +| `image.tag` | prometheus-redis-exporter image tag | `v0.28.0` | | `image.pullPolicy` | image pull policy | `IfNotPresent` | | `extraArgs` | extra arguments for the binary; possible values [here](https://github.com/oliver006/redis_exporter#flags)| {} | `env` | additional environment variables in YAML format. Can be used to pass credentials as env variables (via secret) as per the image readme [here](https://github.com/oliver006/redis_exporter#environment-variables) | {} | diff --git a/stable/prometheus-redis-exporter/values.yaml b/stable/prometheus-redis-exporter/values.yaml index f42021a83a47..ea0869f14207 100644 --- a/stable/prometheus-redis-exporter/values.yaml +++ b/stable/prometheus-redis-exporter/values.yaml @@ -13,7 +13,7 @@ serviceAccount: replicaCount: 1 image: repository: oliver006/redis_exporter - tag: v0.25.0 + tag: v0.28.0 pullPolicy: IfNotPresent extraArgs: {} # Additional Environment variables From 5abf03b914f25ea34515264816ca50f80afe1430 Mon Sep 17 00:00:00 2001 From: ahmadali shafiee Date: Tue, 12 Feb 2019 16:16:59 +0330 Subject: [PATCH 0135/1586] [stable/mattermost] using team edition's push server (#11348) * using team edition's push server Signed-off-by: ahmadali shafiee * bumping chart version Signed-off-by: ahmadali shafiee * minor version change Signed-off-by: ahmadali shafiee Co-Authored-By: ahmadalli Signed-off-by: Carlos Panato --- stable/mattermost-team-edition/Chart.yaml | 2 +- stable/mattermost-team-edition/templates/config.tpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/mattermost-team-edition/Chart.yaml b/stable/mattermost-team-edition/Chart.yaml index 09e45c218ee3..bdf6a6d919ee 100644 --- a/stable/mattermost-team-edition/Chart.yaml +++ b/stable/mattermost-team-edition/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Mattermost Team Edition server. name: mattermost-team-edition -version: 2.2.1 +version: 2.2.2 appVersion: 5.7.1 keywords: - mattermost diff --git a/stable/mattermost-team-edition/templates/config.tpl b/stable/mattermost-team-edition/templates/config.tpl index 1996afc11e35..ebff087282c4 100644 --- a/stable/mattermost-team-edition/templates/config.tpl +++ b/stable/mattermost-team-edition/templates/config.tpl @@ -155,7 +155,7 @@ "ConnectionSecurity": {{ .Values.config.smtpConnection | default "" | quote }}, "InviteSalt": "{{ randAlphaNum 32 }}", "SendPushNotifications": true, - "PushNotificationServer": "https://push.mattermost.com", + "PushNotificationServer": "https://push-test.mattermost.com", "PushNotificationContents": "generic", "EnableEmailBatching": false, "EmailBatchingBufferSize": 256, From 80d85c7ed2b1206408c2de7ce365ade3cf0a2502 Mon Sep 17 00:00:00 2001 From: Maxime Guyot Date: Tue, 12 Feb 2019 13:47:09 +0100 Subject: [PATCH 0136/1586] Update README of stable/oauth2_proxy (#11349) Signed-off-by: Maxime Guyot --- stable/oauth2-proxy/Chart.yaml | 2 +- stable/oauth2-proxy/README.md | 6 ++---- 2 files changed, 3 insertions(+), 5 deletions(-) diff --git a/stable/oauth2-proxy/Chart.yaml b/stable/oauth2-proxy/Chart.yaml index ccb1824907e2..2b47e39c231e 100644 --- a/stable/oauth2-proxy/Chart.yaml +++ b/stable/oauth2-proxy/Chart.yaml @@ -1,5 +1,5 @@ name: oauth2-proxy -version: 0.9.0 +version: 0.9.1 apiVersion: v1 appVersion: 3.1.0 home: http://www.videntity.com/ diff --git a/stable/oauth2-proxy/README.md b/stable/oauth2-proxy/README.md index 7af5970cc13a..e42f46a3bd08 100644 --- a/stable/oauth2-proxy/README.md +++ b/stable/oauth2-proxy/README.md @@ -2,8 +2,6 @@ [oauth2-proxy](https://github.com/pusher/oauth2_proxy) is a reverse proxy and static file server that provides authentication using Providers (Google, GitHub, and others) to validate accounts by email, domain or group. -**Note - at this time, there is a known incompatibility between `oauth2-proxy` version 2.2 (which is its latest release) and `nginx-ingress` versions >= 0.9beta12. To utilize this chart at this time please use nginx-ingress version 0.9beta11** - ## TL;DR; ```console @@ -51,8 +49,8 @@ Parameter | Description | Default `config.existingSecret` | existing Kubernetes secret to use for OAuth2 credentials. See [secret template](https://github.com/helm/charts/blob/master/stable/oauth2-proxy/templates/secret.yaml) for the required values | `nil` `extraArgs` | key:value list of extra arguments to give the binary | `{}` `image.pullPolicy` | Image pull policy | `IfNotPresent` -`image.repository` | Image repository | `a5huynh/oauth2_proxy` -`image.tag` | Image tag | `2.2` +`image.repository` | Image repository | `quay.io/pusher/oauth2_proxy` +`image.tag` | Image tag | `v3.1.0` `imagePullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) `ingress.enabled` | enable ingress | `false` `nodeSelector` | node labels for pod assignment | `{}` From 4df52d5628e776d943ba59cabf975907302317a8 Mon Sep 17 00:00:00 2001 From: Jan Brauer Date: Tue, 12 Feb 2019 14:55:05 +0100 Subject: [PATCH 0137/1586] Remove duplicate line (#11322) Signed-off-by: Jan Brauer --- stable/concourse/Chart.yaml | 2 +- stable/concourse/templates/web-deployment.yaml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/stable/concourse/Chart.yaml b/stable/concourse/Chart.yaml index 4adda3d39fab..5f81dce9a20e 100644 --- a/stable/concourse/Chart.yaml +++ b/stable/concourse/Chart.yaml @@ -1,5 +1,5 @@ name: concourse -version: 3.7.2 +version: 3.7.3 appVersion: 4.2.2 description: Concourse is a simple and scalable CI system. icon: https://avatars1.githubusercontent.com/u/7809479 diff --git a/stable/concourse/templates/web-deployment.yaml b/stable/concourse/templates/web-deployment.yaml index 209cac97bea4..5c5440edb093 100644 --- a/stable/concourse/templates/web-deployment.yaml +++ b/stable/concourse/templates/web-deployment.yaml @@ -80,7 +80,6 @@ spec: {{- else }} {{- if .Values.concourse.web.externalUrl }} - name: CONCOURSE_EXTERNAL_URL - value: value: {{ .Values.concourse.web.externalUrl | quote }} {{- end }} {{- end }} From 4d83b646dc20e55e274b39901f111cb5f1275d98 Mon Sep 17 00:00:00 2001 From: Alen Komljen Date: Tue, 12 Feb 2019 15:54:20 +0100 Subject: [PATCH 0138/1586] Add initial version of Sematext agent chart (#10202) * Add initial version of Sematext agent chart Signed-off-by: Alen Komljen * Set home to chart metadata Signed-off-by: Alen Komljen * Update maintainer name Signed-off-by: Alen Komljen * Address a few minor issues and improve the readme Signed-off-by: Alen Komljen --- stable/sematext-agent/.helmignore | 21 ++ stable/sematext-agent/Chart.yaml | 17 ++ stable/sematext-agent/OWNERS | 4 + stable/sematext-agent/README.md | 77 +++++++ stable/sematext-agent/files/autodisco.yml | 212 ++++++++++++++++++ stable/sematext-agent/templates/NOTES.txt | 51 +++++ stable/sematext-agent/templates/_helpers.tpl | 43 ++++ .../sematext-agent/templates/clusterrole.yaml | 40 ++++ .../templates/clusterrolebinding.yaml | 19 ++ .../templates/configmap-agent-autodisco.yaml | 13 ++ .../templates/configmap-agent.yaml | 27 +++ .../templates/configmap-logagent.yaml | 17 ++ .../sematext-agent/templates/daemonset.yaml | 140 ++++++++++++ stable/sematext-agent/templates/secret.yaml | 13 ++ stable/sematext-agent/templates/service.yaml | 19 ++ .../templates/serviceaccount.yaml | 11 + stable/sematext-agent/values.yaml | 63 ++++++ 17 files changed, 787 insertions(+) create mode 100644 stable/sematext-agent/.helmignore create mode 100644 stable/sematext-agent/Chart.yaml create mode 100644 stable/sematext-agent/OWNERS create mode 100644 stable/sematext-agent/README.md create mode 100644 stable/sematext-agent/files/autodisco.yml create mode 100644 stable/sematext-agent/templates/NOTES.txt create mode 100644 stable/sematext-agent/templates/_helpers.tpl create mode 100644 stable/sematext-agent/templates/clusterrole.yaml create mode 100644 stable/sematext-agent/templates/clusterrolebinding.yaml create mode 100644 stable/sematext-agent/templates/configmap-agent-autodisco.yaml create mode 100644 stable/sematext-agent/templates/configmap-agent.yaml create mode 100644 stable/sematext-agent/templates/configmap-logagent.yaml create mode 100644 stable/sematext-agent/templates/daemonset.yaml create mode 100644 stable/sematext-agent/templates/secret.yaml create mode 100644 stable/sematext-agent/templates/service.yaml create mode 100644 stable/sematext-agent/templates/serviceaccount.yaml create mode 100644 stable/sematext-agent/values.yaml diff --git a/stable/sematext-agent/.helmignore b/stable/sematext-agent/.helmignore new file mode 100644 index 000000000000..f0c131944441 --- /dev/null +++ b/stable/sematext-agent/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/stable/sematext-agent/Chart.yaml b/stable/sematext-agent/Chart.yaml new file mode 100644 index 000000000000..b2d6592cd1f7 --- /dev/null +++ b/stable/sematext-agent/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +appVersion: "1.0" +version: 1.0.1 +description: Helm chart for deploying Sematext Agent to Kubernetes +keywords: + - sematext + - observability + - monitoring + - logging + - containers + - ebpf +home: https://sematext.com/cloud +icon: https://sematext.com/wp-content/uploads/2017/09/octi-square-logo-200x200-2.png +maintainers: + - name: komljen + email: alen.komljen@sematext.com +name: sematext-agent diff --git a/stable/sematext-agent/OWNERS b/stable/sematext-agent/OWNERS new file mode 100644 index 000000000000..05497764bb2c --- /dev/null +++ b/stable/sematext-agent/OWNERS @@ -0,0 +1,4 @@ +approvers: +- komljen +reviewers: +- komljen diff --git a/stable/sematext-agent/README.md b/stable/sematext-agent/README.md new file mode 100644 index 000000000000..896ab7dd6b08 --- /dev/null +++ b/stable/sematext-agent/README.md @@ -0,0 +1,77 @@ +# Sematext Agent + +Sematext Agent collects metrics about hosts (CPU, memory, disk, network, processes), containers (both Docker and rkt) and orchestrator platforms and ships that to [Sematext Cloud](https://sematext.com/cloud). Sematext Cloud is available in the US and EU regions. + +## Introduction + +This chart installs the Sematext Agent to all nodes in your cluster via a `DaemonSet` resource. + +## Prerequisites + +- Kubernetes 1.9+ +- You need to create [a new Docker app in Sematext Cloud](https://apps.sematext.com/ui/integrations/create/docker) to get relevant tokens + +## Installation + +To install the chart run the following command: + +```bash +$ helm install --name release_name \ + --set containerToken=YOUR_CONTAINER_TOKEN,logsToken=YOUR_LOGS_TOKEN stable/sematext-agent +``` + +After a few minutes, you should see logs, metrics, and events reported in Sematext web UI. + +**NOTE:** If you want to use Sematext in EU region set the region as well `--set region=EU`. Also, it is worth mentioning that the agent is running as a privileged container. + +## Deleting + +To uninstall the chart delete `release_name` deployment: + +```bash +$ helm delete --purge release_name +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configuration parameters of the `sematext-agent` chart and default values. + +| Parameter | Description | Default | +|-------------------------------|--------------------------------------|-------------------------------------------| +| `containerToken` | Sematext Container token | `Nil` Provide your Container token | +| `logsToken` | Sematext Logs token | `Nil` Provide your Logs token | +| `region` | Sematext region | `US` Sematext US or EU region | +| `agent.image.repository` | The image repository | `sematext/agent` | +| `agent.image.tag` | The image tag | `latest` | +| `agent.image.pullPolicy` | Image pull policy | `Always` | +| `agent.service.port` | Service port | `80` | +| `agent.service.type` | Service type | `ClusterIP` | +| `agent.resources` | Agent resources | `{}` | +| `logagent.image.repository` | The image repository | `sematext/logagent` | +| `logagent.image.tag` | The image tag | `latest` | +| `logagent.image.pullPolicy` | Image pull policy | `Always` | +| `logagent.resources` | Logagent resources | `{}` | +| `customUrl.metricsServer` | Custom endpoint for Metrics receiver | `Nil` | +| `customUrl.logsServer` | Custom endpoint for Logs receiver | `Nil` | +| `customUrl.eventServer` | Custom endpoint for Event receiver | `Nil` | +| `serviceAccount.create` | Create a service account | `true` | +| `serviceAccount.name` | Service account name | `Nil` Defaults to chart name | +| `rbac.create` | RBAC enabled | `true` | +| `tolerations` | Tolerations | `[]` | +| `nodeSelector` | Node selector | `{}` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: + +```bash +$ helm install --name release_name \ + --set containerToken=YOUR_CONTAINER_TOKEN \ + stable/sematext-agent +``` + +Alternatively, you can use a YAML file that specifies the values while installing the chart. For example: + +```bash +$ helm install --name release_name -f custom_values.yaml stable/sematext-agent +``` diff --git a/stable/sematext-agent/files/autodisco.yml b/stable/sematext-agent/files/autodisco.yml new file mode 100644 index 000000000000..af7d54552265 --- /dev/null +++ b/stable/sematext-agent/files/autodisco.yml @@ -0,0 +1,212 @@ +# ======================================================== +# Definition of autodiscovery patterns +# ======================================================== + +# The top level element identifies the app type. +# The value of this element is used by AA to correctly +# setup the corresponding agent. Then we have a number +# of attributes that determines whether certain app is +# discovered as such. Firstly, the `process` accepts a +# regular expression pattern to identify process's image +# name that originated the event and is susceptible for +# classification. +# Then, we have `args` that represents the regular expression +# used to match the tokens from process's command line. The +# sequence of well-known ports is also used as an advice to +# autodisco machinery that specific service could expose these +# ports. The Infra agent also sends requests to these ports +# in order to get additional meta info. + + +# Finally, `labels` attribute provides custom key-value pairs +# that are attached as container labels/env vars. The naming +# of some of them might be specific to AA framework and thus +# are used by itself. + +# You can use any valid go template (https://golang.org/pkg/text/template/) +# construct inside yaml file. You can access command line args +# or discovered ports like this: +# +# labels: +# cmdline: "{{ .Args}}" +# +# For instance to get the container id or container name you +# would use the following go template action. Please note that built-in `isset` +# function is used to ensure container details are present since some +# apps can be discovered in the VM or baremetal host and thus lack container +# meta. +# +# labels: +# container.name: '{{if isset .ContainerInfo "Name"}}{{ .ContainerInfo.Name }}{{end}}' +# container.id: '{{if isset .ContainerInfo "ID"}}{{ .ContainerInfo.ID }}{{end}}' + +# You can also query app meta info through `Meta` field. For example, to get +# the version of nginx server use '{{if isset .Meta "Version"}}{{ .Meta.Version }}{{end}}' +# in `labels` section. + +# To pull secrets that are attached to containers use '{{index .Secrets "SECRET_NAME"}}' + +cassandra: + process: java + args: .*org.apache.cassandra.service.CassandraDaemon.* + ports: + - 7199 + - 7000 + - 7001 + - 9160 + - 9042 + +clickhouse: + process: clickhouse-.* + args: clickhouse-server --config=.* + ports: + - 8123 + - 9000 + - 9009 + labels: + SPM_MONITOR_CLICKHOUSE_DB_HOST_PORT: "{{ .IP }}:8123" + SPM_MONITOR_CLICKHOUSE_DB_USER: + SPM_MONITOR_CLICKHOUSE_DB_PASSWORD: + +es: + process: java + args: .*org.elasticsearch.bootstrap.Elasticsearch.* + ports: + - 9200 + - 9300 + - 9201 + - 9202 + - 9301 + - 9302 + +haproxy: + process: haproxy + args: .*haproxy.*haproxy.cfg.*-p + +httpd: + process: httpd + args: httpd-*D* + ports: + - 80 + - 443 + - 8080 + - 8443 + +kafka: + process: java + args: kafka.Kafka .*server\.properties + ports: + - 9092 + +mongodb: + process: mongod|listener|conn\d+ + args: mongod.*|listener|conn\d+ + ports: + - 27017 + +mysql: + process: mysqld + args: mysqld.* + ports: + - 3306 + +nginx: + process: nginx + args: "nginx: master process.*|nginx: worker process.*|nginx -g daemon off.*" + ports: + - 80 + - 443 + - 8080 + - 8443 + labels: + container.name: '{{if isset .ContainerInfo "Name"}}{{ .ContainerInfo.Name }}{{end}}' + container.id: '{{if isset .ContainerInfo "ID"}}{{ .ContainerInfo.ID }}{{end}}' + version: '{{if isset .Meta "Version"}}{{ .Meta.Version }}{{end}}' + +redis: + process: redis-server + args: redis-server .* + ports: + - 6379 + +solr: + process: java + args: .*-Dsolr.solr.home.*|.*-Dsolr.install.dir.* + ports: + - 8983 + - 7983 + +spark-master: + process: java + args: .*org.apache.spark.deploy.master.Master.* + ports: + - 7707 + - 4040 + +spark-worker: + process: java + args: .*org.apache.spark.deploy.worker.Worker.* + ports: + - 7707 + - 4040 + +spark-driver: + process: java + args: .*org.apache.spark.deploy.SparkSubmit.*--deploy-mode client.*|.*org.apache.spark.deploy.worker.DriverWrapper.* + ports: + - 7707 + - 4040 + +spark-executor: + process: java + args: .*org.apache.spark.executor.CoarseGrainedExecutorBackend.* + ports: + - 7707 + - 4040 + +storm-nimbus: + process: java + args: .*org.apache.storm.daemon.nimbus.* + ports: + - 6627 + - 6700 + - 6701 + - 6702 + - 6703 + +storm-supervisor: + process: java + args: .*org.apache.storm.daemon.supervisor.Supervisor.* + ports: + - 6627 + - 6700 + - 6701 + - 6702 + - 6703 + +storm-worker: + process: java + args: .*org.apache.storm.daemon.worker.* + ports: + - 6627 + - 6700 + - 6701 + - 6702 + - 6703 + +tomcat: + process: java + args: .*catalina.*org.apache.catalina.startup.Bootstrap.* + ports: + - 80 + - 443 + - 8080 + - 8443 + +zookeeper: + process: java + args: .*-Dzookeeper.log.dir.*|.*org.apache.zookeeper.server.quorum.QuorumPeerMain.* + ports: + - 2181 + - 2888 + - 3888 \ No newline at end of file diff --git a/stable/sematext-agent/templates/NOTES.txt b/stable/sematext-agent/templates/NOTES.txt new file mode 100644 index 000000000000..3b78525697b9 --- /dev/null +++ b/stable/sematext-agent/templates/NOTES.txt @@ -0,0 +1,51 @@ +{{- if and (not .Values.containerToken) (not .Values.logsToken) -}} + +############################################################################### +# ERROR: Please provide containerToken and/or logsToken! # +############################################################################### + +Depending on which region you want to use, create a container and/or logs apps +to get your tokens. Then, start the app with: + +helm install --name release_name \ + --set sematext.containerToken=YOUR_CONTAINER_TOKEN \ + stable/sematext-agent + +Or if you created both apps use: + +helm install --name release_name \ + --set containerToken=YOUR_CONTAINER_TOKEN,logsToken=YOUR_LOGS_TOKEN \ + stable/sematext-agent + +Please check the README file for all available parameters. + +{{- else if not .Values.logsToken -}} + +Missing logsToken! You will only receive metrics and events. +{{ if eq .Values.region "US" }} +After a few minutes check your app at https://apps.sematext.com/ui/monitoring +{{ else if eq .Values.region "EU" }} +After a few minutes check your app at https://apps.eu.sematext.com/ui/monitoring +{{ end }} + +{{- else if not .Values.containerToken -}} + +Missing containerToken! You will only receive logs. +{{ if eq .Values.region "US" }} +After a few minutes check your app at https://apps.sematext.com/ui/logs +{{ else if eq .Values.region "EU" }} +After a few minutes check your app at https://apps.eu.sematext.com/ui/logs +{{ end }} + +{{- else -}} + +You are all set! +{{ if eq .Values.region "US" }} +After a few minutes check your metrics app at https://apps.sematext.com/ui/monitoring +or logs at https://apps.sematext.com/ui/logs +{{ else if eq .Values.region "EU" }} +After a few minutes check your metrics app at https://apps.eu.sematext.com/ui/monitoring +or logs at https://apps.eu.sematext.com/ui/logs +{{ end }} + +{{- end -}} diff --git a/stable/sematext-agent/templates/_helpers.tpl b/stable/sematext-agent/templates/_helpers.tpl new file mode 100644 index 000000000000..fad450fbdc1e --- /dev/null +++ b/stable/sematext-agent/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "sematext-agent.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "sematext-agent.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "sematext-agent.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "sematext-agent.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "sematext-agent.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/stable/sematext-agent/templates/clusterrole.yaml b/stable/sematext-agent/templates/clusterrole.yaml new file mode 100644 index 000000000000..f6ea84acc387 --- /dev/null +++ b/stable/sematext-agent/templates/clusterrole.yaml @@ -0,0 +1,40 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: {{ template "sematext-agent.fullname" . }} + labels: + app: {{ template "sematext-agent.name" . }} + chart: {{ template "sematext-agent.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +rules: +- apiGroups: + - "" + resources: + - events + - pods + - configmaps + - nodes + - secrets + verbs: + - list + - get + - watch +- apiGroups: + - "" + resources: + - pods + - configmaps + verbs: + - create + - delete + - update +- apiGroups: + - apps + resources: + - deployments + verbs: + - watch + - list +{{- end }} diff --git a/stable/sematext-agent/templates/clusterrolebinding.yaml b/stable/sematext-agent/templates/clusterrolebinding.yaml new file mode 100644 index 000000000000..6dd3a886236e --- /dev/null +++ b/stable/sematext-agent/templates/clusterrolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "sematext-agent.fullname" . }} + labels: + app: {{ template "sematext-agent.name" . }} + chart: {{ template "sematext-agent.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "sematext-agent.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "sematext-agent.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/stable/sematext-agent/templates/configmap-agent-autodisco.yaml b/stable/sematext-agent/templates/configmap-agent-autodisco.yaml new file mode 100644 index 000000000000..fc042e0935a8 --- /dev/null +++ b/stable/sematext-agent/templates/configmap-agent-autodisco.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "sematext-agent.fullname" . }}-agent-autodisco + labels: + app: {{ template "sematext-agent.name" . }}-agent-autodisco + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + autodisco.yml: |- + {{- range .Files.Lines "files/autodisco.yml" }} + {{ . }}{{ end }} diff --git a/stable/sematext-agent/templates/configmap-agent.yaml b/stable/sematext-agent/templates/configmap-agent.yaml new file mode 100644 index 000000000000..f78aa082e9a5 --- /dev/null +++ b/stable/sematext-agent/templates/configmap-agent.yaml @@ -0,0 +1,27 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "sematext-agent.fullname" . }}-agent + labels: + app: {{ template "sematext-agent.name" . }}-agent + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + API_SERVER_PORT: "{{ .Values.agent.service.port }}" + {{- range $key, $val := .Values.agent.config }} + {{ $key }}: {{ $val | quote }} + {{- end }} + {{- if .Values.customUrl }} + SERVER_BASE_URL: {{ default "" .Values.customUrl.metricsServer | quote }} + EVENTS_RECEIVER_URL: {{ default "" .Values.customUrl.eventServer | quote }} + LOGS_RECEIVER_URL: {{ default "" .Values.customUrl.logsServer | quote }} + {{- else if eq .Values.region "EU" }} + SERVER_BASE_URL: "https://spm-receiver.eu.sematext.com" + EVENTS_RECEIVER_URL: "https://event-receiver.eu.sematext.com" + LOGS_RECEIVER_URL: "https://logsene-receiver.eu.sematext.com" + {{- else if eq .Values.region "US" }} + SERVER_BASE_URL: "https://spm-receiver.sematext.com" + EVENTS_RECEIVER_URL: "https://event-receiver.sematext.com" + LOGS_RECEIVER_URL: "https://logsene-receiver.sematext.com" + {{- end }} diff --git a/stable/sematext-agent/templates/configmap-logagent.yaml b/stable/sematext-agent/templates/configmap-logagent.yaml new file mode 100644 index 000000000000..9e42689d924b --- /dev/null +++ b/stable/sematext-agent/templates/configmap-logagent.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "sematext-agent.fullname" . }}-logagent + labels: + app: {{ template "sematext-agent.name" . }}-logagent + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + REGION: {{ .Values.region | quote }} + {{- range $key, $val := .Values.logagent.config }} + {{ $key }}: {{ $val | quote }} + {{- end }} + {{- if .Values.customUrl }} + LOGS_RECEIVER_URL: {{ default "" .Values.customUrl.logsServer | quote }} + {{- end }} diff --git a/stable/sematext-agent/templates/daemonset.yaml b/stable/sematext-agent/templates/daemonset.yaml new file mode 100644 index 000000000000..e592bf551f2c --- /dev/null +++ b/stable/sematext-agent/templates/daemonset.yaml @@ -0,0 +1,140 @@ +{{- if or (.Values.infraToken) (.Values.logsToken) (.Values.containerToken) }} +{{- if .Capabilities.APIVersions.Has "apps/v1" }} +apiVersion: apps/v1 +{{- else }} +apiVersion: extensions/v1beta1 +{{- end }} +kind: DaemonSet +metadata: + name: {{ template "sematext-agent.fullname" . }} + labels: + app: {{ template "sematext-agent.name" . }} + chart: {{ template "sematext-agent.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + matchLabels: + app: {{ template "sematext-agent.name" . }} + release: {{ .Release.Name }} + template: + metadata: + labels: + app: {{ template "sematext-agent.name" . }} + release: {{ .Release.Name }} + annotations: + checksum/config-agent: {{ include (print $.Template.BasePath "/configmap-agent.yaml") . | sha256sum }} + checksum/config-agent-autodisco: {{ include (print $.Template.BasePath "/configmap-agent-autodisco.yaml") . | sha256sum }} + checksum/config-logagent: {{ include (print $.Template.BasePath "/configmap-logagent.yaml") . | sha256sum }} + checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} + spec: + serviceAccountName: {{ template "sematext-agent.serviceAccountName" . }} + containers: + - name: agent + image: "{{ .Values.agent.image.repository }}:{{ .Values.agent.image.tag }}" + imagePullPolicy: {{ .Values.agent.image.pullPolicy }} + env: + - name: INFRA_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "sematext-agent.fullname" . }} + key: infra-token + - name: CONTAINER_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "sematext-agent.fullname" . }} + key: container-token + - name: LOGS_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "sematext-agent.fullname" . }} + key: logs-token + - name: NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName + envFrom: + - configMapRef: + name: {{ template "sematext-agent.fullname" . }}-agent + livenessProbe: + httpGet: + path: /health + port: {{ .Values.agent.service.port }} + readinessProbe: + httpGet: + path: /health + port: {{ .Values.agent.service.port }} + volumeMounts: + - name: procfs + mountPath: /host/proc + readOnly: true + - name: sysfs + mountPath: /host/sys + readOnly: true + - name: etc + mountPath: /host/etc + readOnly: true + - name: debugfs + mountPath: /sys/kernel/debug + - name: docker-sock + mountPath: /var/run/docker.sock + - name: journal + mountPath: /opt/spm/st-agent + - name: autodisco-template + mountPath: /etc/agent + securityContext: + privileged: true + ports: + - name: http + containerPort: {{ .Values.agent.service.port }} + protocol: TCP + resources: +{{ toYaml .Values.agent.resources | indent 12 }} + - name: logagent + image: "{{ .Values.logagent.image.repository }}:{{ .Values.logagent.image.tag }}" + imagePullPolicy: {{ .Values.logagent.image.pullPolicy }} + env: + - name: LOGS_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "sematext-agent.fullname" . }} + key: logs-token + envFrom: + - configMapRef: + name: {{ template "sematext-agent.fullname" . }}-logagent + volumeMounts: + - name: docker-sock + mountPath: /var/run/docker.sock + resources: +{{ toYaml .Values.logagent.resources | indent 12 }} + volumes: + - name: procfs + hostPath: + path: /proc + - name: sysfs + hostPath: + path: /sys + - name: etc + hostPath: + path: /etc + - name: debugfs + hostPath: + path: /sys/kernel/debug + - name: docker-sock + hostPath: + path: /var/run/docker.sock + - name: journal + hostPath: + path: /opt/spm/st-agent + - name: autodisco-template + configMap: + name: {{ template "sematext-agent.fullname" . }}-agent-autodisco + {{ if .Values.imagePullSecrets }} + imagePullSecrets: + - name: {{ .Values.imagePullSecrets }} + {{- end }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} +{{- end }} diff --git a/stable/sematext-agent/templates/secret.yaml b/stable/sematext-agent/templates/secret.yaml new file mode 100644 index 000000000000..e167187bcc33 --- /dev/null +++ b/stable/sematext-agent/templates/secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "sematext-agent.fullname" . }} + labels: + app: {{ template "sematext-agent.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} +type: Opaque +data: + infra-token: {{ default "" .Values.infraToken | b64enc | quote }} + container-token: {{ default "" .Values.containerToken | b64enc | quote }} + logs-token: {{ default "" .Values.logsToken | b64enc | quote }} diff --git a/stable/sematext-agent/templates/service.yaml b/stable/sematext-agent/templates/service.yaml new file mode 100644 index 000000000000..4b3c848762fe --- /dev/null +++ b/stable/sematext-agent/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "sematext-agent.fullname" . }} + labels: + app: {{ template "sematext-agent.name" . }} + chart: {{ template "sematext-agent.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + type: {{ .Values.agent.service.type }} + ports: + - port: {{ .Values.agent.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app: {{ template "sematext-agent.name" . }} + release: {{ .Release.Name }} diff --git a/stable/sematext-agent/templates/serviceaccount.yaml b/stable/sematext-agent/templates/serviceaccount.yaml new file mode 100644 index 000000000000..fb07401c748d --- /dev/null +++ b/stable/sematext-agent/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "sematext-agent.serviceAccountName" . }} + labels: + app: {{ template "sematext-agent.name" . }} + chart: {{ template "sematext-agent.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +{{- end }} diff --git a/stable/sematext-agent/values.yaml b/stable/sematext-agent/values.yaml new file mode 100644 index 000000000000..fc4f327257ea --- /dev/null +++ b/stable/sematext-agent/values.yaml @@ -0,0 +1,63 @@ +agent: + image: + repository: sematext/agent + tag: latest + pullPolicy: Always + service: + port: 80 + type: ClusterIP + config: + JOURNAL_DIR: /opt/spm/st-agent + PIPELINE_CONSOLE_OUTPUT: false + PIPELINE_NULL_OUTPUT: false + API_SERVER_HOST: 0.0.0.0 + LOGGING_WRITE_EVENTS: false + LOGGING_REQUEST_TRACKING: false + AUTODISCO_TEMPLATES_PATH: /etc/agent/autodisco.yml + LOGGING_LEVEL: warn + resources: {} + +logagent: + image: + repository: sematext/logagent + tag: latest + pullPolicy: Always + config: + LOGSENE_BULK_SIZE: "1000" + LOGSENE_LOG_INTERVAL: "10000" + resources: {} + +rbac: + # Specifies whether RBAC resources should be created + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: + +# represents the infra token where most metrics, packages, processes, etc. are shipped +infraToken: null +# determines the token for the container app (container metrics are delivered here) +containerToken: null +# logsene token to send logs +logsToken: null + +# for private images +# imagePullSecrets: + +region: US + +# support for custom URLs +customUrl: {} + # metricsServer: https://metrics-receiver.apps.test.sematext.com + # eventServer: https://event-receiver.apps.test.sematext.com + # logsServer: https://logs-token-receiver.apps.test.sematext.com + +tolerations: [] + +# Node labels for pod assignment +# Ref: https://kubernetes.io/docs/user-guide/node-selection/ +nodeSelector: {} From ab578399015479654c03b19c63e8aee34d2b58ca Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 12 Feb 2019 16:19:54 +0100 Subject: [PATCH 0139/1586] [stable/postgresql] Allow initDb scripts in the form of secrets (#11233) Signed-off-by: Javier J. Salmeron Garcia --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 3 ++- stable/postgresql/templates/_helpers.tpl | 7 +++++++ stable/postgresql/templates/statefulset.yaml | 11 ++++++++++- stable/postgresql/values-production.yaml | 4 ++++ stable/postgresql/values.yaml | 4 ++++ 6 files changed, 28 insertions(+), 3 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 7675f70b33f9..520261aef47b 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.10.2 +version: 3.11.0 appVersion: 10.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index 3dd1ed021b2d..e3a18cb0399b 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -81,6 +81,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a | `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files | `nil` | | `initdbScripts` | List of initdb scripts | `nil` | | `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | +| `initdbScriptsSecret` | Secret with initdb scripts that contain sensitive information (Note: can be used with `initdbScriptsConfigMap` or `initdbScripts`) | `nil` | | `service.type` | Kubernetes Service type | `ClusterIP` | | `service.port` | PostgreSQL port | `5432` | | `service.nodePort` | Kubernetes Service nodePort | `nil` | @@ -172,7 +173,7 @@ The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) i Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. -In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. If your initialization scripts contain sensitive information such as credentials or passwords, you can use the `initdbScriptsSecret` parameter. The allowed extensions are `.sh`, `.sql` and `.sql.gz`. diff --git a/stable/postgresql/templates/_helpers.tpl b/stable/postgresql/templates/_helpers.tpl index d17977960881..96fd32ccfeb6 100644 --- a/stable/postgresql/templates/_helpers.tpl +++ b/stable/postgresql/templates/_helpers.tpl @@ -150,3 +150,10 @@ Get the initialization scripts ConfigMap name. {{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} {{- end -}} {{- end -}} + +{{/* +Get the initialization scripts Secret name. +*/}} +{{- define "postgresql.initdbScriptsSecret" -}} +{{- printf "%s" .Values.initdbScriptsSecret -}} +{{- end -}} diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index 1bd7d1e85698..7309d1a213ba 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -185,7 +185,11 @@ spec: volumeMounts: {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d + mountPath: /docker-entrypoint-initdb.d/configmap + {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + mountPath: /docker-entrypoint-initdb.d/secret {{- end }} {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - name: postgresql-extended-config @@ -277,6 +281,11 @@ spec: configMap: name: {{ template "postgresql.initdbScriptsCM" . }} {{- end }} + {{- if .Values.initdbScriptsSecret }} + - name: custom-init-scripts-secret + secret: + secretName: {{ template "postgresql.initdbScriptsSecret" . }} + {{- end }} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: data persistentVolumeClaim: diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index a05866060206..6ae61617cf45 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -149,6 +149,10 @@ postgresqlDataDir: /bitnami/postgresql ## NOTE: This will override initdbScripts # initdbScriptsConfigMap: +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + ## PostgreSQL service configuration service: ## PosgresSQL service type diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index d886a1fb3b1d..cfe2714a1b49 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -150,6 +150,10 @@ postgresqlDataDir: /bitnami/postgresql ## NOTE: This will override initdbScripts # initdbScriptsConfigMap: +## Secret with scripts to be run at first boot (in case it contains sensitive information) +## NOTE: This can work along initdbScripts or initdbScriptsConfigMap +# initdbScriptsSecret: + ## Optional duration in seconds the pod needs to terminate gracefully. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## From 9a7c8cc376695106ac22b256b43970bdf2e342e9 Mon Sep 17 00:00:00 2001 From: Christian Ingenhaag Date: Tue, 12 Feb 2019 16:56:09 +0100 Subject: [PATCH 0140/1586] Nextcloud chart add OWNERS for further contribution (#11335) * add nextcloud chart Signed-off-by: Christian Ingenhaag * insert suggestions from reviews in #5180 Signed-off-by: Christian Ingenhaag * disable ingress per default Signed-off-by: Christian Ingenhaag * fix nextcloud e2e tests Signed-off-by: Christian Ingenhaag * [nextcloud] add owners file for further contribution Signed-off-by: Christian Ingenhaag --- stable/nextcloud/Chart.yaml | 2 +- stable/nextcloud/OWNERS | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 stable/nextcloud/OWNERS diff --git a/stable/nextcloud/Chart.yaml b/stable/nextcloud/Chart.yaml index effadc52450a..2c56b112fb29 100644 --- a/stable/nextcloud/Chart.yaml +++ b/stable/nextcloud/Chart.yaml @@ -1,5 +1,5 @@ name: nextcloud -version: 1.0.0 +version: 1.0.1 appVersion: 15.0.2 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/stable/nextcloud/OWNERS b/stable/nextcloud/OWNERS new file mode 100644 index 000000000000..c9b3946080e3 --- /dev/null +++ b/stable/nextcloud/OWNERS @@ -0,0 +1,4 @@ +approvers: +- chrisingenhaag +reviewers: +- chrisingenhaag From 94f55586be727be16d9eeceef0fe8e61d999df8e Mon Sep 17 00:00:00 2001 From: Raphael Sampaio Date: Tue, 12 Feb 2019 14:29:39 -0200 Subject: [PATCH 0141/1586] [stable/airflow] Updates README.md with better instructions for installing extra dependencies (#11358) * [airflow] Updates README.md Instructions on how to install extra Python dependencies were not very clear. Additionally, the option to install them by placing a `requirements.txt` to the root of the DAGs folder seemed to be only possible for an *init-container* strategy. That is not the case, since this method also works for a *shared persistent volume* strategy. Signed-off-by: Raphael Sampaio * [airflow] bumps Chart version Chart version bump is required by Circle CI Signed-off-by: Raphael Sampaio --- stable/airflow/Chart.yaml | 2 +- stable/airflow/README.md | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index ed8b03f5a6ae..8d4444da7d20 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,6 +1,6 @@ description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 0.17.0 +version: 0.17.1 appVersion: 1.10.0 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/README.md b/stable/airflow/README.md index 256c5ff9bdd7..eb111ac9853d 100644 --- a/stable/airflow/README.md +++ b/stable/airflow/README.md @@ -190,6 +190,10 @@ airflow: Please note a folder `~/.local/bin` will be automatically created and added to the PATH so that Bash operators can use command line tools installed by `pip install --user` for instance. +## Installing dependencies + +Add a `requirements.txt` file at the root of your DAG project (`dags.path` entry at `values.yaml`) and they will be automatically installed. That works for both shared persistent volume and init-container deployment strategies (see below). + ## DAGs Deployment Several options are provided for synchronizing your Airflow DAGs. @@ -217,9 +221,6 @@ To share a PV with multiple Pods, the PV needs to have accessMode 'ReadOnlyMany' If you enable set `dags.init_container.enabled=true`, the pods will try upon startup to fetch the git repository defined by `dags.git_repo`, on branch `dags.git_branch` as DAG folder. -You can also add a `requirements.txt` file at the root of your DAG project to have other -Python dependencies installed. - This is the easiest way of deploying your DAGs to Airflow. If you are using a private Git repo, you can set `dags.gitSecret` to the name of a secret you created containing private keys and a `known_hosts` file. From e0119b61ca1e11ad0bd9ad61c07b5bf6e8924258 Mon Sep 17 00:00:00 2001 From: Massimo Gaggero Date: Tue, 12 Feb 2019 18:09:42 +0100 Subject: [PATCH 0142/1586] =?UTF-8?q?Implements=20#11353=20:=20[stable/air?= =?UTF-8?q?flow]=20install-requirements.sh=20script=20s=E2=80=A6=20(#11357?= =?UTF-8?q?)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Implements #11353 : [stable/airflow] install-requirements.sh script should be always available Signed-off-by: Massimo Gaggero * - fixes scripts volume creation issue Signed-off-by: Massimo Gaggero * - updates version Signed-off-by: Massimo Gaggero --- stable/airflow/Chart.yaml | 2 +- stable/airflow/templates/deployments-scheduler.yaml | 12 ++++++------ stable/airflow/templates/deployments-web.yaml | 12 ++++++------ stable/airflow/templates/statefulsets-workers.yaml | 12 ++++++------ 4 files changed, 19 insertions(+), 19 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index 8d4444da7d20..02262d9784b0 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,6 +1,6 @@ description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 0.17.1 +version: 0.17.2 appVersion: 1.10.0 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/templates/deployments-scheduler.yaml b/stable/airflow/templates/deployments-scheduler.yaml index 129a6021bfc7..25972f2d3ec9 100755 --- a/stable/airflow/templates/deployments-scheduler.yaml +++ b/stable/airflow/templates/deployments-scheduler.yaml @@ -69,14 +69,14 @@ spec: env: {{- include "airflow.mapenvsecrets" . | indent 10 }} volumeMounts: + - name: scripts + mountPath: /usr/local/scripts {{- if .Values.persistence.enabled }} - name: dags-data mountPath: {{ .Values.dags.path }} {{- else if .Values.dags.initContainer.enabled }} - name: dags-data mountPath: {{ .Values.dags.path }} - - name: scripts - mountPath: /usr/local/scripts {{- if .Values.airflow.connections }} - name: connections mountPath: /usr/local/connections @@ -117,6 +117,10 @@ spec: airflow scheduler -n {{ .Values.airflow.schedulerNumRuns }} {{- end }} volumes: + - name: scripts + configMap: + name: {{ template "airflow.fullname" . }}-scripts + defaultMode: 0755 - name: dags-data {{- if .Values.persistence.enabled }} persistentVolumeClaim: @@ -130,10 +134,6 @@ spec: claimName: {{ .Values.logsPersistence.existingClaim | default (printf "%s-logs" (include "airflow.fullname" . | trunc 58 )) }} {{- end }} {{- if .Values.dags.initContainer.enabled }} - - name: scripts - configMap: - name: {{ template "airflow.fullname" . }}-scripts - defaultMode: 0755 - name: git-clone configMap: name: {{ template "airflow.fullname" . }}-git-clone diff --git a/stable/airflow/templates/deployments-web.yaml b/stable/airflow/templates/deployments-web.yaml index b09c28c5bc93..a7addabe72bc 100644 --- a/stable/airflow/templates/deployments-web.yaml +++ b/stable/airflow/templates/deployments-web.yaml @@ -72,14 +72,14 @@ spec: env: {{- include "airflow.mapenvsecrets" . | indent 10 }} volumeMounts: + - name: scripts + mountPath: /usr/local/scripts {{- if .Values.persistence.enabled }} - name: dags-data mountPath: {{ .Values.dags.path }} {{- else if .Values.dags.initContainer.enabled }} - name: dags-data mountPath: {{ .Values.dags.path }} - - name: scripts - mountPath: /usr/local/scripts {{- end }} {{- if .Values.logsPersistence.enabled }} - name: logs-data @@ -118,6 +118,10 @@ spec: successThreshold: 1 failureThreshold: 5 volumes: + - name: scripts + configMap: + name: {{ template "airflow.fullname" . }}-scripts + defaultMode: 0755 - name: dags-data {{- if .Values.persistence.enabled }} persistentVolumeClaim: @@ -131,10 +135,6 @@ spec: claimName: {{ .Values.logsPersistence.existingClaim | default (printf "%s-logs" (include "airflow.fullname" . | trunc 58 )) }} {{- end }} {{- if .Values.dags.initContainer.enabled }} - - name: scripts - configMap: - name: {{ template "airflow.fullname" . }}-scripts - defaultMode: 0755 - name: git-clone configMap: name: {{ template "airflow.fullname" . }}-git-clone diff --git a/stable/airflow/templates/statefulsets-workers.yaml b/stable/airflow/templates/statefulsets-workers.yaml index 222d1008c403..6cd9f5ab4540 100644 --- a/stable/airflow/templates/statefulsets-workers.yaml +++ b/stable/airflow/templates/statefulsets-workers.yaml @@ -77,6 +77,8 @@ spec: env: {{- include "airflow.mapenvsecrets" . | indent 10 }} volumeMounts: + - name: scripts + mountPath: /usr/local/scripts {{- $secretsDir := .Values.workers.secretsDir -}} {{- range .Values.workers.secrets }} - name: {{ . }}-volume @@ -90,8 +92,6 @@ spec: {{- else if .Values.dags.initContainer.enabled }} - name: dags-data mountPath: {{ .Values.dags.path }} - - name: scripts - mountPath: /usr/local/scripts {{- end }} args: - "bash" @@ -122,6 +122,10 @@ spec: resources: {{ toYaml .Values.workers.resources | indent 12 }} volumes: + - name: scripts + configMap: + name: {{ template "airflow.fullname" . }}-scripts + defaultMode: 0755 {{- range .Values.workers.secrets }} - name: {{ . }}-volume secret: @@ -135,10 +139,6 @@ spec: emptyDir: {} {{- end }} {{- if .Values.dags.initContainer.enabled }} - - name: scripts - configMap: - name: {{ template "airflow.fullname" . }}-scripts - defaultMode: 0755 - name: git-clone configMap: name: {{ template "airflow.fullname" . }}-git-clone From 725524490600dd3db009023e88a76349b5ad8d24 Mon Sep 17 00:00:00 2001 From: Ian Hoegen Date: Tue, 12 Feb 2019 10:06:47 -0800 Subject: [PATCH 0143/1586] Add me as reviewer, default ServiceMonitor to false (#11345) * Service monitor off by default Signed-off-by: Ian Hoegen * Bump version Signed-off-by: Ian Hoegen --- stable/kuberhealthy/Chart.yaml | 4 +++- stable/kuberhealthy/OWNERS | 2 ++ stable/kuberhealthy/README.md | 2 +- stable/kuberhealthy/values.yaml | 2 +- 4 files changed, 7 insertions(+), 3 deletions(-) diff --git a/stable/kuberhealthy/Chart.yaml b/stable/kuberhealthy/Chart.yaml index 7604862064ab..bc83f8d60901 100644 --- a/stable/kuberhealthy/Chart.yaml +++ b/stable/kuberhealthy/Chart.yaml @@ -3,12 +3,14 @@ appVersion: "1.0.0" home: https://comcast.github.io/kuberhealthy/ description: The official Helm chart for Kuberhealthy. name: kuberhealthy -version: 1.0.0 +version: 1.0.1 maintainers: - name: integrii email: eric.greer@comcast.com - name: lolimjake email: jacob.martin@comcast.com + - name: ihoegen + email: ianhoegen@gmail.com keywords: - kuberhealthy - kubernetes diff --git a/stable/kuberhealthy/OWNERS b/stable/kuberhealthy/OWNERS index 8b1d7ca48e05..072f42ea54c5 100644 --- a/stable/kuberhealthy/OWNERS +++ b/stable/kuberhealthy/OWNERS @@ -1,6 +1,8 @@ approvers: - integrii - lolimjake +- ihoegen reviewers: - integrii - lolimjake +- ihoegen diff --git a/stable/kuberhealthy/README.md b/stable/kuberhealthy/README.md index 18d5d9746c21..31b30c3f4c0a 100644 --- a/stable/kuberhealthy/README.md +++ b/stable/kuberhealthy/README.md @@ -31,7 +31,7 @@ prometheus: enabled: true # do we deploy a ServiceMonitor spec? name: "prometheus" # the name of the Prometheus deployment in your environment. enableScraping: true # add the Prometheus scrape annotation to Kuberhealthy pods - serviceMonitor: true # use a ServiceMonitor configuration + serviceMonitor: false # use a ServiceMonitor configuration, for if using Prometheus Operator enableAlerting: true # enable default Kuberhealthy alerts configuration app: name: "kuberhealthy" # what to name the kuberhealthy deployment diff --git a/stable/kuberhealthy/values.yaml b/stable/kuberhealthy/values.yaml index 4934e4c9019b..7fab74ad4d68 100644 --- a/stable/kuberhealthy/values.yaml +++ b/stable/kuberhealthy/values.yaml @@ -6,7 +6,7 @@ prometheus: enabled: false name: "prometheus" enableScraping: true - serviceMonitor: true + serviceMonitor: false enableAlerting: true image: From ef15c3291d7845c338f23700eb23a6d6852d84bf Mon Sep 17 00:00:00 2001 From: Yong Wen Chua Date: Wed, 13 Feb 2019 04:55:23 +0800 Subject: [PATCH 0144/1586] [incubator/vault] Add `checksum/config` annotation to pods (#11321) * Add `checksum/config` annotation to pods Signed-off-by: Yong Wen Chua * Fix annotations rendering issues Signed-off-by: Yong Wen Chua --- incubator/vault/Chart.yaml | 2 +- incubator/vault/templates/deployment.yaml | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/incubator/vault/Chart.yaml b/incubator/vault/Chart.yaml index ec0d80bd1d04..301b83b71286 100644 --- a/incubator/vault/Chart.yaml +++ b/incubator/vault/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart for Vault, a tool for managing secrets name: vault -version: 0.14.7 +version: 0.14.8 appVersion: 1.0.1 home: https://www.vaultproject.io/ icon: https://www.vaultproject.io/assets/images/mega-nav/logo-vault-0f83e3d2.svg diff --git a/incubator/vault/templates/deployment.yaml b/incubator/vault/templates/deployment.yaml index 44f27516e72b..f0d6b689e414 100644 --- a/incubator/vault/templates/deployment.yaml +++ b/incubator/vault/templates/deployment.yaml @@ -24,7 +24,10 @@ spec: app: {{ template "vault.name" . }} release: {{ .Release.Name }} annotations: -{{ toYaml .Values.podAnnotations | indent 8 }} + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + {{- range $key, $value := .Values.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} spec: containers: - name: {{ .Chart.Name }} From 6342aa9263e81f38f4345c1d9fcd2747c223948c Mon Sep 17 00:00:00 2001 From: Bo Huang Date: Tue, 12 Feb 2019 13:11:39 -0800 Subject: [PATCH 0145/1586] Update fluentd-kubernetes-sumologic to the latest (v2.3.0) (#11329) Signed-off-by: Bo Huang --- stable/sumologic-fluentd/Chart.yaml | 4 ++-- stable/sumologic-fluentd/README.md | 2 +- stable/sumologic-fluentd/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/sumologic-fluentd/Chart.yaml b/stable/sumologic-fluentd/Chart.yaml index ea60d680372e..3267c1c31bed 100755 --- a/stable/sumologic-fluentd/Chart.yaml +++ b/stable/sumologic-fluentd/Chart.yaml @@ -1,6 +1,6 @@ name: sumologic-fluentd -version: 0.11.0 -appVersion: 2.1.0 +version: 0.12.0 +appVersion: 2.3.0 description: Sumologic Log Collector keywords: - monitoring diff --git a/stable/sumologic-fluentd/README.md b/stable/sumologic-fluentd/README.md index 4ec5568a9748..0b5f819d83aa 100644 --- a/stable/sumologic-fluentd/README.md +++ b/stable/sumologic-fluentd/README.md @@ -98,7 +98,7 @@ The following table lists the configurable parameters of the sumologic-fluentd c | `sumologic.proxyUri` | Add the uri of the proxy environment if present. | `Nil` | `sumologic.enableStatWatcher` | Option to control the enabling of [stat_watcher](https://docs.fluentd.org/v1.0/articles/in_tail#enable_stat_watcher). | `true` | `image.name` | The image repository and name to pull from | `sumologic/fluentd-kubernetes-sumologic` | -| `image.tag` | The image tag to pull | `v2.1.0` | +| `image.tag` | The image tag to pull | `v2.3.0` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `persistence.enabled` | Boolean value, used to turn on or off fluentd position file persistence, on nodes (requires Kubernetes >= 1.8) | `false` | | `persistence.hostPath` | The path, on each node, to a directory for fluentd pos files. You must create the directory on each node first or set `persistence.createPath` (requires Kubernetes >= 1.8) | `/var/run/fluentd-pos` | diff --git a/stable/sumologic-fluentd/values.yaml b/stable/sumologic-fluentd/values.yaml index 28e583d933fb..f09a258c9b64 100644 --- a/stable/sumologic-fluentd/values.yaml +++ b/stable/sumologic-fluentd/values.yaml @@ -1,7 +1,7 @@ # Default values for sumologic-fluentd. image: name: sumologic/fluentd-kubernetes-sumologic - tag: v2.1.0 + tag: v2.3.0 pullPolicy: IfNotPresent ## Annotations to add to the DaemonSet's Pods From d73c2a995d2752b843c81a0a0a9b46ff69703cb5 Mon Sep 17 00:00:00 2001 From: Sander van Schie Date: Tue, 12 Feb 2019 22:11:54 +0100 Subject: [PATCH 0146/1586] Change AlertManager reload URL from localhost to 127.0.0.1 (#11359) Signed-off-by: Sander van Schie --- stable/prometheus/Chart.yaml | 2 +- stable/prometheus/templates/alertmanager-deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/prometheus/Chart.yaml b/stable/prometheus/Chart.yaml index 33e0ae5691e8..9dac6376cc11 100755 --- a/stable/prometheus/Chart.yaml +++ b/stable/prometheus/Chart.yaml @@ -1,5 +1,5 @@ name: prometheus -version: 8.7.0 +version: 8.7.1 appVersion: 2.7.1 description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ diff --git a/stable/prometheus/templates/alertmanager-deployment.yaml b/stable/prometheus/templates/alertmanager-deployment.yaml index 668ffb7db311..8ec756ea4657 100644 --- a/stable/prometheus/templates/alertmanager-deployment.yaml +++ b/stable/prometheus/templates/alertmanager-deployment.yaml @@ -81,7 +81,7 @@ spec: imagePullPolicy: "{{ .Values.configmapReload.image.pullPolicy }}" args: - --volume-dir=/etc/config - - --webhook-url=http://localhost:9093{{ .Values.alertmanager.prefixURL }}/-/reload + - --webhook-url=http://127.0.0.1:9093{{ .Values.alertmanager.prefixURL }}/-/reload resources: {{ toYaml .Values.configmapReload.resources | indent 12 }} volumeMounts: From e47a0f1c28ac5a19427eb6c95a2b5ddd0df0f104 Mon Sep 17 00:00:00 2001 From: xuxinkun Date: Wed, 13 Feb 2019 06:09:56 +0800 Subject: [PATCH 0147/1586] move datasources to init container. (#9842) Signed-off-by: xuxinkun --- stable/grafana/Chart.yaml | 2 +- stable/grafana/README.md | 2 +- stable/grafana/templates/deployment.yaml | 42 +++++++++++++----------- stable/grafana/values.yaml | 2 +- 4 files changed, 25 insertions(+), 23 deletions(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index db73758b9887..cc1707d91606 100755 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 1.26.1 +version: 2.0.0 appVersion: 5.4.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/README.md b/stable/grafana/README.md index cc1f3b80f94e..ec1013556da1 100644 --- a/stable/grafana/README.md +++ b/stable/grafana/README.md @@ -122,7 +122,7 @@ data: ## Sidecar for datasources -If the parameter `sidecar.datasources.enabled` is set, a sidecar container is deployed in the grafana pod. This container watches all config maps in the cluster and filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in those configmaps are written to a folder and accessed by grafana on startup. Using these yaml files, the data sources in grafana can be modified. +If the parameter `sidecar.datasources.enabled` is set, an init container is deployed in the grafana pod. This container lists all config maps in the cluster and filters out the ones with a label as defined in `sidecar.datasources.label`. The files defined in those configmaps are written to a folder and accessed by grafana on startup. Using these yaml files, the data sources in grafana can be imported. The configmaps must be created before `helm install` so that the datasources init container can list the configmaps. Example datasource config adapted from [Grafana](http://docs.grafana.org/administration/provisioning/#example-datasource-config-file): ``` diff --git a/stable/grafana/templates/deployment.yaml b/stable/grafana/templates/deployment.yaml index dc594fe23c1f..aae4e6083029 100644 --- a/stable/grafana/templates/deployment.yaml +++ b/stable/grafana/templates/deployment.yaml @@ -43,7 +43,7 @@ spec: {{- if .Values.priorityClassName }} priorityClassName: {{ .Values.priorityClassName }} {{- end }} -{{- if ( or .Values.persistence.enabled .Values.dashboards ) }} +{{- if ( or .Values.persistence.enabled .Values.dashboards .Values.sidecar.datasources.enabled) }} initContainers: {{- end }} {{- if ( and .Values.persistence.enabled .Values.persistence.initChownData ) }} @@ -80,6 +80,27 @@ spec: readOnly: {{ .readOnly }} {{- end }} {{- end }} +{{- if .Values.sidecar.datasources.enabled }} + - name: {{ template "grafana.name" . }}-sc-datasources + image: "{{ .Values.sidecar.image }}" + imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} + env: + - name: METHOD + value: LIST + - name: LABEL + value: "{{ .Values.sidecar.datasources.label }}" + - name: FOLDER + value: "/etc/grafana/provisioning/datasources" + {{- if .Values.sidecar.datasources.searchNamespace }} + - name: NAMESPACE + value: "{{ .Values.sidecar.datasources.searchNamespace }}" + {{- end }} + resources: +{{ toYaml .Values.sidecar.resources | indent 12 }} + volumeMounts: + - name: sc-datasources-volume + mountPath: "/etc/grafana/provisioning/datasources" +{{- end}} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} @@ -105,25 +126,6 @@ spec: volumeMounts: - name: sc-dashboard-volume mountPath: {{ .Values.sidecar.dashboards.folder | quote }} -{{- end}} -{{- if .Values.sidecar.datasources.enabled }} - - name: {{ template "grafana.name" . }}-sc-datasources - image: "{{ .Values.sidecar.image }}" - imagePullPolicy: {{ .Values.sidecar.imagePullPolicy }} - env: - - name: LABEL - value: "{{ .Values.sidecar.datasources.label }}" - - name: FOLDER - value: "/etc/grafana/provisioning/datasources" - {{- if .Values.sidecar.datasources.searchNamespace }} - - name: NAMESPACE - value: "{{ .Values.sidecar.datasources.searchNamespace }}" - {{- end }} - resources: -{{ toYaml .Values.sidecar.resources | indent 12 }} - volumeMounts: - - name: sc-datasources-volume - mountPath: "/etc/grafana/provisioning/datasources" {{- end}} - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" diff --git a/stable/grafana/values.yaml b/stable/grafana/values.yaml index 7727c00cffad..eb9738858cb1 100644 --- a/stable/grafana/values.yaml +++ b/stable/grafana/values.yaml @@ -292,7 +292,7 @@ smtp: ## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards sidecar: - image: kiwigrid/k8s-sidecar:0.0.6 + image: xuxinkun/k8s-sidecar:0.0.7 imagePullPolicy: IfNotPresent resources: # limits: From 302551684d5a8f72330efc7ead315ab0d5e0e958 Mon Sep 17 00:00:00 2001 From: Vishwanath Date: Tue, 12 Feb 2019 14:44:57 -0800 Subject: [PATCH 0148/1586] Next agent release (ciprod01092019) (#11167) Signed-off-by: Vishwanath Narasimhan --- incubator/azuremonitor-containers/Chart.yaml | 2 +- incubator/azuremonitor-containers/README.md | 8 +- .../templates/omsagent-daemonset.yaml | 6 +- .../templates/omsagent-deployment.yaml | 6 +- .../templates/omsagent-rs-configmap.yaml | 84 +++++++++++-------- incubator/azuremonitor-containers/values.yaml | 6 +- 6 files changed, 65 insertions(+), 47 deletions(-) diff --git a/incubator/azuremonitor-containers/Chart.yaml b/incubator/azuremonitor-containers/Chart.yaml index 883914225e8b..f202c98deb49 100644 --- a/incubator/azuremonitor-containers/Chart.yaml +++ b/incubator/azuremonitor-containers/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 2.0.0-3 description: Helm chart for deploying Azure Monitor container monitoring agent in Kubernetes name: azuremonitor-containers -version: 0.4.0 +version: 0.5.0 keywords: - monitoring - azuremonitor diff --git a/incubator/azuremonitor-containers/README.md b/incubator/azuremonitor-containers/README.md index 70d9d54b351f..c56b1b9b83b9 100644 --- a/incubator/azuremonitor-containers/README.md +++ b/incubator/azuremonitor-containers/README.md @@ -20,7 +20,7 @@ This article describes how to set up and use [Azure Monitor - Containers](https: 2. [Add the 'AzureMonitor-Containers' Solution to your Log Analytics workspace.](http://aka.ms/coinhelmdoc) -3. [For ACS-engine K8S cluster, add Log Analytics workspace tag to cluster resources, to be able to use Azure Container monitoring User experience (aka.ms/azmon-containers)](http://aka.ms/coin-acs-tag-doc) +3. [For AKS-Engine or ACS-Engine K8S cluster, add required tags on cluster resources, to be able to use Azure Container monitoring User experience (aka.ms/azmon-containers)](http://aka.ms/coin-acs-tag-doc) --- @@ -58,7 +58,7 @@ The following table lists the configurable parameters of the MSOMS chart and the | `omsagent.secret.wsid` | Azure Log analytics workspace id | Does not have a default value, needs to be provided | | `omsagent.secret.key` | Azure Log analytics workspace key | Does not have a default value, needs to be provided | | `omsagent.domain` | Azure Log analytics cloud domain (public / govt) | opinsights.azure.com (Public cloud as default), opinsights.azure.us (Govt Cloud) | -| `omsagent.env.clusterName` | Name of your cluster | Does not have a default value, needs to be provided. If ACS-engine cluster, it is recommended to provide either one of the below as cluster name, to be able to use Azure Container monitoring User experience (aka.ms/azmon-containers)

- Azure Resource group resource ID of ACS-Engine cluster
- Provide a friendly name here and ensure this name is used to 'tag' the cluster master node(s) - see step-3 in pre-requisites above | +| `omsagent.env.clusterName` | Name of your cluster | Does not have a default value, needs to be provided. If AKS-Engine or ACS-Engine K8S cluster, it is recommended to provide either one of the below as cluster name, to be able to use Azure Container monitoring User experience (aka.ms/azmon-containers)

- Azure Resource group resource ID of ACS-Engine cluster
- Provide a friendly name here and ensure this name is used to 'tag' the cluster master node(s) - see step-3 in pre-requisites above | |`omsagent.env.doNotCollectKubeSystemLogs`| Disable collecting logs from containers in 'kube-system' namespace | true| | `omsagent.rbac` | rbac enabled/disabled | true (i.e enabled) | @@ -70,7 +70,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm ```bash $ helm install --name myrelease-1 \ ---set omsagent.secret.wsid=,omsagent.secret.key=,omsagent.env.clusterName= incubator/azuremonitor-containers +--set omsagent.secret.wsid=,omsagent.secret.key=,omsagent.env.clusterName= incubator/azuremonitor-containers ``` Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, @@ -83,4 +83,4 @@ $ helm install --name myrelease-1 -f values.yaml incubator/azuremonitor-containe After you successfully deploy the chart, you will be able to see your data in the [azure portal](aka.ms/azmon-containers) -If you need help with this chart, please reach us out thru [this](mailto:askcoin@microsoft.com) email. \ No newline at end of file +If you need help with this chart, please reach us out through [this](mailto:askcoin@microsoft.com) email. \ No newline at end of file diff --git a/incubator/azuremonitor-containers/templates/omsagent-daemonset.yaml b/incubator/azuremonitor-containers/templates/omsagent-daemonset.yaml index afa9e12a1144..4524ccba24b3 100644 --- a/incubator/azuremonitor-containers/templates/omsagent-daemonset.yaml +++ b/incubator/azuremonitor-containers/templates/omsagent-daemonset.yaml @@ -32,6 +32,8 @@ spec: value: {{ .Values.omsagent.env.clusterName | quote }} - name: DISABLE_KUBE_SYSTEM_LOG_COLLECTION value: {{ .Values.omsagent.env.doNotCollectKubeSystemLogs | quote }} + - name: CONTROLLER_TYPE + value: "DaemonSet" - name: NODE_IP valueFrom: fieldRef: @@ -44,7 +46,7 @@ spec: - containerPort: 25224 protocol: UDP volumeMounts: - - mountPath: /var/run/docker.sock + - mountPath: /var/run/host name: docker-sock - mountPath: /var/log name: host-log @@ -72,7 +74,7 @@ spec: volumes: - name: docker-sock hostPath: - path: /var/run/docker.sock + path: /var/run - name: container-hostname hostPath: path: /etc/hostname diff --git a/incubator/azuremonitor-containers/templates/omsagent-deployment.yaml b/incubator/azuremonitor-containers/templates/omsagent-deployment.yaml index f5a0f4d4c9be..2c1b4b55592c 100644 --- a/incubator/azuremonitor-containers/templates/omsagent-deployment.yaml +++ b/incubator/azuremonitor-containers/templates/omsagent-deployment.yaml @@ -36,6 +36,8 @@ spec: value: {{ .Values.omsagent.env.clusterName | quote }} - name: DISABLE_KUBE_SYSTEM_LOG_COLLECTION value: {{ .Values.omsagent.env.doNotCollectKubeSystemLogs | quote }} + - name: CONTROLLER_TYPE + value: "ReplicaSet" - name: NODE_IP valueFrom: fieldRef: @@ -48,7 +50,7 @@ spec: - containerPort: 25224 protocol: UDP volumeMounts: - - mountPath: /var/run/docker.sock + - mountPath: /var/run/host name: docker-sock - mountPath: /var/log name: host-log @@ -73,7 +75,7 @@ spec: volumes: - name: docker-sock hostPath: - path: /var/run/docker.sock + path: /var/run - name: container-hostname hostPath: path: /etc/hostname diff --git a/incubator/azuremonitor-containers/templates/omsagent-rs-configmap.yaml b/incubator/azuremonitor-containers/templates/omsagent-rs-configmap.yaml index 62295c319817..bdc60c9844be 100644 --- a/incubator/azuremonitor-containers/templates/omsagent-rs-configmap.yaml +++ b/incubator/azuremonitor-containers/templates/omsagent-rs-configmap.yaml @@ -5,54 +5,54 @@ data: kube.conf: | # Fluentd config file for OMS Docker - cluster components (kubeAPI) - #Kubernetes pod inventory - + #Kubernetes pod inventory + type kubepodinventory tag oms.containerinsights.KubePodInventory run_interval 60s log_level debug - + - #Kubernetes events - + #Kubernetes events + type kubeevents - tag oms.api.KubeEvents.CollectionTime + tag oms.containerinsights.KubeEvents run_interval 60s log_level debug - + - #Kubernetes logs - + #Kubernetes logs + type kubelogs tag oms.api.KubeLogs run_interval 60s - + - #Kubernetes services - + #Kubernetes services + type kubeservices - tag oms.api.KubeServices.CollectionTime + tag oms.containerinsights.KubeServices run_interval 60s log_level debug - + - #Kubernetes Nodes - + #Kubernetes Nodes + type kubenodeinventory tag oms.containerinsights.KubeNodeInventory run_interval 60s log_level debug - + - #Kubernetes perf - + #Kubernetes perf + type kubeperf tag oms.api.KubePerf run_interval 60s log_level debug - + - + type out_oms log_level debug num_threads 5 @@ -65,23 +65,24 @@ data: retry_limit 10 retry_wait 30s max_retry_wait 9m - + - - type out_oms_api + + type out_oms log_level debug num_threads 5 buffer_chunk_limit 5m buffer_type file - buffer_path %STATE_DIR_WS%/out_oms_api_kubeevents*.buffer + buffer_path %STATE_DIR_WS%/out_oms_kubeevents*.buffer buffer_queue_limit 10 buffer_queue_full_action drop_oldest_chunk flush_interval 20s retry_limit 10 retry_wait 30s - + max_retry_wait 9m + - + type out_oms_api log_level debug buffer_chunk_limit 10m @@ -91,10 +92,10 @@ data: flush_interval 20s retry_limit 10 retry_wait 30s - + - - type out_oms_api + + type out_oms log_level debug num_threads 5 buffer_chunk_limit 20m @@ -106,9 +107,9 @@ data: retry_limit 10 retry_wait 30s max_retry_wait 9m - + - + type out_oms log_level debug num_threads 5 @@ -121,9 +122,22 @@ data: retry_limit 10 retry_wait 30s max_retry_wait 9m - + + + + type out_oms_api + log_level debug + buffer_chunk_limit 20m + buffer_type file + buffer_path %STATE_DIR_WS%/out_oms_containernodeinventory*.buffer + buffer_queue_limit 20 + flush_interval 20s + retry_limit 10 + retry_wait 15s + max_retry_wait 9m + - + type out_oms log_level debug num_threads 5 @@ -136,7 +150,7 @@ data: retry_limit 10 retry_wait 30s max_retry_wait 9m - + metadata: name: omsagent-rs-config namespace: kube-system diff --git a/incubator/azuremonitor-containers/values.yaml b/incubator/azuremonitor-containers/values.yaml index 6cf3e4c253f0..d9ec92f9df97 100644 --- a/incubator/azuremonitor-containers/values.yaml +++ b/incubator/azuremonitor-containers/values.yaml @@ -6,10 +6,10 @@ ## ref: https://github.com/Microsoft/OMS-docker/tree/ci_feature_prod omsagent: image: - tag: "ciprod11292018" + tag: "ciprod01092019" pullPolicy: IfNotPresent - dockerProviderVersion: "3.0.0-2" - agentVersion: "1.6.0-163" + dockerProviderVersion: "3.0.0-3" + agentVersion: "1.8.1.256" ## To get your workspace id and key do the following ## You can create a Azure Loganalytics workspace from portal.azure.com and get its ID & PRIMARY KEY from 'Advanced Settings' tab in the Ux. From 51913b7d6c205905bae074717a46a1b6983f0f5b Mon Sep 17 00:00:00 2001 From: Naseem Date: Tue, 12 Feb 2019 20:11:30 -0500 Subject: [PATCH 0149/1586] Allow rbac to be namespaced (#11354) Signed-off-by: Naseem Ullah --- stable/ambassador/Chart.yaml | 2 +- stable/ambassador/README.md | 2 ++ stable/ambassador/templates/rbac.yaml | 12 ++++++++++++ stable/ambassador/values.yaml | 1 + 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/stable/ambassador/Chart.yaml b/stable/ambassador/Chart.yaml index 304c30428e8d..e35c8bc38bab 100644 --- a/stable/ambassador/Chart.yaml +++ b/stable/ambassador/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.50.1 description: A Helm chart for Datawire Ambassador name: ambassador -version: 1.0.0 +version: 1.1.0 home: https://www.getambassador.io/ sources: - https://github.com/datawire/ambassador diff --git a/stable/ambassador/README.md b/stable/ambassador/README.md index 524bfd440254..a4f188882eb0 100755 --- a/stable/ambassador/README.md +++ b/stable/ambassador/README.md @@ -62,6 +62,8 @@ The following tables lists the configurable parameters of the Ambassador chart a | `prometheusExporter.repository` | Prometheus exporter image | `prom/statsd-exporter` | | `prometheusExporter.tag` | Prometheus exporter image | `v0.8.1` | | `rbac.create` | If `true`, create and use RBAC resources | `true` | +| `rbac.namespaced` | If `true`, permissions are namespace-scoped rather than cluster-scoped | `false` | + | `replicaCount` | Number of Ambassador replicas | `1` | | `resources` | CPU/memory resource requests/limits | `{}` | | `securityContext` | Set security context for pod | `{ "runAsUser": "8888" }` | diff --git a/stable/ambassador/templates/rbac.yaml b/stable/ambassador/templates/rbac.yaml index 65f46137c167..4c306898543d 100644 --- a/stable/ambassador/templates/rbac.yaml +++ b/stable/ambassador/templates/rbac.yaml @@ -1,6 +1,10 @@ {{- if .Values.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- if .Values.rbac.namespaced }} +kind: Role +{{- else }} kind: ClusterRole +{{- end }} metadata: name: {{ include "ambassador.fullname" . }} labels: @@ -21,7 +25,11 @@ rules: verbs: ["create", "update", "patch", "get", "list", "watch"] --- apiVersion: rbac.authorization.k8s.io/v1beta1 +{{- if .Values.rbac.namespaced }} +kind: RoleBinding +{{- else }} kind: ClusterRoleBinding +{{- end }} metadata: name: {{ include "ambassador.fullname" . }} labels: @@ -31,7 +39,11 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} roleRef: apiGroup: rbac.authorization.k8s.io + {{- if .Values.rbac.namespaced }} + kind: Role + {{- else }} kind: ClusterRole + {{- end }} name: {{ include "ambassador.fullname" . }} subjects: - name: {{ include "ambassador.serviceAccountName" . }} diff --git a/stable/ambassador/values.yaml b/stable/ambassador/values.yaml index ed23a06f01e3..e9c1f1a1d82d 100644 --- a/stable/ambassador/values.yaml +++ b/stable/ambassador/values.yaml @@ -82,6 +82,7 @@ adminService: rbac: # Specifies whether RBAC resources should be created create: true + namespaced: false serviceAccount: # Specifies whether a service account should be created From fda1c7b21f16c88db160e2c5b19dedc007574569 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 13 Feb 2019 12:52:50 +0100 Subject: [PATCH 0150/1586] stable/joomla: update to 3.9.3 (#11374) Signed-off-by: Bitnami Containers --- stable/joomla/Chart.yaml | 4 ++-- stable/joomla/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/joomla/Chart.yaml b/stable/joomla/Chart.yaml index 9a5977c7ee76..2e0972376573 100644 --- a/stable/joomla/Chart.yaml +++ b/stable/joomla/Chart.yaml @@ -1,6 +1,6 @@ name: joomla -version: 4.0.3 -appVersion: 3.9.2 +version: 4.0.4 +appVersion: 3.9.3 description: PHP content management system (CMS) for publishing web content keywords: - joomla diff --git a/stable/joomla/values.yaml b/stable/joomla/values.yaml index ad4e9d8073a3..5756bcba5463 100644 --- a/stable/joomla/values.yaml +++ b/stable/joomla/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/joomla - tag: 3.9.2 + tag: 3.9.3 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From e8d9fbe30967fadda67466532a026aab55c27d57 Mon Sep 17 00:00:00 2001 From: Alexander Awitin Date: Wed, 13 Feb 2019 20:08:39 +0800 Subject: [PATCH 0151/1586] [stable/mongodb] Fix "Can't initialize iptables table 'nat': Permission denied (you must be root)" error when installed on an Istio-enabled cluster. (#11367) Only define the `securityContext.runAsUser` on the main container instead of defining it on the top level `spec` which results into injected containers by Istio inheriting this definition (i.e. istio-init). Related topic: https://github.com/istio/old_issues_repo/issues/316, https://github.com/helm/charts/pull/10682#issuecomment-455511703, https://github.com/helm/charts/pull/11226#issuecomment-462175101 Signed-off-by: Alexander Awitin --- stable/mongodb/Chart.yaml | 2 +- stable/mongodb/templates/deployment-standalone.yaml | 6 +++++- stable/mongodb/templates/statefulset-arbiter-rs.yaml | 6 +++++- stable/mongodb/templates/statefulset-primary-rs.yaml | 6 +++++- stable/mongodb/templates/statefulset-secondary-rs.yaml | 6 +++++- 5 files changed, 21 insertions(+), 5 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index 760f5ec1d4c3..7c4959385f17 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,5 +1,5 @@ name: mongodb -version: 5.3.3 +version: 5.3.4 appVersion: 4.0.6 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: diff --git a/stable/mongodb/templates/deployment-standalone.yaml b/stable/mongodb/templates/deployment-standalone.yaml index df4e41206721..e221f11717e0 100644 --- a/stable/mongodb/templates/deployment-standalone.yaml +++ b/stable/mongodb/templates/deployment-standalone.yaml @@ -38,7 +38,6 @@ spec: {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} {{- if .Values.affinity }} affinity: @@ -62,6 +61,11 @@ spec: - name: {{ template "mongodb.fullname" . }} image: {{ template "mongodb.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: true + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} env: {{- if .Values.image.debug}} - name: NAMI_DEBUG diff --git a/stable/mongodb/templates/statefulset-arbiter-rs.yaml b/stable/mongodb/templates/statefulset-arbiter-rs.yaml index ac4cc5f47af9..ac388d06f3c5 100644 --- a/stable/mongodb/templates/statefulset-arbiter-rs.yaml +++ b/stable/mongodb/templates/statefulset-arbiter-rs.yaml @@ -37,7 +37,6 @@ spec: {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} {{- if .Values.affinity }} affinity: @@ -61,6 +60,11 @@ spec: - name: {{ template "mongodb.name" . }}-arbiter image: {{ template "mongodb.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: true + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} ports: - containerPort: {{ .Values.service.port }} name: mongodb diff --git a/stable/mongodb/templates/statefulset-primary-rs.yaml b/stable/mongodb/templates/statefulset-primary-rs.yaml index c24774c18f06..ad74455868dc 100644 --- a/stable/mongodb/templates/statefulset-primary-rs.yaml +++ b/stable/mongodb/templates/statefulset-primary-rs.yaml @@ -42,7 +42,6 @@ spec: {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} {{- if .Values.affinity }} affinity: @@ -66,6 +65,11 @@ spec: - name: {{ template "mongodb.name" . }}-primary image: {{ template "mongodb.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: true + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} ports: - containerPort: {{ .Values.service.port }} name: mongodb diff --git a/stable/mongodb/templates/statefulset-secondary-rs.yaml b/stable/mongodb/templates/statefulset-secondary-rs.yaml index 1220c4c5402b..69910ab3302c 100644 --- a/stable/mongodb/templates/statefulset-secondary-rs.yaml +++ b/stable/mongodb/templates/statefulset-secondary-rs.yaml @@ -43,7 +43,6 @@ spec: {{- if .Values.securityContext.enabled }} securityContext: fsGroup: {{ .Values.securityContext.fsGroup }} - runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} {{- if .Values.affinity }} affinity: @@ -67,6 +66,11 @@ spec: - name: {{ template "mongodb.name" . }}-secondary image: {{ template "mongodb.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.securityContext.enabled }} + securityContext: + runAsNonRoot: true + runAsUser: {{ .Values.securityContext.runAsUser }} + {{- end }} ports: - containerPort: {{ .Values.service.port }} name: mongodb From 4768b45c7e206e91b28b2b10bfdd43250df1636b Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 13 Feb 2019 13:18:33 +0100 Subject: [PATCH 0152/1586] stable/ghost: update to 2.14.1 (#11376) Signed-off-by: Bitnami Containers --- stable/ghost/Chart.yaml | 4 ++-- stable/ghost/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index e37da27183a2..7882006e64d7 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,6 +1,6 @@ name: ghost -version: 6.3.8 -appVersion: 2.14.0 +version: 6.3.9 +appVersion: 2.14.1 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: - ghost diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index 101569500853..e7cd8aa56ed3 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/ghost - tag: 2.14.0 + tag: 2.14.1 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 18f8e5db57bb31cba2251f1f5c2ce947f38f406e Mon Sep 17 00:00:00 2001 From: Steffen Windoffer Date: Wed, 13 Feb 2019 14:05:44 +0100 Subject: [PATCH 0153/1586] Fixing typos in selenium readme and templates (#10059) Signed-off-by: Steffen Windoffer --- stable/selenium/Chart.yaml | 2 +- stable/selenium/README.md | 4 ++-- stable/selenium/templates/hub-deployment.yaml | 4 ++-- stable/selenium/values.yaml | 4 ++-- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stable/selenium/Chart.yaml b/stable/selenium/Chart.yaml index 5e9cf41663ac..cfeefe33cbc2 100644 --- a/stable/selenium/Chart.yaml +++ b/stable/selenium/Chart.yaml @@ -1,5 +1,5 @@ name: selenium -version: 1.0.0 +version: 1.0.1 appVersion: 3.14.0 description: Chart for selenium grid keywords: diff --git a/stable/selenium/README.md b/stable/selenium/README.md index 723a51aaebfb..be4b72face0b 100644 --- a/stable/selenium/README.md +++ b/stable/selenium/README.md @@ -66,7 +66,7 @@ The following table lists the configurable parameters of the Selenium chart and | `hub.gridTimeout` | | `nil` | | `hub.gridBrowserTimeout` | | `nil` | | `hub.gridMaxSession` | | `nil` | -| `hub.gridUnregisterIfStillDownAfer` | | `nil` | +| `hub.gridUnregisterIfStillDownAfter` | | `nil` | | `hub.seOpts` | Command line arguments to pass to hub | `nil` | | `hub.timeZone` | The time zone for the container | `nil` | | `hub.nodeselector` | Node label to use for scheduling of the hub if set this takes precedence over the global value | `nil` | @@ -154,7 +154,7 @@ The following table lists the configurable parameters of the Selenium chart and | `firefoxDebug.image` | The selenium node firefox debug image | `selenium/node-firefox-debug` | | `firefoxDebug.tag` | The selenium node firefox debug tag | `3.14.0` | | `firefoxDebug.pullPolicy` | The selenium node firefox debug pull policy | `IfNotPresent` | -| `firefoxDebug.replicas` | The numer of selenium node firefox debug pods | `1` | +| `firefoxDebug.replicas` | The number of selenium node firefox debug pods | `1` | | `firefoxDebug.podAnnotations` | Annotations on the firefox debug pods | `{}` | | `firefoxDebug.javaOpts` | The java options for a selenium node firefox debug JVM, default sets the max heap size to 900 mb | `-Xmx900m` | | `firefoxDebug.resources` | The resources for the selenium node firefox debug container, defaults to minimum half a cpu and maximum 1,000 mb | `{"limits":{"cpu":".5", "memory":"1000Mi"}}` | diff --git a/stable/selenium/templates/hub-deployment.yaml b/stable/selenium/templates/hub-deployment.yaml index 70e343d98e52..14f423d73457 100644 --- a/stable/selenium/templates/hub-deployment.yaml +++ b/stable/selenium/templates/hub-deployment.yaml @@ -76,9 +76,9 @@ spec: - name: GRID_MAX_SESSION value: {{ .Values.hub.gridMaxSession | quote }} {{- end }} - {{- if .Values.hub.gridUnregisterIfStillDownAfer }} + {{- if .Values.hub.gridUnregisterIfStillDownAfter }} - name: GRID_UNREGISTER_IF_STILL_DOWN_AFTER - value: {{ .Values.hub.gridUnregisterIfStillDownAfer | quote }} + value: {{ .Values.hub.gridUnregisterIfStillDownAfter | quote }} {{- end }} {{- if .Values.hub.timeZone }} - name: TZ diff --git a/stable/selenium/values.yaml b/stable/selenium/values.yaml index 0219fefbb072..047d3c12a7fe 100644 --- a/stable/selenium/values.yaml +++ b/stable/selenium/values.yaml @@ -1,7 +1,7 @@ global: ## NodeSelector to be used in every deployment ## hub, chrome, firefox, chromeDebug and firefoxDebug - ## can also be spceifed at chart level see below + ## can also be specified at chart level see below nodeSelector: # label: value ## Configure HostAliases @@ -102,7 +102,7 @@ hub: # gridBrowserTimeout: 0 # gridMaxSession: 5 ## In milliseconds - # gridUnregisterIfStillDownAfer: 30000 + # gridUnregisterIfStillDownAfter: 30000 # timeZone: UTC ## NodeSelector to be used for the hub From 05132701cf18e68013828395162174c887dce015 Mon Sep 17 00:00:00 2001 From: Tim Gatzemeier Date: Wed, 13 Feb 2019 16:20:39 +0100 Subject: [PATCH 0154/1586] [stable/atlantis] fix naming for secret ref (#11379) * fix naming for secret ref the secret will be named according to the `.fullName`. Currently the pod cant start with the error "secrets-webhook" not found. It must be "my-full-atlantis-name-webhook" Signed-off-by: Tim Gatzemeier * update chart version for atlantis to 1.1.5 Signed-off-by: Tim Gatzemeier --- stable/atlantis/Chart.yaml | 2 +- stable/atlantis/templates/statefulset.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/atlantis/Chart.yaml b/stable/atlantis/Chart.yaml index 7e017c09e381..76502932c7eb 100644 --- a/stable/atlantis/Chart.yaml +++ b/stable/atlantis/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "v0.4.11" description: A Helm chart for Atlantis https://www.runatlantis.io name: atlantis -version: 1.1.4 +version: 1.1.5 keywords: - terraform home: https://www.runatlantis.io diff --git a/stable/atlantis/templates/statefulset.yaml b/stable/atlantis/templates/statefulset.yaml index ea6297d05be3..a5571ade5c1e 100644 --- a/stable/atlantis/templates/statefulset.yaml +++ b/stable/atlantis/templates/statefulset.yaml @@ -121,7 +121,7 @@ spec: - name: ATLANTIS_GITLAB_TOKEN valueFrom: secretKeyRef: - name: {{ template "atlantis.name" . }}-webhook + name: {{ template "atlantis.fullname" . }}-webhook key: gitlab_token - name: ATLANTIS_GITLAB_WEBHOOK_SECRET valueFrom: From 8f9c13292f39b1bc9aa8ce361afc68f512436192 Mon Sep 17 00:00:00 2001 From: Steven Wade Date: Wed, 13 Feb 2019 15:48:25 +0000 Subject: [PATCH 0155/1586] Add options for volumeMounts and volumes in the Metrics Server chart (#11383) * Added new values options to main README file. Signed-off-by: Steven Wade * Minor bump on metrics server chart version. Signed-off-by: Steven Wade * Removing too many blank lines in metrics server chart values.yaml Signed-off-by: Steven Wade * Adding back a newline to the metrics server chart value.yaml file. Signed-off-by: Steven Wade --- stable/metrics-server/Chart.yaml | 2 +- stable/metrics-server/README.md | 2 ++ .../templates/metrics-server-deployment.yaml | 8 ++++++++ stable/metrics-server/values.yaml | 10 ++++++++++ 4 files changed, 21 insertions(+), 1 deletion(-) diff --git a/stable/metrics-server/Chart.yaml b/stable/metrics-server/Chart.yaml index ef0b8f0777bf..a4816df2e7be 100755 --- a/stable/metrics-server/Chart.yaml +++ b/stable/metrics-server/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.3.1 description: Metrics Server is a cluster-wide aggregator of resource usage data. name: metrics-server -version: 2.3.0 +version: 2.4.0 keywords: - metrics-server home: https://github.com/kubernetes-incubator/metrics-server diff --git a/stable/metrics-server/README.md b/stable/metrics-server/README.md index d42607890661..0471a3deecc8 100644 --- a/stable/metrics-server/README.md +++ b/stable/metrics-server/README.md @@ -21,3 +21,5 @@ Parameter | Description | Default `nodeSelector` | Node labels for pod assignment | `{}` `affinity` | Node affinity | `{}` `replicas` | Number of replicas | `1` +`extraVolumeMounts` | Ability to provide volume mounts to the pod | `[]` +`extraVolumes` | Ability to provide volumes to the pod | `[]` diff --git a/stable/metrics-server/templates/metrics-server-deployment.yaml b/stable/metrics-server/templates/metrics-server-deployment.yaml index 65a6955ff2d9..62159c54079d 100644 --- a/stable/metrics-server/templates/metrics-server-deployment.yaml +++ b/stable/metrics-server/templates/metrics-server-deployment.yaml @@ -32,6 +32,10 @@ spec: {{- range .Values.args }} - {{ . | quote }} {{- end }} +{{- if .Values.extraVolumeMounts }} + volumeMounts: +{{ toYaml .Values.extraVolumeMounts | indent 12}} + {{- end }} {{- with .Values.resources }} resources: {{ toYaml . | indent 12 }} @@ -48,3 +52,7 @@ spec: tolerations: {{ toYaml . | indent 8 }} {{- end }} + {{- if .Values.extraVolumes }} + volumes: + {{ toYaml .Values.extraVolumes | indent 8}} + {{- end }} diff --git a/stable/metrics-server/values.yaml b/stable/metrics-server/values.yaml index 1b267fd43e38..5fc42aec92d6 100644 --- a/stable/metrics-server/values.yaml +++ b/stable/metrics-server/values.yaml @@ -45,3 +45,13 @@ tolerations: [] affinity: {} replicas: 1 + +extraVolumeMounts: [] +# - name: secrets +# mountPath: /etc/kubernetes/secrets +# readOnly: true + +extraVolumes: [] +# - name: secrets +# secret: +# secretName: kube-apiserver From db84d505f41e18c8714d3ff653d72815460e0b95 Mon Sep 17 00:00:00 2001 From: Chris Schaefer Date: Wed, 13 Feb 2019 11:15:11 -0500 Subject: [PATCH 0156/1586] [stable/spring-cloud-data-flow] Update to new SCDF version 1.7.3 (#11328) - update app version to 1.7.3 - update skipper version to 1.1.4 Signed-off-by: Chris Schaefer --- stable/spring-cloud-data-flow/Chart.yaml | 4 ++-- stable/spring-cloud-data-flow/README.md | 4 ++-- stable/spring-cloud-data-flow/values.yaml | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/spring-cloud-data-flow/Chart.yaml b/stable/spring-cloud-data-flow/Chart.yaml index 0ff5422e50d8..75df32d790b2 100644 --- a/stable/spring-cloud-data-flow/Chart.yaml +++ b/stable/spring-cloud-data-flow/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: Toolkit for building data processing pipelines. name: spring-cloud-data-flow -version: 1.0.2 -appVersion: 1.7.2.RELEASE +version: 1.0.3 +appVersion: 1.7.3.RELEASE home: http://cloud.spring.io/spring-cloud-dataflow/ sources: - https://github.com/spring-cloud/spring-cloud-dataflow diff --git a/stable/spring-cloud-data-flow/README.md b/stable/spring-cloud-data-flow/README.md index 944d9ddb7cfb..c2fe50c65ba6 100644 --- a/stable/spring-cloud-data-flow/README.md +++ b/stable/spring-cloud-data-flow/README.md @@ -64,7 +64,7 @@ The following tables list the configurable parameters and their default values. | Parameter | Description | Default | | --------------------------------- | -------------------------------------------------- | ---------------- | -| server.version | The version/tag of the Data Flow server | 1.7.2.RELEASE +| server.version | The version/tag of the Data Flow server | 1.7.3.RELEASE | server.imagePullPolicy | The imagePullPolicy of the Data Flow server | IfNotPresent | server.service.type | The service type for the Data Flow server | LoadBalancer | server.service.externalPort | The external port for the Data Flow server | 80 @@ -73,7 +73,7 @@ The following tables list the configurable parameters and their default values. | Parameter | Description | Default | | ---------------------------------- | ------------------------------------------------- | ---------------- | -| skipper.version | The version/tag of the Skipper server | 1.1.2.RELEASE +| skipper.version | The version/tag of the Skipper server | 1.1.4.RELEASE | skipper.imagePullPolicy | The imagePullPolicy of the Skipper server | IfNotPresent | skipper.platformName | The name of the configured platform account | minikube | skipper.service.type | The service type for the Skipper server | ClusterIP diff --git a/stable/spring-cloud-data-flow/values.yaml b/stable/spring-cloud-data-flow/values.yaml index d3a75ce4806a..75184ec64017 100644 --- a/stable/spring-cloud-data-flow/values.yaml +++ b/stable/spring-cloud-data-flow/values.yaml @@ -21,7 +21,7 @@ serviceAccount: server: image: springcloud/spring-cloud-dataflow-server-kubernetes - version: 1.7.2.RELEASE + version: 1.7.3.RELEASE imagePullPolicy: IfNotPresent service: type: LoadBalancer @@ -36,7 +36,7 @@ server: skipper: image: springcloud/spring-cloud-skipper-server - version: 1.1.2.RELEASE + version: 1.1.4.RELEASE imagePullPolicy: IfNotPresent platformName: minikube service: From f7478b45a01011dc0e295ed89db2b8491d1edb9f Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 13 Feb 2019 23:34:36 +0100 Subject: [PATCH 0157/1586] stable/ghost: update to 2.14.2 (#11393) Signed-off-by: Bitnami Containers --- stable/ghost/Chart.yaml | 4 ++-- stable/ghost/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index 7882006e64d7..a812bff9ac8e 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,6 +1,6 @@ name: ghost -version: 6.3.9 -appVersion: 2.14.1 +version: 6.3.10 +appVersion: 2.14.2 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: - ghost diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index e7cd8aa56ed3..30bdb19a295f 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/ghost - tag: 2.14.1 + tag: 2.14.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 3fef4ae727aca14888c5bac42a2b10baec5fbf34 Mon Sep 17 00:00:00 2001 From: Tariq Ibrahim Date: Wed, 13 Feb 2019 19:18:29 -0800 Subject: [PATCH 0158/1586] update kube-state-metrics chart to support kube-state-metrics 1.5.0 (#11316) Signed-off-by: tariqibrahim --- stable/kube-state-metrics/Chart.yaml | 4 ++-- stable/kube-state-metrics/README.md | 1 + stable/kube-state-metrics/templates/clusterrole.yaml | 10 ++++++++-- stable/kube-state-metrics/templates/deployment.yaml | 3 +++ stable/kube-state-metrics/values.yaml | 5 +++-- 5 files changed, 17 insertions(+), 6 deletions(-) diff --git a/stable/kube-state-metrics/Chart.yaml b/stable/kube-state-metrics/Chart.yaml index 0588e2912888..2f02d4aa0a42 100644 --- a/stable/kube-state-metrics/Chart.yaml +++ b/stable/kube-state-metrics/Chart.yaml @@ -5,8 +5,8 @@ keywords: - metric - monitoring - prometheus -version: 0.13.1 -appVersion: 1.4.0 +version: 0.14.0 +appVersion: 1.5.0 home: https://github.com/kubernetes/kube-state-metrics/ sources: - https://github.com/kubernetes/kube-state-metrics/ diff --git a/stable/kube-state-metrics/README.md b/stable/kube-state-metrics/README.md index d751dc46c1ea..826e113a5778 100644 --- a/stable/kube-state-metrics/README.md +++ b/stable/kube-state-metrics/README.md @@ -43,6 +43,7 @@ $ helm install stable/kube-state-metrics | `collectors.nodes` | Enable the nodes collector. | true | | `collectors.persistentvolumeclaims` | Enable the persistentvolumeclaims collector. | true | | `collectors.persistentvolumes` | Enable the persistentvolumes collector. | true | +| `collectors.poddisruptionbudgets` | Enable the poddisruptionbudgets collector. | true | `collectors.pods` | Enable the pods collector. | true | | `collectors.replicasets` | Enable the replicasets collector. | true | | `collectors.replicationcontrollers` | Enable the replicationcontrollers collector. | true | diff --git a/stable/kube-state-metrics/templates/clusterrole.yaml b/stable/kube-state-metrics/templates/clusterrole.yaml index 756a06ad30cb..803b73b00d59 100644 --- a/stable/kube-state-metrics/templates/clusterrole.yaml +++ b/stable/kube-state-metrics/templates/clusterrole.yaml @@ -74,13 +74,19 @@ rules: resources: - persistentvolumeclaims verbs: ["list", "watch"] -{{ end }} +{{ end -}} {{ if .Values.collectors.persistentvolumes }} - apiGroups: [""] resources: - persistentvolumes verbs: ["list", "watch"] -{{ end }} +{{ end -}} +{{ if .Values.collectors.poddisruptionbudgets }} +- apiGroups: ["policy"] + resources: + - poddisruptionbudgets + verbs: ["list", "watch"] +{{ end -}} {{ if .Values.collectors.pods }} - apiGroups: [""] resources: diff --git a/stable/kube-state-metrics/templates/deployment.yaml b/stable/kube-state-metrics/templates/deployment.yaml index 9fd2878e7b53..e760aeb3bf81 100644 --- a/stable/kube-state-metrics/templates/deployment.yaml +++ b/stable/kube-state-metrics/templates/deployment.yaml @@ -67,6 +67,9 @@ spec: {{ if .Values.collectors.persistentvolumes }} - --collectors=persistentvolumes {{ end }} +{{ if .Values.collectors.poddisruptionbudgets }} + - --collectors=poddisruptionbudgets +{{ end }} {{ if .Values.collectors.pods }} - --collectors=pods {{ end }} diff --git a/stable/kube-state-metrics/values.yaml b/stable/kube-state-metrics/values.yaml index 7d6448501ca0..48ae8ac4f438 100644 --- a/stable/kube-state-metrics/values.yaml +++ b/stable/kube-state-metrics/values.yaml @@ -1,8 +1,8 @@ # Default values for kube-state-metrics. prometheusScrape: true image: - repository: quay.io/coreos/kube-state-metrics - tag: v1.4.0 + repository: k8s.gcr.io/kube-state-metrics + tag: v1.5.0 pullPolicy: IfNotPresent service: port: 8080 @@ -66,6 +66,7 @@ collectors: nodes: true persistentvolumeclaims: true persistentvolumes: true + poddisruptionbudgets: true pods: true replicasets: true replicationcontrollers: true From 9874c2106664c79c763a08b30b2660fea4105eda Mon Sep 17 00:00:00 2001 From: Sidhartha Mani Date: Wed, 13 Feb 2019 21:43:05 -0800 Subject: [PATCH 0159/1586] [stable/minio] Update minio version and bugfixes (#11400) * update minio fullname with releaseName to prevent collision in naming Signed-off-by: merlin * [stable/minio] update minio,mc version; fix output message and fullname computation Signed-off-by: wlan0 --- stable/minio/Chart.yaml | 4 ++-- stable/minio/README.md | 4 ++-- stable/minio/templates/NOTES.txt | 2 +- stable/minio/templates/_helpers.tpl | 2 +- stable/minio/values.yaml | 4 ++-- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/stable/minio/Chart.yaml b/stable/minio/Chart.yaml index 0953ed2a29bc..7deb5e0eef16 100755 --- a/stable/minio/Chart.yaml +++ b/stable/minio/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: Minio is a high performance distributed object storage server, designed for large-scale private cloud infrastructure. name: minio -version: 2.4.2 -appVersion: RELEASE.2019-01-16T21-44-08Z +version: 2.4.3 +appVersion: RELEASE.2019-02-12T21-58-47Z keywords: - storage - object-storage diff --git a/stable/minio/README.md b/stable/minio/README.md index 3b44b37e7653..feb3452078ae 100755 --- a/stable/minio/README.md +++ b/stable/minio/README.md @@ -93,10 +93,10 @@ The following table lists the configurable parameters of the Minio chart and the | Parameter | Description | Default | |----------------------------|-------------------------------------|---------------------------------------------------------| | `image.repository` | Image repository | `minio/minio` | -| `image.tag` | Minio image tag. Possible values listed [here](https://hub.docker.com/r/minio/minio/tags/).| `RELEASE.2019-01-16T21-44-08Z`| +| `image.tag` | Minio image tag. Possible values listed [here](https://hub.docker.com/r/minio/minio/tags/).| `RELEASE.2019-02-12T21-58-47Z`| | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `mcImage.repository` | Client image repository | `minio/mc` | -| `mcImage.tag` | mc image tag. Possible values listed [here](https://hub.docker.com/r/minio/mc/tags/).| `RELEASE.2019-01-10T00-38-22Z`| +| `mcImage.tag` | mc image tag. Possible values listed [here](https://hub.docker.com/r/minio/mc/tags/).| `RELEASE.2019-02-13T19-48-27Z`| | `mcImage.pullPolicy` | mc Image pull policy | `IfNotPresent` | | `ingress.enabled` | Enables Ingress | `false` | | `ingress.annotations` | Ingress annotations | `{}` | diff --git a/stable/minio/templates/NOTES.txt b/stable/minio/templates/NOTES.txt index a54431c28242..b690f5028cf4 100644 --- a/stable/minio/templates/NOTES.txt +++ b/stable/minio/templates/NOTES.txt @@ -4,7 +4,7 @@ Minio can be accessed via port {{ .Values.service.port }} on the following DNS n To access Minio from localhost, run the below commands: - 1. export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ template "minio.fullname" . }}" -o jsonpath="{.items[0].metadata.name}") + 1. export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") 2. kubectl port-forward $POD_NAME 9000 --namespace {{ .Release.Namespace }} diff --git a/stable/minio/templates/_helpers.tpl b/stable/minio/templates/_helpers.tpl index e928bf63f02a..c8fe9ba7aa05 100644 --- a/stable/minio/templates/_helpers.tpl +++ b/stable/minio/templates/_helpers.tpl @@ -19,7 +19,7 @@ If release name contains chart name it will be used as a full name. {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} {{- else -}} -{{- printf "%s" .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} {{- end -}} diff --git a/stable/minio/values.yaml b/stable/minio/values.yaml index 377689557321..7bdfb8d74ae5 100755 --- a/stable/minio/values.yaml +++ b/stable/minio/values.yaml @@ -6,7 +6,7 @@ clusterDomain: cluster.local ## image: repository: minio/minio - tag: RELEASE.2019-01-16T21-44-08Z + tag: RELEASE.2019-02-12T21-58-47Z pullPolicy: IfNotPresent ## Set default image, imageTag, and imagePullPolicy for the `mc` (the minio @@ -14,7 +14,7 @@ image: ## mcImage: repository: minio/mc - tag: RELEASE.2019-01-10T00-38-22Z + tag: RELEASE.2019-02-13T19-48-27Z pullPolicy: IfNotPresent ## minio server mode, i.e. standalone or distributed. From 9f83b0eceabeb5869602fbe2e370c0c860d9a7ad Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Thu, 14 Feb 2019 09:21:11 +0100 Subject: [PATCH 0160/1586] stable/phabricator: update to 2019.6.0 (#11387) Signed-off-by: Bitnami Containers --- stable/phabricator/Chart.yaml | 4 ++-- stable/phabricator/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/phabricator/Chart.yaml b/stable/phabricator/Chart.yaml index 77b2cc590a52..a2df8dea1085 100644 --- a/stable/phabricator/Chart.yaml +++ b/stable/phabricator/Chart.yaml @@ -1,6 +1,6 @@ name: phabricator -version: 4.0.11 -appVersion: 2019.5.0 +version: 4.0.12 +appVersion: 2019.6.0 description: Collection of open source web applications that help software companies build better software. keywords: - phabricator diff --git a/stable/phabricator/values.yaml b/stable/phabricator/values.yaml index ee3b09b3f4f7..1b8369aab0b1 100644 --- a/stable/phabricator/values.yaml +++ b/stable/phabricator/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/phabricator - tag: 2019.5.0 + tag: 2019.6.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 520c9d43f6b3aeaf591fd48661d4d6e7f78f5f7f Mon Sep 17 00:00:00 2001 From: vduta Date: Thu, 14 Feb 2019 11:30:33 +0100 Subject: [PATCH 0161/1586] Point the k8s-sidecar image back to the original repo and bump the version (#11409) Signed-off-by: vduta --- stable/grafana/Chart.yaml | 2 +- stable/grafana/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index cc1707d91606..353494aa9c4a 100755 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 2.0.0 +version: 2.0.1 appVersion: 5.4.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/values.yaml b/stable/grafana/values.yaml index eb9738858cb1..b39f69012fc5 100644 --- a/stable/grafana/values.yaml +++ b/stable/grafana/values.yaml @@ -292,7 +292,7 @@ smtp: ## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards sidecar: - image: xuxinkun/k8s-sidecar:0.0.7 + image: kiwigrid/k8s-sidecar:0.0.10 imagePullPolicy: IfNotPresent resources: # limits: From 3ab100a340aff16e995853660ab1f2e1ced3e701 Mon Sep 17 00:00:00 2001 From: chrisob Date: Thu, 14 Feb 2019 14:29:35 +0100 Subject: [PATCH 0162/1586] Separate ClusterRole rules in external-dns RBAC (#11129) * Separate Istio CRD rules in external-dns RBAC Signed-off-by: Chris O'Brien * Separate ingress rule resource to extensions apiGroup in external-dns RBAC Signed-off-by: Chris O'Brien * Bump external-dns chart version Signed-off-by: Chris O'Brien --- stable/external-dns/Chart.yaml | 4 ++-- stable/external-dns/templates/clusterrole.yaml | 18 +++++++++++++++--- 2 files changed, 17 insertions(+), 5 deletions(-) diff --git a/stable/external-dns/Chart.yaml b/stable/external-dns/Chart.yaml index d5bc32a635d1..8bffb85df304 100644 --- a/stable/external-dns/Chart.yaml +++ b/stable/external-dns/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v1 -description: +description: | Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services name: external-dns -version: 1.6.0 +version: 1.6.1 appVersion: 0.5.9 home: https://github.com/kubernetes-incubator/external-dns sources: diff --git a/stable/external-dns/templates/clusterrole.yaml b/stable/external-dns/templates/clusterrole.yaml index b0b96511fed6..8ef1346cc12e 100644 --- a/stable/external-dns/templates/clusterrole.yaml +++ b/stable/external-dns/templates/clusterrole.yaml @@ -8,13 +8,25 @@ metadata: rules: - apiGroups: - "" - - extensions - - networking.istio.io resources: - - ingresses - services - pods - nodes + verbs: + - get + - list + - watch + - apiGroups: + - extensions + resources: + - ingresses + verbs: + - get + - list + - watch + - apiGroups: + - networking.istio.io + resources: - gateways verbs: - get From f07767197975f0f7f46ac05b8e6cb2de654bfed4 Mon Sep 17 00:00:00 2001 From: JF Joly Date: Thu, 14 Feb 2019 14:40:14 +0100 Subject: [PATCH 0163/1586] [newrelic-infra] Add cluster name custom attribute (#11053) * [newrelic-infra] Add cluster name custom attribute Signed-off-by: JF Joly * [newrelic-infra] Increment chart version number Signed-off-by: JF Joly * Move custom attributes to values.yaml Signed-off-by: JF Joly * Updating quotes for the custom attribute value Signed-off-by: JF Joly --- stable/newrelic-infrastructure/Chart.yaml | 2 +- stable/newrelic-infrastructure/templates/daemonset.yaml | 2 ++ stable/newrelic-infrastructure/values.yaml | 3 +++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/stable/newrelic-infrastructure/Chart.yaml b/stable/newrelic-infrastructure/Chart.yaml index b67073a46fd1..d9bccbc3de0e 100644 --- a/stable/newrelic-infrastructure/Chart.yaml +++ b/stable/newrelic-infrastructure/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart to deploy the New Relic Infrastructure Agent as a DaemonSet name: newrelic-infrastructure -version: 0.7.0 +version: 0.8.0 appVersion: 1.3.1 home: https://hub.docker.com/r/newrelic/infrastructure/ source: diff --git a/stable/newrelic-infrastructure/templates/daemonset.yaml b/stable/newrelic-infrastructure/templates/daemonset.yaml index f170c2756b10..082bbc491c16 100644 --- a/stable/newrelic-infrastructure/templates/daemonset.yaml +++ b/stable/newrelic-infrastructure/templates/daemonset.yaml @@ -57,6 +57,8 @@ spec: fieldRef: apiVersion: "v1" fieldPath: "spec.nodeName" + - name: "NRIA_CUSTOM_ATTRIBUTES" + value: {{ .Values.customAttribues }} - name: "NRIA_PASSTHROUGH_ENVIRONMENT" value: "KUBERNETES_SERVICE_HOST,KUBERNETES_SERVICE_PORT,CLUSTER_NAME,CADVISOR_PORT,NRK8S_NODE_NAME,KUBE_STATE_METRICS_URL,TIMEOUT" {{- if .Values.verboseLog }} diff --git a/stable/newrelic-infrastructure/values.yaml b/stable/newrelic-infrastructure/values.yaml index 9a5db40d0174..f1cfabd1bb5a 100644 --- a/stable/newrelic-infrastructure/values.yaml +++ b/stable/newrelic-infrastructure/values.yaml @@ -89,3 +89,6 @@ nodeSelector: {} tolerations: [] updateStrategy: RollingUpdate + +# Custom attributes to be passed to the New Relic agent +customAttribues: "'{\"clusterName\":\"$(CLUSTER_NAME)\"}'" From 07fc9dbdef1d658eec3cad50de718662381dfe9c Mon Sep 17 00:00:00 2001 From: Tom Jennings Date: Thu, 14 Feb 2019 13:50:44 +0000 Subject: [PATCH 0164/1586] Updating Jenkins deployment fails appears rollingUpdate needs to be (#11166) * Updating Jenkins deployment fails appears rollingUpdate needs to be explicitly set to nil (blank). Similar issue https://github.com/rancher/rancher/issues/13584 Signed-off-by: Tom Jennings * Fix for both scenarios Signed-off-by: Tom Jennings --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/templates/jenkins-master-deployment.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index 1f56ea9ddc23..713f2462fc10 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.32.0 +version: 0.32.1 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/templates/jenkins-master-deployment.yaml b/stable/jenkins/templates/jenkins-master-deployment.yaml index 2a976568b4f7..a5bfa72adf8d 100644 --- a/stable/jenkins/templates/jenkins-master-deployment.yaml +++ b/stable/jenkins/templates/jenkins-master-deployment.yaml @@ -18,6 +18,7 @@ spec: replicas: 1 strategy: type: {{ if .Values.Persistence.Enabled }}Recreate{{ else }}RollingUpdate{{ end }} + rollingUpdate: {{ if .Values.Persistence.Enabled }}{{ else }}true{{ end }} selector: matchLabels: component: "{{ .Release.Name }}-{{ .Values.Master.Component }}" From 2f85a9663ce1747d3444ba373fdac6c9480f2aab Mon Sep 17 00:00:00 2001 From: micw Date: Thu, 14 Feb 2019 15:08:03 +0100 Subject: [PATCH 0165/1586] Option to expose the slave listener port as host port (#11187) Signed-off-by: Michael Wyraz --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/README.md | 1 + stable/jenkins/templates/jenkins-master-deployment.yaml | 3 +++ stable/jenkins/values.yaml | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index 713f2462fc10..77fc8a77f87b 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.32.1 +version: 0.32.2 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index dbb4afef0b1b..a9e1dcc63d1e 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -61,6 +61,7 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.HealthProbeReadinessPeriodSeconds` | Set how often (in seconds) to perform the liveness probe | `10` | | `Master.HealthProbeLivenessFailureThreshold` | Set the failure threshold for the liveness probe | `12` | | `Master.SlaveListenerPort` | Listening port for agents | `50000` | +| `Master.SlaveHostPort` | Host port to listen for agents | Not set | | `Master.DisabledAgentProtocols` | Disabled agent protocols | `JNLP-connect JNLP2-connect` | | `Master.CSRF.DefaultCrumbIssuer.Enabled` | Enable the default CSRF Crumb issuer | `true` | | `Master.CSRF.DefaultCrumbIssuer.ProxyCompatability` | Enable proxy compatibility | `true` | diff --git a/stable/jenkins/templates/jenkins-master-deployment.yaml b/stable/jenkins/templates/jenkins-master-deployment.yaml index a5bfa72adf8d..fe0b8f975a1b 100644 --- a/stable/jenkins/templates/jenkins-master-deployment.yaml +++ b/stable/jenkins/templates/jenkins-master-deployment.yaml @@ -219,6 +219,9 @@ spec: name: http - containerPort: {{ .Values.Master.SlaveListenerPort }} name: slavelistener + {{- if .Values.Master.SlaveHostPort }} + hostPort: {{ .Values.Master.SlaveHostPort }} + {{- end }} {{- if .Values.Master.JMXPort }} - containerPort: {{ .Values.Master.JMXPort }} name: jmx diff --git a/stable/jenkins/values.yaml b/stable/jenkins/values.yaml index 287841ea8d1b..187d27451d26 100644 --- a/stable/jenkins/values.yaml +++ b/stable/jenkins/values.yaml @@ -89,6 +89,7 @@ Master: HealthProbeReadinessPeriodSeconds: 10 HealthProbeLivenessFailureThreshold: 12 SlaveListenerPort: 50000 +# SlaveHostPort: 50000 DisabledAgentProtocols: - JNLP-connect - JNLP2-connect From 49cb72055d5fa0860ce2421ca176ec8b74b67049 Mon Sep 17 00:00:00 2001 From: skalp Date: Thu, 14 Feb 2019 15:27:33 +0100 Subject: [PATCH 0166/1586] [stable/jenkins]: #10131 (#11411) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Pascal Le Métayer --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/README.md | 7 +++++++ stable/jenkins/templates/config.yaml | 14 +++++++++----- stable/jenkins/values.yaml | 12 ++++++++++++ 4 files changed, 29 insertions(+), 6 deletions(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index 77fc8a77f87b..c0fea54e68ce 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.32.2 +version: 0.32.3 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index a9e1dcc63d1e..4086c3bbbaf8 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -114,6 +114,13 @@ Some third-party systems, e.g. GitHub, use HTML-formatted data in their payload | `Agent.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 200m, memory: 256Mi}, limits: {cpu: 200m, memory: 256Mi}}`| | `Agent.volumes` | Additional volumes | `nil` | | `Agent.envVars | Environment variables for the slave Pod | Not set | +| `Agent.Command | Executed command when side container starts | Not set | +| `Agent.Args | Arguments passed to executed command | Not set | +| `Agent.SideContainerName | Side container name in agent | jnlp | +| `Agent.TTYEnabled | Allocate pseudo tty to the side container | false | +| `Agent.ContainerCap | Maximum number of agent | 10 | +| `Agent.PodName | slave Pod base name | Not set | + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/stable/jenkins/templates/config.yaml b/stable/jenkins/templates/config.yaml index 0be426866ada..1c4f2ce71ee8 100644 --- a/stable/jenkins/templates/config.yaml +++ b/stable/jenkins/templates/config.yaml @@ -46,7 +46,7 @@ data: {{- if .Values.Agent.Enabled }} - default + {{ .Values.Agent.PodName }} 2147483647 0 @@ -69,7 +69,7 @@ data: - jnlp + {{ .Values.Agent.SideContainerName }} {{ .Values.Agent.Image }}:{{ .Values.Agent.ImageTag }} {{- if .Values.Agent.Privileged }} true @@ -78,9 +78,13 @@ data: {{- end }} {{ .Values.Agent.AlwaysPullImage }} /home/jenkins - + {{ .Values.Agent.Command }} +{{- if .Values.Agent.Args }} + {{ .Values.Agent.Args }} +{{- else }} ${computer.jnlpmac} ${computer.name} - false +{{- end }} + {{ .Values.Agent.TTYEnabled }} # Resources configuration is a little hacky. This was to prevent breaking # changes, and should be cleanned up in the future once everybody had # enough time to migrate. @@ -133,7 +137,7 @@ data: http://{{ template "jenkins.fullname" . }}:{{.Values.Master.ServicePort}}{{ default "" .Values.Master.JenkinsUriPrefix }} {{ template "jenkins.fullname" . }}-agent:{{ .Values.Master.SlaveListenerPort }} {{- end }} - 10 + {{ .Values.Agent.ContainerCap }} 5 0 0 diff --git a/stable/jenkins/values.yaml b/stable/jenkins/values.yaml index 187d27451d26..c5b537a94881 100644 --- a/stable/jenkins/values.yaml +++ b/stable/jenkins/values.yaml @@ -291,6 +291,18 @@ Agent: # Key Value selectors. Ex: # jenkins-agent: v1 + # Executed command when side container gets started + Command: + Args: + # Side container name + SideContainerName: jnlp + # Doesn't allocate pseudo TTY by default + TTYEnabled: false + # Max number of spawned agent + ContainerCap: 10 + # Pod name + PodName: default + Persistence: Enabled: true ## A manually managed Persistent Volume and Claim From 1680784e602d95af05de6b4bcb87bef5ece19128 Mon Sep 17 00:00:00 2001 From: Jannis Oeltjen Date: Thu, 14 Feb 2019 15:38:30 +0100 Subject: [PATCH 0167/1586] [stable/sonarqube] bump version to 7.6 (#11384) * [stable/sonarqube] bump version to 7.6 Signed-off-by: Jannis Oeltjen * [stable/sonarqube] bump version in readme Signed-off-by: Jannis Oeltjen --- stable/sonarqube/Chart.yaml | 4 ++-- stable/sonarqube/README.md | 2 +- stable/sonarqube/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/sonarqube/Chart.yaml b/stable/sonarqube/Chart.yaml index 4b5f7758c688..34ec7181398c 100644 --- a/stable/sonarqube/Chart.yaml +++ b/stable/sonarqube/Chart.yaml @@ -1,7 +1,7 @@ name: sonarqube description: Sonarqube is an open sourced code quality scanning tool -version: 0.13.4 -appVersion: 7.4 +version: 0.13.5 +appVersion: 7.6 keywords: - coverage - security diff --git a/stable/sonarqube/README.md b/stable/sonarqube/README.md index 88f46680a426..eed19ad192c0 100644 --- a/stable/sonarqube/README.md +++ b/stable/sonarqube/README.md @@ -40,7 +40,7 @@ The following table lists the configurable parameters of the Sonarqube chart and | Parameter | Description | Default | | ------------------------------------------ | ---------------------------------------- | -------------------------------------------| | `image.repository` | image repository | `sonarqube` | -| `image.tag` | `sonarqube` image tag. | 6.5 | +| `image.tag` | `sonarqube` image tag. | `7.6-community` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.pullSecret` | imagePullSecret to use for private repository | | | `command` | command to run in the container | `nil` (need to be set prior to 6.7.6, and 7.4) | diff --git a/stable/sonarqube/values.yaml b/stable/sonarqube/values.yaml index 6b9c76700790..c3415bef7b8c 100755 --- a/stable/sonarqube/values.yaml +++ b/stable/sonarqube/values.yaml @@ -4,7 +4,7 @@ replicaCount: 1 image: repository: sonarqube - tag: 7.4-community + tag: 7.6-community # If using a private repository, the name of the imagePullSecret to use # pullSecret: my-repo-secret From 362b4cef830047012bc8798094290b6dcda75f81 Mon Sep 17 00:00:00 2001 From: Torsten Walter Date: Thu, 14 Feb 2019 15:55:59 +0100 Subject: [PATCH 0168/1586] fix incorrect Deployment when using sidecars (#11413) - moved Master.Sidecars.other to correct location - added documentation for Master.JCasC.enabled - made 'jenkins' the primary container again - bumped chart version - replaced tabs with spaces in README Signed-off-by: Torsten Walter --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/README.md | 13 +-- .../templates/jenkins-master-deployment.yaml | 98 ++++++++++--------- 3 files changed, 59 insertions(+), 54 deletions(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index c0fea54e68ce..cbf54bd18e3f 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.32.3 +version: 0.32.4 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index 4086c3bbbaf8..ed3708292ee0 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -74,6 +74,7 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.Ingress.Annotations` | Ingress annotations | `{}` | | `Master.Ingress.Path` | Ingress path | Not set | | `Master.Ingress.TLS` | Ingress TLS configuration | `[]` | +| `Master.JCasC.enabled` | Wheter Jenkins Configuration as Code is enabled or not | `false` | | `Master.JCasC.ConfigScripts` | List of Jenkins Config as Code scripts | False | | `Master.Sidecars.configAutoReload` | Jenkins Config as Code auto-reload settings | False | | `Master.Sidecars.others` | Configures additional sidecar container(s) for Jenkins master | `{}` | @@ -255,12 +256,12 @@ Config as Code changes (to Master.JCasC.ConfigScripts) can either force a new po When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist. Since the admin account is used by the sidecar to reload config, in order to use auto-reload, you must change the .Master.AdminUser to a valid username on your LDAP (or other) server. If you use the matrix-auth plugin, this user must also be granted Overall\Administer rights in Jenkins. Failure to do this will cause the sidecar container to fail to authenticate via SSH and enter a restart loop. You can enable LDAP using the example above and add a Config as Code block for matrix security that includes: ```yaml ConfigScripts: - matrix-auth: | - Jenkins: - authorizationStrategy: - projectMatrix: - grantedPermissions: - - "Overall/Administer:" + matrix-auth: | + jenkins: + authorizationStrategy: + projectMatrix: + grantedPermissions: + - "Overall/Administer:" ``` You can instead grant this permission via the UI. When this is done, you can set `Master.Sidecars.configAutoReload.enabled: true` and upon the next Helm upgrade, auto-reload will be successfully enabled. diff --git a/stable/jenkins/templates/jenkins-master-deployment.yaml b/stable/jenkins/templates/jenkins-master-deployment.yaml index fe0b8f975a1b..5b886bcd8c55 100644 --- a/stable/jenkins/templates/jenkins-master-deployment.yaml +++ b/stable/jenkins/templates/jenkins-master-deployment.yaml @@ -131,50 +131,6 @@ spec: mountPath: /usr/share/jenkins/ref/secrets/ name: secrets-dir containers: -{{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecars.configAutoReload.enabled) }} - - name: {{ template "jenkins.name" . }}-sc-config - image: "{{ .Values.Master.Sidecars.configAutoReload.image }}" - imagePullPolicy: {{ .Values.Master.Sidecars.configAutoReload.imagePullPolicy }} - env: - - name: JENKINSRELOADCONFIG - value: "true" - - name: LABEL - value: "{{ .Values.Master.Sidecars.configAutoReload.label }}" - - name: FOLDER - value: "{{ .Values.Master.Sidecars.configAutoReload.folder }}" - - name: NAMESPACE - value: "{{ .Values.Master.Sidecars.configAutoReload.searchNamespace }}" - - name: SSH_PORT - value: "{{ .Values.Master.Sidecars.configAutoReload.sshTcpPort }}" - - name: JENKINS_PORT - value: "{{ .Values.Master.ServicePort }}" - {{- if .Values.Master.UseSecurity }} - - name: ADMIN_USER - valueFrom: - secretKeyRef: - name: {{ template "jenkins.fullname" . }} - key: jenkins-admin-user - {{- if or (.Values.Master.OwnSshKey) (.Values.Master.Sidecars.configAutoReload.enabled) }} - {{- if .Values.Master.JCasC.enabled }} - - name: ADMIN_PRIVATE_KEY - valueFrom: - secretKeyRef: - name: {{ template "jenkins.fullname" . }} - key: {{ "jenkins-admin-private-key" | quote }} - {{- end }} - {{- end }} - {{- end }} - resources: -{{ toYaml .Values.Master.Sidecars.configAutoReload.resources | indent 12 }} - volumeMounts: - - name: sc-config-volume - mountPath: {{ .Values.Master.Sidecars.configAutoReload.folder | quote }} - - name: jenkins-home - mountPath: /var/jenkins_home - {{- if .Values.Persistence.SubPath }} - subPath: {{ .Values.Persistence.SubPath }} - {{- end }} -{{- end}} - name: {{ template "jenkins.fullname" . }} image: "{{ .Values.Master.Image }}:{{ .Values.Master.ImageTag }}" imagePullPolicy: "{{ .Values.Master.ImagePullPolicy }}" @@ -299,13 +255,61 @@ spec: mountPath: /usr/share/jenkins/ref/secrets/ name: secrets-dir readOnly: false -{{- if .Values.Master.Sidecars.other}} -{{ tpl (toYaml .Values.Master.Sidecars.other | indent 8) .}} -{{- end }} {{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecars.configAutoReload.enabled) }} - name: sc-config-volume mountPath: {{ .Values.Master.Sidecars.configAutoReload.folder | default "/var/jenkins_home/casc_configs" | quote }} {{- end }} + +{{- if and (.Values.Master.JCasC.enabled) (.Values.Master.Sidecars.configAutoReload.enabled) }} + - name: {{ template "jenkins.name" . }}-sc-config + image: "{{ .Values.Master.Sidecars.configAutoReload.image }}" + imagePullPolicy: {{ .Values.Master.Sidecars.configAutoReload.imagePullPolicy }} + env: + - name: JENKINSRELOADCONFIG + value: "true" + - name: LABEL + value: "{{ .Values.Master.Sidecars.configAutoReload.label }}" + - name: FOLDER + value: "{{ .Values.Master.Sidecars.configAutoReload.folder }}" + - name: NAMESPACE + value: "{{ .Values.Master.Sidecars.configAutoReload.searchNamespace }}" + - name: SSH_PORT + value: "{{ .Values.Master.Sidecars.configAutoReload.sshTcpPort }}" + - name: JENKINS_PORT + value: "{{ .Values.Master.ServicePort }}" + {{- if .Values.Master.UseSecurity }} + - name: ADMIN_USER + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: jenkins-admin-user + {{- if or (.Values.Master.OwnSshKey) (.Values.Master.Sidecars.configAutoReload.enabled) }} + {{- if .Values.Master.JCasC.enabled }} + - name: ADMIN_PRIVATE_KEY + valueFrom: + secretKeyRef: + name: {{ template "jenkins.fullname" . }} + key: {{ "jenkins-admin-private-key" | quote }} + {{- end }} + {{- end }} + {{- end }} + resources: +{{ toYaml .Values.Master.Sidecars.configAutoReload.resources | indent 12 }} + volumeMounts: + - name: sc-config-volume + mountPath: {{ .Values.Master.Sidecars.configAutoReload.folder | quote }} + - name: jenkins-home + mountPath: /var/jenkins_home + {{- if .Values.Persistence.SubPath }} + subPath: {{ .Values.Persistence.SubPath }} + {{- end }} +{{- end}} + + +{{- if .Values.Master.Sidecars.other}} +{{ tpl (toYaml .Values.Master.Sidecars.other | indent 8) .}} +{{- end }} + volumes: {{- if .Values.Persistence.volumes }} {{ toYaml .Values.Persistence.volumes | indent 6 }} From 3af68322bbd252e1bade8f2929692045273b0e26 Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 14 Feb 2019 10:43:05 -0500 Subject: [PATCH 0169/1586] Update Ambassador default replicas and fix README Markdown (#11398) * Restore default replicas == 3 Signed-off-by: Flynn * Fix some markdown Signed-off-by: Flynn * Bump chart version, and switch my name to Flynn. :) Signed-off-by: Flynn * Add icon. Signed-off-by: Flynn --- stable/ambassador/Chart.yaml | 5 ++-- stable/ambassador/README.md | 45 +++++++++++++++++++---------------- stable/ambassador/values.yaml | 2 +- 3 files changed, 28 insertions(+), 24 deletions(-) diff --git a/stable/ambassador/Chart.yaml b/stable/ambassador/Chart.yaml index e35c8bc38bab..8f16908616f1 100644 --- a/stable/ambassador/Chart.yaml +++ b/stable/ambassador/Chart.yaml @@ -2,7 +2,8 @@ apiVersion: v1 appVersion: 0.50.1 description: A Helm chart for Datawire Ambassador name: ambassador -version: 1.1.0 +version: 1.1.1 +icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ sources: - https://github.com/datawire/ambassador @@ -15,6 +16,6 @@ keywords: maintainers: - name: flydiverny email: markus@maga.se - - name: kflynn + - name: Flynn email: flynn@datawire.io engine: gotpl diff --git a/stable/ambassador/README.md b/stable/ambassador/README.md index a4f188882eb0..112e8b845964 100755 --- a/stable/ambassador/README.md +++ b/stable/ambassador/README.md @@ -62,12 +62,11 @@ The following tables lists the configurable parameters of the Ambassador chart a | `prometheusExporter.repository` | Prometheus exporter image | `prom/statsd-exporter` | | `prometheusExporter.tag` | Prometheus exporter image | `v0.8.1` | | `rbac.create` | If `true`, create and use RBAC resources | `true` | -| `rbac.namespaced` | If `true`, permissions are namespace-scoped rather than cluster-scoped | `false` | - -| `replicaCount` | Number of Ambassador replicas | `1` | +| `rbac.namespaced` | If `true`, permissions are namespace-scoped rather than cluster-scoped | `false` | +| `replicaCount` | Number of Ambassador replicas | `3` | | `resources` | CPU/memory resource requests/limits | `{}` | -| `securityContext` | Set security context for pod | `{ "runAsUser": "8888" }` | -| `service.annotations` | Annotations to apply to Ambassador service | `{"getambassador.io/config":"---\napiVersion: ambassador/v1\nkind: Module\nname: ambassador\nconfig:\n service_port: 8080"}` | +| `securityContext` | Set security context for pod | `{ "runAsUser": "8888" }` | +| `service.annotations` | Annotations to apply to Ambassador service | See "Annotations" below | | `service.externalTrafficPolicy` | Sets the external traffic policy for the service | `""` | | `service.http.enabled` | if port 80 should be opened for service | `true` | | `service.http.nodePort` | If explicit NodePort is required | None | @@ -85,28 +84,32 @@ The following tables lists the configurable parameters of the Ambassador chart a | `volumeMounts` | Volume mounts for the ambassador service | `[]` | | `volumes` | Volumes for the ambassador service | `[]` | + **NOTE:** Make sure the configured `service.http.targetPort` and `service.https.targetPort` ports match your [Ambassador Module's](https://www.getambassador.io/reference/modules/#the-ambassador-module) `service_port` and `redirect_cleartext_from` configurations. -If you intend to use `service.annotations`, remember to include the annotation key, for example: +### Annotations + +The default annotation applied to the Ambassador service is + +``` +getambassador.io/config: | + --- + apiVersion: ambassador/v1 + kind: Module + name: ambassador + config: + service_port: 8080 +``` + +If you intend to use `service.annotations`, remember to include the `getambassador.io/config` annotation key as above, +and remember that you'll have to escape newlines. For example, the annotation above could be defined as ``` -service: - type: LoadBalancer - - http: - port: 80 - targetPort: 8080 - - annotations: - getambassador.io/config: | - --- - apiVersion: ambassador/v1 - kind: Module - name: ambassador - config: - redirect_cleartext_from: 8080 +service.annotations: { "getambassador.io/config": "---\napiVersion: ambassador/v1\nkind: Module\nname: ambassador\nconfig:\n service_port: 8080" } ``` +### Specifying Values + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, ```console diff --git a/stable/ambassador/values.yaml b/stable/ambassador/values.yaml index e9c1f1a1d82d..c85cc6f7bf62 100644 --- a/stable/ambassador/values.yaml +++ b/stable/ambassador/values.yaml @@ -2,7 +2,7 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. -replicaCount: 1 +replicaCount: 3 daemonSet: false ambassador: From 7a7549f8228163c8047c9c7da1c7fb6ec4cf1fa0 Mon Sep 17 00:00:00 2001 From: Leo Antunes Date: Thu, 14 Feb 2019 17:40:27 +0100 Subject: [PATCH 0170/1586] =?UTF-8?q?traefik:=20bump=201.7.7=C2=A0?= =?UTF-8?q?=E2=86=92=201.7.9=20(#11366)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * traefik: update to 1.7.9 Signed-off-by: Leo Antunes * traefik: increase memory limit to 40Mib Signed-off-by: Leo Antunes * traefik: replace cpu/memory limits with resources This deprecates the {cpu,memory}{Request,Limit} parameters and introduces the `resources` parameter. Signed-off-by: Leo Antunes --- stable/traefik/Chart.yaml | 4 ++-- stable/traefik/README.md | 13 +++++++------ stable/traefik/templates/deployment.yaml | 4 ++++ stable/traefik/values.yaml | 8 +++----- 4 files changed, 16 insertions(+), 13 deletions(-) diff --git a/stable/traefik/Chart.yaml b/stable/traefik/Chart.yaml index 1fb70af6fbb9..e70c2ca4be80 100644 --- a/stable/traefik/Chart.yaml +++ b/stable/traefik/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: traefik -version: 1.61.0 -appVersion: 1.7.7 +version: 1.61.1 +appVersion: 1.7.9 description: A Traefik based Kubernetes ingress controller with Let's Encrypt support keywords: - traefik diff --git a/stable/traefik/README.md b/stable/traefik/README.md index ae516c7dd763..9289a4f33a45 100644 --- a/stable/traefik/README.md +++ b/stable/traefik/README.md @@ -87,7 +87,7 @@ The following table lists the configurable parameters of the Traefik chart and t | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | | `fullnameOverride` | Override the full resource names | `{release-name}-traefik` (or traefik if release-name is traefik) | | `image` | Traefik image name | `traefik` | -| `imageTag` | The version of the official Traefik image to use | `1.7.7` | +| `imageTag` | The version of the official Traefik image to use | `1.7.9` | | `serviceType` | A valid Kubernetes service type | `LoadBalancer` | | `loadBalancerIP` | An available static IP you have reserved on your cloud platform | None | | `startupArguments` | A list of startup arguments which are passed to traefik | `[]` | @@ -98,11 +98,12 @@ The following table lists the configurable parameters of the Traefik chart and t | `replicas` | The number of replicas to run; __NOTE:__ Full Traefik clustering with leader election is not yet supported, which can affect any configured Let's Encrypt setup; see Clustering section | `1` | | `podDisruptionBudget` | Pod disruption budget | `{}` | | `priorityClassName` | Pod priority class name | `""` | -| `rootCAs` | Register Certificates in the RootCA. These certificates will be use for backends calls. __NOTE:__ You can use file path or cert content directly | `[]` | -| `cpuRequest` | Initial share of CPU requested per Traefik pod | `100m` | -| `memoryRequest` | Initial share of memory requested per Traefik pod | `20Mi` | -| `cpuLimit` | CPU limit per Traefik pod | `200m` | -| `memoryLimit` | Memory limit per Traefik pod | `30Mi` | +| `rootCAs` | Register Certificates in the RootCA. These certificates will be use for backends calls. __NOTE:__ You can use file path or cert content directly | `[]` | +| `resources` | Resource definitions for the generated pods | `{}` | +| `cpuRequest` | **DEPRECATED**: use `resources` instead. Initial share of CPU requested per Traefik pod | None | +| `memoryRequest` | **DEPRECATED**: use `resources` instead. Initial share of memory requested per Traefik pod | None | +| `cpuLimit` | **DEPRECATED**: use `resources` instead. CPU limit per Traefik pod | None | +| `memoryLimit` | **DEPRECATED**: use `resources` instead. Memory limit per Traefik pod | None | | `rbac.enabled` | Whether to enable RBAC with a specific cluster role and binding for Traefik | `false` | | `deploymentStrategy` | Specify deployment spec rollout strategy | `{}` | | `securityContext` | Security context | `{}` | diff --git a/stable/traefik/templates/deployment.yaml b/stable/traefik/templates/deployment.yaml index 042745515469..60f6d048fa36 100644 --- a/stable/traefik/templates/deployment.yaml +++ b/stable/traefik/templates/deployment.yaml @@ -65,12 +65,16 @@ spec: - image: {{ .Values.image }}:{{ .Values.imageTag }} name: {{ template "traefik.fullname" . }} resources: + {{- if or .Values.cpuRequest .Values.memoryRequest .Values.cpuLimit .Values.memoryLimit }} requests: cpu: {{ .Values.cpuRequest | quote }} memory: {{ .Values.memoryRequest | quote }} limits: cpu: {{ .Values.cpuLimit | quote }} memory: {{ .Values.memoryLimit | quote }} + {{- else }} +{{ toYaml .Values.resources | indent 10 }} + {{- end }} readinessProbe: tcpSocket: port: 80 diff --git a/stable/traefik/values.yaml b/stable/traefik/values.yaml index e10094076e2e..e1db01583150 100644 --- a/stable/traefik/values.yaml +++ b/stable/traefik/values.yaml @@ -1,6 +1,6 @@ ## Default values for Traefik image: traefik -imageTag: 1.7.7 +imageTag: 1.7.9 ## can switch the service type to NodePort if required serviceType: LoadBalancer # loadBalancerIP: "" @@ -20,10 +20,8 @@ podDisruptionBudget: {} # rootCAs: [] -cpuRequest: 100m -memoryRequest: 20Mi -cpuLimit: 100m -memoryLimit: 30Mi +resources: {} + debug: enabled: false From 0fba199497729b696b7e3d2e172fe29543296d9a Mon Sep 17 00:00:00 2001 From: Flynn Date: Thu, 14 Feb 2019 12:10:18 -0500 Subject: [PATCH 0171/1586] Add another OWNER to Ambassador (#11424) * Restore default replicas == 3 Signed-off-by: Flynn * Fix some markdown Signed-off-by: Flynn * Bump chart version, and switch my name to Flynn. :) Signed-off-by: Flynn * Add icon. Signed-off-by: Flynn * Sort OWNERS, and add nbkrause (from Datawire) Signed-off-by: Flynn * Heh. Didn't realize a change to OWNERS required a version bump. Signed-off-by: Flynn --- stable/ambassador/Chart.yaml | 2 +- stable/ambassador/OWNERS | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/stable/ambassador/Chart.yaml b/stable/ambassador/Chart.yaml index 8f16908616f1..b11d81fef21e 100644 --- a/stable/ambassador/Chart.yaml +++ b/stable/ambassador/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.50.1 description: A Helm chart for Datawire Ambassador name: ambassador -version: 1.1.1 +version: 1.1.2 icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ sources: diff --git a/stable/ambassador/OWNERS b/stable/ambassador/OWNERS index 21b46605c80a..a151dd3f2bfd 100644 --- a/stable/ambassador/OWNERS +++ b/stable/ambassador/OWNERS @@ -1,6 +1,8 @@ approvers: -- kflynn - flydiverny -reviewers: - kflynn +- nbkrause +reviewers: - flydiverny +- kflynn +- nbkrause From 5863186a8157c892164abe0adef37c0435897c99 Mon Sep 17 00:00:00 2001 From: Jason White <22136798+strobus@users.noreply.github.com> Date: Thu, 14 Feb 2019 12:31:54 -0500 Subject: [PATCH 0172/1586] [airflow] allow multiple existing secrets to be used (#11428) * [airflow] allow multiple existing secrets to be used Signed-off-by: Jason White Signed-off-by: Jason White * remove trailing spaces Signed-off-by: Jason White --- stable/airflow/Chart.yaml | 2 +- stable/airflow/templates/_helpers.tpl | 4 ++++ stable/airflow/values.yaml | 26 ++++++++++++++++---------- 3 files changed, 21 insertions(+), 11 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index 02262d9784b0..faa7d0dd5f06 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,6 +1,6 @@ description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 0.17.2 +version: 0.17.3 appVersion: 1.10.0 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/templates/_helpers.tpl b/stable/airflow/templates/_helpers.tpl index 182b307a85c3..f97d1b6ab2fd 100644 --- a/stable/airflow/templates/_helpers.tpl +++ b/stable/airflow/templates/_helpers.tpl @@ -97,7 +97,11 @@ Map environment vars to secrets - name: {{ $val.envVar }} valueFrom: secretKeyRef: + {{- if $val.secretName }} + name: {{ $val.secretName }} + {{- else }} name: {{ $secretName }} + {{- end }} key: {{ $val.secretKey }} {{- end }} {{- end }} diff --git a/stable/airflow/values.yaml b/stable/airflow/values.yaml index 2dbfff0ecd3e..9a75e9c49baf 100644 --- a/stable/airflow/values.yaml +++ b/stable/airflow/values.yaml @@ -5,27 +5,33 @@ ## common settings and setting for the webserver airflow: - ## - ## secretsMapping can be overridden in values.yaml as such: + ## When existingAirflowSecret is defined, secretsMapping can be + ## overridden. When no secretName is given then the value of + ## existingAirflowSecret is assumed. ## secretsMapping: ## - envVar: AIRFLOW__LDAP__BIND_PASSWORD - ## secretName: ldapBindPassword + ## secretName: ldap + ## secretKey: ldapBindPassword ## - envVar: AIRFLOW__ATLAS__PASSWORD - ## secretName: atlasPassword + ## secretKey: atlasPassword ## - envVar: AIRFLOW__SMTP__PASSWORD - ## secretName: smtpPassword + ## secretKey: smtpPassword ## - envVar: AIRFLOW__KUBERNETES__GIT_PASSWORD - ## secretName: kubernetesGitPassword + ## secretKey: kubernetesGitPassword ## - envVar: POSTGRES_USER - ## secretName: postgresUser + ## secretName: postgres + ## secretKey: postgresUser ## - envVar: POSTGRES_PASSWORD - ## secretName: postgresPassword + ## secretName: postgres + ## secretKey: postgresPassword ## - envVar: REDIS_PASSWORD - ## secretName: redisPassword + ## secretName: redis + ## secretKey: redisPassword secretsMapping: - ## used only when existingAirflowSecrets is false + ## Used only when existingAirflowSecret is null, in which case + ## a secret will be created with a default name and the following mapping. defaultSecretsMapping: - envVar: POSTGRES_USER secretKey: postgresUser From 5a95accf98734a2c301ba40045184281f0ddb5b2 Mon Sep 17 00:00:00 2001 From: Miles Matthias Date: Thu, 14 Feb 2019 12:04:32 -0700 Subject: [PATCH 0173/1586] Revert API_HOST endpoint variable from gate to deck service setting (#11397) * move the API_HOST variable to deck.yml, where it belongs Signed-off-by: Miles Matthias * bump chart version for gate fix Signed-off-by: Miles Matthias --- stable/spinnaker/Chart.yaml | 2 +- stable/spinnaker/templates/configmap/service-settings.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/spinnaker/Chart.yaml b/stable/spinnaker/Chart.yaml index 9e8e4a2dcdf4..cf42e6e12074 100644 --- a/stable/spinnaker/Chart.yaml +++ b/stable/spinnaker/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence. name: spinnaker -version: 1.7.0 +version: 1.7.1 appVersion: 1.11.6 home: http://spinnaker.io/ sources: diff --git a/stable/spinnaker/templates/configmap/service-settings.yaml b/stable/spinnaker/templates/configmap/service-settings.yaml index 4075765b8afa..fe43e91326ed 100644 --- a/stable/spinnaker/templates/configmap/service-settings.yaml +++ b/stable/spinnaker/templates/configmap/service-settings.yaml @@ -18,14 +18,14 @@ data: {{- end }} skipLifeCycleManagement: true gate.yml: |- - env: - API_HOST: http://spin-gate.{{ .Release.Namespace }}:8084 kubernetes: {{- if .Values.ingress.enabled }} useExecHealthCheck: false serviceType: NodePort {{- end }} deck.yml: |- + env: + API_HOST: http://spin-gate.{{ .Release.Namespace }}:8084 kubernetes: {{- if .Values.ingress.enabled }} useExecHealthCheck: false From b87938b48e5119947d6139342ef4e56b5d907f38 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Thu, 14 Feb 2019 20:22:59 +0100 Subject: [PATCH 0174/1586] stable/postgresql: update to 10.7.0 (#11434) Signed-off-by: Bitnami Containers --- stable/postgresql/Chart.yaml | 4 ++-- stable/postgresql/values-production.yaml | 2 +- stable/postgresql/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 520261aef47b..50deef6b3a15 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,6 +1,6 @@ name: postgresql -version: 3.11.0 -appVersion: 10.6.0 +version: 3.11.1 +appVersion: 10.7.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: - postgresql diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index 6ae61617cf45..29bbdf2d3924 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/postgresql - tag: 10.6.0 + tag: 10.7.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index cfe2714a1b49..b2fa2d216e57 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/postgresql - tag: 10.6.0 + tag: 10.7.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From fbeb5f84b1f210bd9f247769d6a9e2ea6550207c Mon Sep 17 00:00:00 2001 From: CharlieC3 Date: Thu, 14 Feb 2019 14:32:12 -0500 Subject: [PATCH 0175/1586] Vault: Adding ability to open cluster ip in k8s service (#8054) * Vault: Adding ability to open cluster ip in k8s service Signed-off-by: Charles Cantoni * Adding conditional block around exposing the cluster port Signed-off-by: ccantoni * Bumping chart version Signed-off-by: ccantoni --- incubator/vault/Chart.yaml | 2 +- incubator/vault/README.md | 4 ++++ incubator/vault/templates/deployment.yaml | 2 +- incubator/vault/templates/service.yaml | 6 ++++++ incubator/vault/values.yaml | 2 ++ 5 files changed, 14 insertions(+), 2 deletions(-) diff --git a/incubator/vault/Chart.yaml b/incubator/vault/Chart.yaml index 301b83b71286..2d68710ef624 100644 --- a/incubator/vault/Chart.yaml +++ b/incubator/vault/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart for Vault, a tool for managing secrets name: vault -version: 0.14.8 +version: 0.14.9 appVersion: 1.0.1 home: https://www.vaultproject.io/ icon: https://www.vaultproject.io/assets/images/mega-nav/logo-vault-0f83e3d2.svg diff --git a/incubator/vault/README.md b/incubator/vault/README.md index 754e23302709..bcdae1b6af86 100644 --- a/incubator/vault/README.md +++ b/incubator/vault/README.md @@ -65,6 +65,10 @@ The following table lists the configurable parameters of the Vault chart and the | `service.loadBalancerIP` | Assign a static IP to the loadbalancer | `nil` | | `service.loadBalancerSourceRanges`| IP whitelist for service type loadbalancer | `[]` | | `service.annotations` | Annotations for service | `{}` | +| `service.externalPort` | External port for the service | `8200` | +| `service.port` | The API port Vault is using | `8200` | +| `service.clusterExternalPort` | External cluster port for the service | `nil` | +| `service.clusterPort` | The cluster port Vault is using | `8201` | | `annotations` | Annotations for deployment | `{}` | | `labels` | Extra labels for deployment | `{}` | | `ingress.labels` | Labels for ingress | `{}` | diff --git a/incubator/vault/templates/deployment.yaml b/incubator/vault/templates/deployment.yaml index f0d6b689e414..daac59165a74 100644 --- a/incubator/vault/templates/deployment.yaml +++ b/incubator/vault/templates/deployment.yaml @@ -45,7 +45,7 @@ spec: ports: - containerPort: {{ .Values.service.port }} name: api - - containerPort: 8201 + - containerPort: {{ .Values.service.clusterPort }} name: cluster-address livenessProbe: # Alive if it is listening for clustering traffic diff --git a/incubator/vault/templates/service.yaml b/incubator/vault/templates/service.yaml index c271d1a18a1e..13efcd7a5924 100644 --- a/incubator/vault/templates/service.yaml +++ b/incubator/vault/templates/service.yaml @@ -30,6 +30,12 @@ spec: protocol: TCP targetPort: {{ .Values.service.port }} name: api + {{- if .Values.service.clusterExternalPort }} + - port: {{ .Values.service.clusterExternalPort }} + protocol: TCP + targetPort: {{ .Values.service.clusterPort }} + name: cluster + {{- end }} selector: app: {{ template "vault.name" . }} release: {{ .Release.Name }} diff --git a/incubator/vault/values.yaml b/incubator/vault/values.yaml index 28940b8d73f2..63c01c56947c 100644 --- a/incubator/vault/values.yaml +++ b/incubator/vault/values.yaml @@ -35,6 +35,8 @@ service: # - 130.211.204.2/32 externalPort: 8200 port: 8200 + # clusterExternalPort: 8201 + clusterPort: 8201 # clusterIP: None annotations: {} # cloud.google.com/load-balancer-type: "Internal" From a11c812de528518cab032a9e58976c28cc9d7341 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Thu, 14 Feb 2019 20:43:45 +0100 Subject: [PATCH 0176/1586] stable/ghost: update to 2.14.3 (#11432) Signed-off-by: Bitnami Containers --- stable/ghost/Chart.yaml | 4 ++-- stable/ghost/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index a812bff9ac8e..30c2e9c5b057 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,6 +1,6 @@ name: ghost -version: 6.3.10 -appVersion: 2.14.2 +version: 6.3.11 +appVersion: 2.14.3 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: - ghost diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index 30bdb19a295f..724fad114fd3 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/ghost - tag: 2.14.2 + tag: 2.14.3 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 643fa44426c23e20d24190fb85f2dd7f6a190640 Mon Sep 17 00:00:00 2001 From: Anastas Dancha Date: Thu, 14 Feb 2019 22:52:59 +0300 Subject: [PATCH 0177/1586] [stable/satisfy] gettting docker image with fixes (#11433) Signed-off-by: Anastas Dancha --- stable/satisfy/Chart.yaml | 2 +- stable/satisfy/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/satisfy/Chart.yaml b/stable/satisfy/Chart.yaml index 6f4bef7ce890..590aa38497d9 100644 --- a/stable/satisfy/Chart.yaml +++ b/stable/satisfy/Chart.yaml @@ -1,5 +1,5 @@ name: satisfy -version: 0.1.0 +version: 0.1.1 appVersion: "3.0.4" description: Composer repo hosting with Satisfy home: https://github.com/anapsix/docker-satisfy diff --git a/stable/satisfy/values.yaml b/stable/satisfy/values.yaml index 3e5b985387c8..37ca9198930f 100644 --- a/stable/satisfy/values.yaml +++ b/stable/satisfy/values.yaml @@ -7,7 +7,7 @@ image: # image.digest takes precedence: # i.e. if both image.tag and image.digest are present digest will be used # tag: v3.0.4 - digest: sha256:b590aced3074cdb1e09b4e9432fd69afccfa807e50a3ad8168960572128f4fbd + digest: sha256:69758ccd31117a594cd7268c79a32a531dfc2c725df554542dbbb6c5714d77fc pullPolicy: Always pullSecrets: [] # - secret1 From e4ea88e88e09d04c90992148ee5a51e7307dd09e Mon Sep 17 00:00:00 2001 From: Denis Date: Fri, 15 Feb 2019 00:03:38 +0300 Subject: [PATCH 0178/1586] Add beat-exporter Prometheus metrics (#11408) * Add beat-exporter Prometheus metrics from https://github.com/trustpilot/beat-exporter Signed-off-by: Denis Lavrushko Signed-off-by: Denis Lavrushko * fix DCO and bumped new version Signed-off-by: Denis Lavrushko * Remove blank lines Signed-off-by: Denis Lavrushko * add new line before EOF Signed-off-by: Denis Lavrushko * trailing spaces and newline at the end of file Signed-off-by: Denis Lavrushko --- stable/filebeat/Chart.yaml | 2 +- stable/filebeat/templates/daemonset.yaml | 13 ++++++++++ stable/filebeat/templates/service.yaml | 20 +++++++++++++++ stable/filebeat/values.yaml | 31 +++++++++++++++++++++++- 4 files changed, 64 insertions(+), 2 deletions(-) create mode 100644 stable/filebeat/templates/service.yaml diff --git a/stable/filebeat/Chart.yaml b/stable/filebeat/Chart.yaml index e4356b929059..3b718030ba68 100644 --- a/stable/filebeat/Chart.yaml +++ b/stable/filebeat/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: A Helm chart to collect Kubernetes logs with filebeat icon: https://www.elastic.co/assets/blt47799dcdcf08438d/logo-elastic-beats-lt.svg name: filebeat -version: 1.2.0 +version: 1.3.0 appVersion: 6.6.0 home: https://www.elastic.co/products/beats/filebeat sources: diff --git a/stable/filebeat/templates/daemonset.yaml b/stable/filebeat/templates/daemonset.yaml index 1c3cebd380a3..792e6ef5d9aa 100644 --- a/stable/filebeat/templates/daemonset.yaml +++ b/stable/filebeat/templates/daemonset.yaml @@ -108,6 +108,19 @@ spec: readOnly: true {{- if .Values.extraVolumeMounts }} {{ toYaml .Values.extraVolumeMounts | indent 8 }} +{{- end }} +{{- if .Values.monitoring.enabled }} + - name: {{ template "filebeat.fullname" . }}-prometheus-exporter + image: "{{ .Values.monitoring.image.repository }}:{{ .Values.monitoring.image.tag }}" + imagePullPolicy: {{ .Values.monitoring.image.pullPolicy }} + args: +{{- if .Values.monitoring.args }} +{{ toYaml .Values.monitoring.args | indent 8 }} +{{- end }} +{{- if .Values.monitoring.resources }} + resources: +{{ toYaml .Values.monitoring.resources | indent 10 }} +{{- end }} {{- end }} volumes: - name: varlog diff --git a/stable/filebeat/templates/service.yaml b/stable/filebeat/templates/service.yaml new file mode 100644 index 000000000000..6b151dba71d7 --- /dev/null +++ b/stable/filebeat/templates/service.yaml @@ -0,0 +1,20 @@ +{{- if .Values.monitoring.enabled }} +kind: Service +apiVersion: v1 +metadata: + name: {{ template "filebeat.fullname" . }}-metrics + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "filebeat.name" . }} + chart: {{ template "filebeat.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + selector: + app: {{ template "filebeat.name" . }} + ports: + - name: metrics + port: {{ .Values.monitoring.exporterPort }} + targetPort: {{ .Values.monitoring.targetPort }} + protocol: TCP +{{ end }} \ No newline at end of file diff --git a/stable/filebeat/values.yaml b/stable/filebeat/values.yaml index 6aa4e4c5fced..8f5276410919 100644 --- a/stable/filebeat/values.yaml +++ b/stable/filebeat/values.yaml @@ -44,7 +44,7 @@ config: # When a key contains a period, use this format for setting values on the command line: # --set config."http\.enabled"=true - http.enabled: false + http.enabled: true http.port: 5066 # Upload index template to Elasticsearch if Logstash output is enabled @@ -139,3 +139,32 @@ podSecurityPolicy: # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' + +## Add Elastic beat-exporter for Prometheus +## https://github.com/trustpilot/beat-exporter +## Dont forget to enable http on config.http.enabled (exposing filebeat stats) +monitoring: + enabled: true + image: + repository: trustpilot/beat-exporter + tag: 0.1.1 + pullPolicy: IfNotPresent + resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 200Mi + # requests: + # cpu: 100m + # memory: 100Mi + + # pass custom args. This is equivalent of Cmd in docker + args: [] + + ## default is ":9479". If changed, need pass argument "-web.listen-address <...>" + exporterPort: 9479 + ## Filebeat service port, which exposes Prometheus metrics + targetPort: 9479 From 5a7f51bc47019b4dca905c75440fa2be13b427f1 Mon Sep 17 00:00:00 2001 From: Tomas Pizarro Date: Fri, 15 Feb 2019 10:16:45 +0100 Subject: [PATCH 0179/1586] [stable/postgresql] Fix wrong securityContext configuration for containers (#11406) Signed-off-by: tompizmor --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/templates/statefulset-slaves.yaml | 5 ++++- stable/postgresql/templates/statefulset.yaml | 5 ++++- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 50deef6b3a15..989d37be1117 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.11.1 +version: 3.11.2 appVersion: 10.7.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml index 464e5f9bacc7..198d1ae8415c 100644 --- a/stable/postgresql/templates/statefulset-slaves.yaml +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -47,6 +47,10 @@ spec: {{- if .Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} initContainers: - name: init-chmod-data @@ -76,7 +80,6 @@ spec: {{ toYaml .Values.resources | indent 10 }} {{- if .Values.securityContext.enabled }} securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} env: diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index 7309d1a213ba..c966ffe9fa1e 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -51,6 +51,10 @@ spec: {{- if .Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- end }} + {{- if .Values.securityContext.enabled }} + securityContext: + fsGroup: {{ .Values.securityContext.fsGroup }} + {{- end }} {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} initContainers: - name: init-chmod-data @@ -80,7 +84,6 @@ spec: {{ toYaml .Values.resources | indent 10 }} {{- if .Values.securityContext.enabled }} securityContext: - fsGroup: {{ .Values.securityContext.fsGroup }} runAsUser: {{ .Values.securityContext.runAsUser }} {{- end }} env: From a143218529d859fb0631baf3bc836f8dc6642450 Mon Sep 17 00:00:00 2001 From: stsui-ctech Date: Fri, 15 Feb 2019 05:11:30 -0500 Subject: [PATCH 0180/1586] Workaround k8s exec probe timeoutSeconds (#11355) * Workaround k8s exec probe timeoutSeconds We've found that redis-cli can hang and not return in some circumstances (e.g. when the persistentVolume is not responding). Kubernetes probes that run in Docker containers currently ignore the timeoutSeconds specified in the probe. [0] To workaround this, pass the timeoutSeconds as a parameter to the scripts, and use the timeout tool to send a SIGKILL to redis-cli if it's hasn't responded after the timeout expires. [0] https://github.com/kubernetes/kubernetes/pull/58925 Signed-off-by: Severn Tsui * Merge timeout line into same line as shell command Do it for the helper, the same way it was done in the SS Signed-off-by: Severn Tsui --- stable/redis/Chart.yaml | 2 +- stable/redis/templates/_helpers.tpl | 4 ++-- stable/redis/templates/health-configmap.yaml | 6 ++++-- stable/redis/templates/redis-master-statefulset.yaml | 4 ++-- 4 files changed, 9 insertions(+), 7 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index b74e7adfa8f5..dff5aaddc209 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,5 +1,5 @@ name: redis -version: 6.0.1 +version: 6.1.0 appVersion: 4.0.12 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/templates/_helpers.tpl b/stable/redis/templates/_helpers.tpl index f9e0b50d16f3..f39277e4669e 100644 --- a/stable/redis/templates/_helpers.tpl +++ b/stable/redis/templates/_helpers.tpl @@ -102,7 +102,7 @@ readinessProbe: command: - sh - -c - - /health/ping_local_and_master.sh + - /health/ping_local_and_master.sh {{ $readinessProbe.timeoutSeconds | default .Values.master.readinessProbe.timeoutSeconds }} {{- end }} {{- end -}} {{- end -}} @@ -124,7 +124,7 @@ livenessProbe: command: - sh - -c - - /health/ping_local_and_master.sh + - /health/ping_local_and_master.sh {{ $livenessProbe.timeoutSeconds | default .Values.master.livenessProbe.timeoutSeconds }} {{- end }} {{- end -}} {{- end -}} diff --git a/stable/redis/templates/health-configmap.yaml b/stable/redis/templates/health-configmap.yaml index c60982cb53fc..6d604a575084 100644 --- a/stable/redis/templates/health-configmap.yaml +++ b/stable/redis/templates/health-configmap.yaml @@ -14,6 +14,7 @@ data: export REDIS_PASSWORD=$password_aux {{- end }} response=$( + timeout -s 9 $1 \ redis-cli \ {{- if .Values.usePassword }} -a $REDIS_PASSWORD \ @@ -32,6 +33,7 @@ data: export REDIS_MASTER_PASSWORD=$password_aux {{- end }} response=$( + timeout -s 9 $1 \ redis-cli \ {{- if .Values.usePassword }} -a $REDIS_MASTER_PASSWORD \ @@ -47,6 +49,6 @@ data: ping_local_and_master.sh: |- script_dir="$(dirname "$0")" exit_status=0 - "$script_dir/ping_local.sh" || exit_status=$? - "$script_dir/ping_master.sh" || exit_status=$? + "$script_dir/ping_local.sh" $1 || exit_status=$? + "$script_dir/ping_master.sh" $1 || exit_status=$? exit $exit_status diff --git a/stable/redis/templates/redis-master-statefulset.yaml b/stable/redis/templates/redis-master-statefulset.yaml index 41470501ddee..f0558db60829 100644 --- a/stable/redis/templates/redis-master-statefulset.yaml +++ b/stable/redis/templates/redis-master-statefulset.yaml @@ -121,7 +121,7 @@ spec: command: - sh - -c - - /health/ping_local.sh + - /health/ping_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }} {{- end }} {{- if .Values.master.readinessProbe.enabled}} readinessProbe: @@ -134,7 +134,7 @@ spec: command: - sh - -c - - /health/ping_local.sh + - /health/ping_local.sh {{ .Values.master.livenessProbe.timeoutSeconds }} {{- end }} resources: {{ toYaml .Values.master.resources | indent 10 }} From cec86f65c776461790177bbc7112e6a6866b5540 Mon Sep 17 00:00:00 2001 From: Vasily Sliouniaev Date: Fri, 15 Feb 2019 11:21:11 +0000 Subject: [PATCH 0181/1586] [stable/prometheus-operator] Add vsliouniaev to approvers, reviewers (#11443) * Add vsliouniaev to approvers, reviewers Signed-off-by: Vasily * Bump chart vers Seems strange, to have to bump for things in the ignore file Signed-off-by: Vasily --- stable/prometheus-operator/.helmignore | 4 ++++ stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/OWNERS | 2 ++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/prometheus-operator/.helmignore b/stable/prometheus-operator/.helmignore index f0c131944441..9797d317a80d 100644 --- a/stable/prometheus-operator/.helmignore +++ b/stable/prometheus-operator/.helmignore @@ -19,3 +19,7 @@ .project .idea/ *.tmproj +# helm/charts +OWNERS +hack/ +ci/ diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index f13b0435373b..b632c0ddf567 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.2.0 +version: 2.2.1 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/OWNERS b/stable/prometheus-operator/OWNERS index ca300fa25d28..4f1dd4862df4 100644 --- a/stable/prometheus-operator/OWNERS +++ b/stable/prometheus-operator/OWNERS @@ -1,4 +1,6 @@ approvers: - gianrubio +- vsliouniaev reviewers: - gianrubio +- vsliouniaev \ No newline at end of file From 38efafea7ddb6482f97cb16f4407ec6d2158b182 Mon Sep 17 00:00:00 2001 From: Tariq Ibrahim Date: Fri, 15 Feb 2019 05:39:11 -0800 Subject: [PATCH 0182/1586] [stable/kube-state-metrics] update kube-state-metrics README.md (#11440) Signed-off-by: tariqibrahim --- stable/kube-state-metrics/Chart.yaml | 2 +- stable/kube-state-metrics/README.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/kube-state-metrics/Chart.yaml b/stable/kube-state-metrics/Chart.yaml index 2f02d4aa0a42..4ba33e90baf6 100644 --- a/stable/kube-state-metrics/Chart.yaml +++ b/stable/kube-state-metrics/Chart.yaml @@ -5,7 +5,7 @@ keywords: - metric - monitoring - prometheus -version: 0.14.0 +version: 0.14.1 appVersion: 1.5.0 home: https://github.com/kubernetes/kube-state-metrics/ sources: diff --git a/stable/kube-state-metrics/README.md b/stable/kube-state-metrics/README.md index 826e113a5778..bcab1b233196 100644 --- a/stable/kube-state-metrics/README.md +++ b/stable/kube-state-metrics/README.md @@ -14,8 +14,8 @@ $ helm install stable/kube-state-metrics | Parameter | Description | Default | |---------------------------------------|---------------------------------------------------------|---------------------------------------------| -| `image.repository` | The image repository to pull from | quay.io/coreos/kube-state-metrics | -| `image.tag` | The image tag to pull from | `v1.4.0` | +| `image.repository` | The image repository to pull from | k8s.gcr.io/kube-state-metrics | +| `image.tag` | The image tag to pull from | `v1.5.0` | | `image.pullPolicy` | Image pull policy | IfNotPresent | | `service.port` | The port of the container | 8080 | | `prometheusScrape` | Whether or not enable prom scrape | true | @@ -43,7 +43,7 @@ $ helm install stable/kube-state-metrics | `collectors.nodes` | Enable the nodes collector. | true | | `collectors.persistentvolumeclaims` | Enable the persistentvolumeclaims collector. | true | | `collectors.persistentvolumes` | Enable the persistentvolumes collector. | true | -| `collectors.poddisruptionbudgets` | Enable the poddisruptionbudgets collector. | true +| `collectors.poddisruptionbudgets` | Enable the poddisruptionbudgets collector. | true | | `collectors.pods` | Enable the pods collector. | true | | `collectors.replicasets` | Enable the replicasets collector. | true | | `collectors.replicationcontrollers` | Enable the replicationcontrollers collector. | true | From 0facbbcf21c42989dbb885597009d41668291487 Mon Sep 17 00:00:00 2001 From: Mikhail Zholobov Date: Fri, 15 Feb 2019 14:52:32 +0100 Subject: [PATCH 0183/1586] [stable/superset] Use the target port number instead of a name (#7857) * [stable/superset] Use the target port number instead of a name Older (but still actual) versions of some Network Policy providers don't support named ports as a value of `targetPort` field in the Service spec. Changing it to the number shouldn't break the UX for existing installations. Signed-off-by: Mikhail Zholobov * [stable/superset] Bump version Signed-off-by: Mikhail Zholobov --- stable/superset/Chart.yaml | 2 +- stable/superset/templates/svc.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/superset/Chart.yaml b/stable/superset/Chart.yaml index cdf4fa4edbf3..73998b202701 100644 --- a/stable/superset/Chart.yaml +++ b/stable/superset/Chart.yaml @@ -1,6 +1,6 @@ description: Apache Superset (incubating) is a modern, enterprise-ready business intelligence web application name: superset -version: 1.1.4 +version: 1.1.5 appVersion: "0.28.1" keywords: - bi diff --git a/stable/superset/templates/svc.yaml b/stable/superset/templates/svc.yaml index 1fdd3dc0a2e3..8df325ea8e79 100644 --- a/stable/superset/templates/svc.yaml +++ b/stable/superset/templates/svc.yaml @@ -36,7 +36,7 @@ spec: ports: - name: http port: {{ .Values.service.port }} - targetPort: http + targetPort: 8088 protocol: TCP {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} nodePort: {{.Values.service.nodePort}} From c5f6378a96cfb22e55893d0922204ae81295ee55 Mon Sep 17 00:00:00 2001 From: Alexander Ilyin Date: Fri, 15 Feb 2019 06:01:09 -0800 Subject: [PATCH 0184/1586] [master] Fixed broken markdown table; (#10982) * [master] Fixed broken markdown table; Signed-off-by: Alexander Ilyin * [master] Bump the chart version. Signed-off-by: Alexander Ilyin Signed-off-by: Carlos Panato --- stable/selenium/Chart.yaml | 2 +- stable/selenium/README.md | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/stable/selenium/Chart.yaml b/stable/selenium/Chart.yaml index cfeefe33cbc2..59d8e7db82b5 100644 --- a/stable/selenium/Chart.yaml +++ b/stable/selenium/Chart.yaml @@ -1,5 +1,5 @@ name: selenium -version: 1.0.1 +version: 1.0.2 appVersion: 3.14.0 description: Chart for selenium grid keywords: diff --git a/stable/selenium/README.md b/stable/selenium/README.md index be4b72face0b..a1071f09dad7 100644 --- a/stable/selenium/README.md +++ b/stable/selenium/README.md @@ -51,7 +51,6 @@ The following table lists the configurable parameters of the Selenium chart and | `hub.pullPolicy` | The pull policy for the hub image | `IfNotPresent` | | `hub.port` | The port the hub listens on | `4444` | | `hub.servicePort` | The port the hub Service listens on | `4444` | - | `hub.podAnnotations` | Annotations on the hub pod | `{}` | | `hub.javaOpts` | The java options for the selenium hub JVM, default sets the maximum heap size to 1,000 mb | `-Xmx1000m` | | `hub.resources` | The resources for the hub container, defaults to minimum half a cpu and maximum 1,000 mb RAM | `{"limits":{"cpu":".5", "memory":"1000Mi"}}` | From 40208fd944a51eb8b006b4d2660eb507e90bd177 Mon Sep 17 00:00:00 2001 From: andreyshamray <32450129+andreyshamray@users.noreply.github.com> Date: Fri, 15 Feb 2019 16:12:15 +0200 Subject: [PATCH 0185/1586] Added values to chose init container, additional label for Ingress and deleteDefaultPlugins option. (#11361) * added new values Signed-off-by: Andriy Shamray * chaged ingress.labels in values.yaml Signed-off-by: Andriy Shamray * applied PR changes Signed-off-by: Andriy Shamray * applied PR changes Signed-off-by: Andriy Shamray * applied PR changes Signed-off-by: Andriy Shamray * changed chart version Signed-off-by: Andriy Shamray * changed version: 0.14.0 in Chart.yaml Signed-off-by: Andriy Shamray --- stable/sonarqube/Chart.yaml | 2 +- stable/sonarqube/README.md | 3 +++ stable/sonarqube/templates/copy-plugins.yaml | 3 +++ stable/sonarqube/templates/deployment.yaml | 2 +- stable/sonarqube/templates/ingress.yaml | 5 ++++- stable/sonarqube/values.yaml | 8 ++++++++ 6 files changed, 20 insertions(+), 3 deletions(-) diff --git a/stable/sonarqube/Chart.yaml b/stable/sonarqube/Chart.yaml index 34ec7181398c..702605669914 100644 --- a/stable/sonarqube/Chart.yaml +++ b/stable/sonarqube/Chart.yaml @@ -1,6 +1,6 @@ name: sonarqube description: Sonarqube is an open sourced code quality scanning tool -version: 0.13.5 +version: 0.14.0 appVersion: 7.6 keywords: - coverage diff --git a/stable/sonarqube/README.md b/stable/sonarqube/README.md index eed19ad192c0..fde78b6233bf 100644 --- a/stable/sonarqube/README.md +++ b/stable/sonarqube/README.md @@ -46,6 +46,7 @@ The following table lists the configurable parameters of the Sonarqube chart and | `command` | command to run in the container | `nil` (need to be set prior to 6.7.6, and 7.4) | | `securityContext.fsGroup` | Group applied to mounted directories/files| `999` | | `ingress.enabled` | Flag for enabling ingress | false | +| `ingress.labels` | Ingress additional labels | `{}` | | `livenessProbe.sonarWebContext` | SonarQube web context for livenessProbe | / | | `readinessProbe.sonarWebContext` | SonarQube web context for readinessProbe | / | | `service.type` | Kubernetes service type | `LoadBalancer` | @@ -81,6 +82,8 @@ The following table lists the configurable parameters of the Sonarqube chart and | `tolerations` | List of node taints to tolerate | `[]` | | `plugins.install` | List of plugins to install | `[]` | | `plugins.resources` | Plugin Pod resource requests & limits | `{}` | +| `plugins.initContainerImage` | Change init container image | `[]` | +| `plugins.deleteDefaultPlugins` | Remove default plugins and use plugins.install list | `[]` | You can also configure values for the PostgreSQL / MySQL database via the Postgresql [README.md](https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md) / MySQL [README.md](https://github.com/kubernetes/charts/blob/master/stable/mysql/README.md) diff --git a/stable/sonarqube/templates/copy-plugins.yaml b/stable/sonarqube/templates/copy-plugins.yaml index f06c8157ab39..7293c4f09466 100644 --- a/stable/sonarqube/templates/copy-plugins.yaml +++ b/stable/sonarqube/templates/copy-plugins.yaml @@ -10,6 +10,9 @@ metadata: data: copy_plugins.sh: |- #! /bin/sh + {{- if .Values.plugins.deleteDefaultPlugins }} + rm -f /opt/sonarqube/extensions/plugins/*.jar + {{- end }} cp /opt/sonarqube/extensions/plugins/tmp/*.jar /opt/sonarqube/extensions/plugins/ /opt/sonarqube/bin/run.sh diff --git a/stable/sonarqube/templates/deployment.yaml b/stable/sonarqube/templates/deployment.yaml index 18ca243652d9..688bc1b475e7 100644 --- a/stable/sonarqube/templates/deployment.yaml +++ b/stable/sonarqube/templates/deployment.yaml @@ -20,7 +20,7 @@ spec: {{- if .Values.plugins.install }} initContainers: - name: install-plugins - image: joosthofman/wget:1.0 + image: {{ default "joosthofman/wget:1.0" .Values.plugins.initContainerImage }} env: {{- range $key, $value := .Values.extraEnv }} - name: {{ $key }} diff --git a/stable/sonarqube/templates/ingress.yaml b/stable/sonarqube/templates/ingress.yaml index 8c349f03e3dc..ae602f61b446 100644 --- a/stable/sonarqube/templates/ingress.yaml +++ b/stable/sonarqube/templates/ingress.yaml @@ -10,7 +10,10 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} -{{ if .Values.ingress.annotations}} +{{- if .Values.ingress.labels }} +{{ .Values.ingress.labels | toYaml | trimSuffix "\n"| indent 4 -}} +{{- end}} +{{- if .Values.ingress.annotations}} annotations: {{- range $key, $value := .Values.ingress.annotations }} {{ $key }}: {{ $value | quote }} diff --git a/stable/sonarqube/values.yaml b/stable/sonarqube/values.yaml index c3415bef7b8c..4bbfece51426 100755 --- a/stable/sonarqube/values.yaml +++ b/stable/sonarqube/values.yaml @@ -34,6 +34,11 @@ ingress: # kubernetes.io/tls-acme: "true" # This property allows for reports up to a certain size to be uploaded to SonarQube # nginx.ingress.kubernetes.io/proxy-body-size: "8m" + +# Additional labels for Ingress manifest file + # labels: + # traffic-type: external + # traffic-type: internal tls: {} # Secrets must be manually created in the namespace. # - secretName: chart-example-tls @@ -103,6 +108,9 @@ persistence: # - "https://github.com/SonarSource/sonar-ldap/releases/download/2.2-RC3/sonar-ldap-plugin-2.2.0.601.jar" plugins: install: [] + + # initContainerImage: alpine:3.9 + # deleteDefaultPlugins: true resources: {} # We allow the plugins init container to have a separate resources declaration because # the initContainer does not take as much resources. From 1be115e52c74530afb245d45967d689d9eed5bba Mon Sep 17 00:00:00 2001 From: Thomas Leclaire <43581346+thomasLeclaire@users.noreply.github.com> Date: Fri, 15 Feb 2019 16:04:59 +0100 Subject: [PATCH 0186/1586] [stable/metabase] Correct env var for jvm options (#11073) * Correct env var for jvm options Signed-off-by: Thomas Leclaire * bump char version Signed-off-by: Thomas Leclaire * update version Signed-off-by: Thomas Leclaire * update version Signed-off-by: Thomas Leclaire --- stable/metabase/Chart.yaml | 2 +- stable/metabase/templates/deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/metabase/Chart.yaml b/stable/metabase/Chart.yaml index 6e64a2a30d5d..89569b829a8c 100644 --- a/stable/metabase/Chart.yaml +++ b/stable/metabase/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: The easy, open source way for everyone in your company to ask questions and learn from data. name: metabase -version: 0.4.5 +version: 0.4.6 appVersion: v0.31.2 maintainers: - name: pmint93 diff --git a/stable/metabase/templates/deployment.yaml b/stable/metabase/templates/deployment.yaml index 317073014460..bf4d422be6c3 100644 --- a/stable/metabase/templates/deployment.yaml +++ b/stable/metabase/templates/deployment.yaml @@ -82,7 +82,7 @@ spec: - name: JAVA_TIMEZONE value: {{ .Values.timeZone }} {{- if .Values.javaToolOptions }} - - name: JAVA_TOOL_OPTIONS + - name: JAVA_OPTS value: {{ .Values.javaToolOptions | quote }} {{- end }} {{- if .Values.pluginsDirectory }} From 5de8d5f4307af311b4e59583c3f3f06c54904adf Mon Sep 17 00:00:00 2001 From: Faizan Ahmad Date: Fri, 15 Feb 2019 16:20:44 +0100 Subject: [PATCH 0187/1586] [helm/charts] [stakater/reloader] Add reloader to helm public charts repo (#9859) * [helm/charts] Add reloader in helm charts public repo Signed-off-by: faizanahmad055 * Update reloader deploymentapiVersion Signed-off-by: faizanahmad055 * Update chart.yaml Signed-off-by: faizanahmad055 * Fix selector labels Signed-off-by: faizanahmad055 * Update chart version Signed-off-by: faizanahmad055 * Update sources Signed-off-by: faizanahmad055 * Update readme Signed-off-by: faizanahmad055 --- stable/reloader/.helmignore | 2 + stable/reloader/Chart.yaml | 25 +++ stable/reloader/OWNERS | 14 ++ stable/reloader/README.md | 163 ++++++++++++++++++ stable/reloader/templates/NOTES.txt | 7 + stable/reloader/templates/_helpers.tpl | 37 ++++ stable/reloader/templates/clusterrole.yaml | 39 +++++ .../templates/clusterrolebinding.yaml | 25 +++ stable/reloader/templates/deployment.yaml | 74 ++++++++ stable/reloader/templates/role.yaml | 38 ++++ stable/reloader/templates/rolebinding.yaml | 25 +++ stable/reloader/templates/serviceaccount.yaml | 15 ++ stable/reloader/values.yaml | 32 ++++ 13 files changed, 496 insertions(+) create mode 100644 stable/reloader/.helmignore create mode 100644 stable/reloader/Chart.yaml create mode 100644 stable/reloader/OWNERS create mode 100644 stable/reloader/README.md create mode 100644 stable/reloader/templates/NOTES.txt create mode 100644 stable/reloader/templates/_helpers.tpl create mode 100644 stable/reloader/templates/clusterrole.yaml create mode 100644 stable/reloader/templates/clusterrolebinding.yaml create mode 100644 stable/reloader/templates/deployment.yaml create mode 100644 stable/reloader/templates/role.yaml create mode 100644 stable/reloader/templates/rolebinding.yaml create mode 100644 stable/reloader/templates/serviceaccount.yaml create mode 100644 stable/reloader/values.yaml diff --git a/stable/reloader/.helmignore b/stable/reloader/.helmignore new file mode 100644 index 000000000000..9e1690881f44 --- /dev/null +++ b/stable/reloader/.helmignore @@ -0,0 +1,2 @@ +# OWNERS file for Kubernetes +OWNERS diff --git a/stable/reloader/Chart.yaml b/stable/reloader/Chart.yaml new file mode 100644 index 000000000000..c0126458e940 --- /dev/null +++ b/stable/reloader/Chart.yaml @@ -0,0 +1,25 @@ +apiVersion: v1 +name: reloader +description: Reloader chart that runs on kubernetes +version: 1.0.0 +appVersion: 0.0.18 +keywords: + - Reloader + - kubernetes +home: https://github.com/stakater/Reloader +sources: +- https://github.com/stakater/Reloader +icon: https://raw.githubusercontent.com/stakater/Reloader/master/assets/web/reloader-round-100px.png +maintainers: +- name: rasheedamir + email: rasheed@aurorasolutions.io +- name: waseem-h + email: waseemhassan@stakater.com +- name: faizanahmad055 + email: faizan.ahmad55@outlook.com +- name: kahootali + email: ali.kahoot@aurorasolutions.io +- name: ahmadiq + email: ahmad@aurorasolutions.io +- name: ahsan-storm + email: ahsanmuhammad1@outlook.com diff --git a/stable/reloader/OWNERS b/stable/reloader/OWNERS new file mode 100644 index 000000000000..31ea124be1c6 --- /dev/null +++ b/stable/reloader/OWNERS @@ -0,0 +1,14 @@ +approvers: +- faizanahmad055 +- kahootali +- ahmadiq +- waseem-h +- rasheedamir +- ahsan-storm +reviewers: +- faizanahmad055 +- kahootali +- ahmadiq +- waseem-h +- rasheedamir +- ahsan-storm diff --git a/stable/reloader/README.md b/stable/reloader/README.md new file mode 100644 index 000000000000..fb5375e5e309 --- /dev/null +++ b/stable/reloader/README.md @@ -0,0 +1,163 @@ +# ![](https://raw.githubusercontent.com/stakater/Reloader/master/assets/web/reloader-round-100px.png) RELOADER + +A Kubernetes controller to watch changes in ConfigMap and Secrets and then restart pods for Deployment, StatefulSet and DaemonSet + +[![Get started with Stakater](https://stakater.github.io/README/stakater-github-banner.png)](http://stakater.com/?utm_source=Reloader&utm_medium=github) + +## Problem + +We would like to watch if some change happens in `ConfigMap` and/or `Secret`; then perform a rolling upgrade on relevant `Deployment`, `Deamonset` and `Statefulset` + +## Solution + +Reloader can watch changes in `ConfigMap` and `Secret` and do rolling upgrades on Pods with their associated `Deployments`, `Deamonsets` and `Statefulsets`. + +## How to use Reloader + +### Configmap + +For a `Deployment` called `foo` have a `ConfigMap` called `foo-configmap`. Then add this annotation to main metadata of your `Deployment` + +```yaml +kind: Deployment +metadata: + annotations: + configmap.reloader.stakater.com/reload: "foo-configmap" +spec: + template: + metadata: +``` + +Use comma separated list to define multiple configmaps. + +```yaml +kind: Deployment +metadata: + annotations: + configmap.reloader.stakater.com/reload: "foo-configmap,bar-configmap,baz-configmap" +spec: + template: + metadata: +``` + +### Secret + +For a `Deployment` called `foo` have a `Secret` called `foo-secret`. Then add this annotation to main metadata of your `Deployment` + +```yaml +kind: Deployment +metadata: + annotations: + secret.reloader.stakater.com/reload: "foo-secret" +spec: + template: + metadata: +``` + +Use comma separated list to define multiple secrets. + +```yaml +kind: Deployment +metadata: + annotations: + secret.reloader.stakater.com/reload: "foo-secret,bar-secret,baz-secret" +spec: + template: + metadata: +``` + +## Usage + +The following quickstart let's you set up Reloader quickly: + +Update the `values.yaml` and set the following properties + +| Key | Description | Example | Default Value | +|---------------|---------------------------------------------------------------------------|------------------------------------|------------------------------------| +| watchGlobally | Option to watch configmap and secrets in all namespaces | `true` | `true` | +| matchLabels | Additional match Labels for selector | `{}` | `{}` | +| deployment.annotations | Annotations for deployment | `{}` | `{}` | +| deployment.labels | Labels for deployment | `provider` | `provider` | +| deployment.image.name | Image name for reloader | `stakater/reloader` | `stakater/reloader` | +| deployment.image.tag | Image tag for reloader | `0.0.18` | `0.0.18` | +| deployment.image.pullPolicy | Image pull policy for reloader | `IfNotPresent` | `IfNotPresent` | +| deployment.env.open | Additional key value pair as environment variables | `STORAGE: local` | `` | +| deployment.env.secret | Additional Key value pair as environment variables. It gets the values based on keys from default reloader secret if any | `BASIC_AUTH_USER: test` | `` | +| deployment.env.field | Additional environment variables to expose pod information to containers. | `POD_IP: status.podIP` | `` | +| rbac.enabled | Option to create rbac | `true` | `true` | +| rbac.labels | Additional labels for rbac | `{}` | `{}` | +| serviceAccount.create | Option to create serviceAccount | `true` | `true` | +| serviceAccount.name | Name of serviceAccount | `reloader` | `reloader` | + +## Deploying to Kubernetes + +You can deploy Reloader by following methods: + +### Helm Charts + +if you have configured helm on your cluster, you can add reloader to helm from public chart repository and deploy it via helm using below mentioned commands + + ```bash +helm repo add stable https://kubernetes-charts.storage.googleapis.com/ + +helm repo update + +helm install stable/reloader +``` + +**Note:** By default reloader watches in all namespaces. To watch in single namespace, please run following command. It will install reloader in `test` namespace which will only watch `Deployments`, `Deamonsets` and `Statefulsets` in `test` namespace. + +```bash +helm install stable/reloader --set reloader.watchGlobally=false --namespace test +``` + +## Help + +### Documentation +You can find more documentation [here](https://github.com/stakater/Reloader/tree/master/docs) + +### Have a question? +File a GitHub [issue](https://github.com/stakater/Reloader/issues), or send us an [email](mailto:stakater@gmail.com). + +### Talk to us on Slack + +Join and talk to us on Slack for discussing Reloader + +[![Join Slack](https://stakater.github.io/README/stakater-join-slack-btn.png)](https://stakater-slack.herokuapp.com/) +[![Chat](https://stakater.github.io/README/stakater-chat-btn.png)](https://stakater.slack.com/messages/CC5S05S12) + +## Contributing + +### Bug Reports & Feature Requests + +Please use the [issue tracker](https://github.com/stakater/Reloader/issues) to report any bugs or file feature requests. + +### Developing + +PRs are welcome. In general, we follow the "fork-and-pull" Git workflow. + + 1. **Fork** the repo on GitHub + 2. **Clone** the project to your own machine + 3. **Commit** changes to your own branch + 4. **Push** your work back up to your fork + 5. Submit a **Pull request** so that we can review your changes + +NOTE: Be sure to merge the latest from "upstream" before making a pull request! + +## Changelog + +View our closed [Pull Requests](https://github.com/stakater/Reloader/pulls?q=is%3Apr+is%3Aclosed). + +## License + +Apache2 © [Stakater](http://stakater.com) + +## About + +[Reloader](https://github.com/stakater/Reloader) is maintained by [Stakater][website]. Like it? Please let us know at + +See [our other projects][community] +or contact us in case of professional services and queries on + + [website]: http://stakater.com/ + [community]: https://github.com/stakater/ diff --git a/stable/reloader/templates/NOTES.txt b/stable/reloader/templates/NOTES.txt new file mode 100644 index 000000000000..f2a38752a417 --- /dev/null +++ b/stable/reloader/templates/NOTES.txt @@ -0,0 +1,7 @@ +- For a `Deployment` called `foo` have a `ConfigMap` called `foo-configmap`. Then add this annotation to main metadata of your `Deployment` + configmap.reloader.stakater.com/reload: "foo-configmap" + +- For a `Deployment` called `foo` have a `Secret` called `foo-secret`. Then add this annotation to main metadata of your `Deployment` + secret.reloader.stakater.com/reload: "foo-secret" + +- After successful installation, your pods will get rolling updates when a change in data of configmap or secret will happen. diff --git a/stable/reloader/templates/_helpers.tpl b/stable/reloader/templates/_helpers.tpl new file mode 100644 index 000000000000..a149b1cf0dc3 --- /dev/null +++ b/stable/reloader/templates/_helpers.tpl @@ -0,0 +1,37 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "reloader-name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" | lower -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "reloader-fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{- define "reloader-labels.selector" -}} +app: {{ template "reloader-name" . }} +release: {{ .Release.Name | quote }} +{{- end -}} + +{{- define "reloader-labels.chart" -}} +chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" +heritage: {{ .Release.Service | quote }} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "serviceAccountName" -}} +{{- if .Values.reloader.serviceAccount.create -}} + {{ default (include "reloader-fullname" .) .Values.reloader.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.reloader.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/stable/reloader/templates/clusterrole.yaml b/stable/reloader/templates/clusterrole.yaml new file mode 100644 index 000000000000..08d85aaf95ec --- /dev/null +++ b/stable/reloader/templates/clusterrole.yaml @@ -0,0 +1,39 @@ +--- +{{- if and .Values.reloader.watchGlobally (.Values.reloader.rbac.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRole +metadata: + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{ include "reloader-labels.selector" . | indent 4 }} +{{- if .Values.reloader.rbac.labels }} +{{ toYaml .Values.reloader.rbac.labels | indent 4 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 4 }} +{{- end }} + name: {{ template "reloader-name" . }}-role + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - list + - get + - watch + - apiGroups: + - "extensions" + - "apps" + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - list + - get + - update + - patch +{{- end }} diff --git a/stable/reloader/templates/clusterrolebinding.yaml b/stable/reloader/templates/clusterrolebinding.yaml new file mode 100644 index 000000000000..01d909448cc9 --- /dev/null +++ b/stable/reloader/templates/clusterrolebinding.yaml @@ -0,0 +1,25 @@ +{{- if and .Values.reloader.watchGlobally (.Values.reloader.rbac.enabled) }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: ClusterRoleBinding +metadata: + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{ include "reloader-labels.selector" . | indent 4 }} +{{- if .Values.reloader.rbac.labels }} +{{ toYaml .Values.reloader.rbac.labels | indent 4 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 4 }} +{{- end }} + name: {{ template "reloader-name" . }}-role-binding + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: {{ template "reloader-name" . }}-role +subjects: + - kind: ServiceAccount + name: {{ template "serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/stable/reloader/templates/deployment.yaml b/stable/reloader/templates/deployment.yaml new file mode 100644 index 000000000000..d1baaf920e76 --- /dev/null +++ b/stable/reloader/templates/deployment.yaml @@ -0,0 +1,74 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: +{{- if .Values.reloader.deployment.annotations }} + annotations: +{{ toYaml .Values.reloader.deployment.annotations | indent 4 }} +{{- end }} + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{ include "reloader-labels.selector" . | indent 4 }} +{{- if .Values.reloader.deployment.labels }} +{{ toYaml .Values.reloader.deployment.labels | indent 4 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 4 }} +{{- end }} + name: {{ template "reloader-name" . }} +spec: + replicas: 1 + revisionHistoryLimit: 2 + selector: + matchLabels: +{{ include "reloader-labels.selector" . | indent 6 }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 6 }} +{{- end }} + template: + metadata: + labels: +{{ include "reloader-labels.selector" . | indent 8 }} +{{ include "reloader-labels.chart" . | indent 8 }} +{{- if .Values.reloader.deployment.labels }} +{{ toYaml .Values.reloader.deployment.labels | indent 8 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 8 }} +{{- end }} + spec: + containers: + - env: + {{- range $name, $value := .Values.reloader.deployment.env.open }} + {{- if not (empty $value) }} + - name: {{ $name | quote }} + value: {{ $value | quote }} + {{- end }} + {{- end }} + {{- $secret_name := include "reloader-fullname" . }} + {{- range $name, $value := .Values.reloader.deployment.env.secret }} + {{- if not ( empty $value) }} + - name: {{ $name | quote }} + valueFrom: + secretKeyRef: + name: {{ $secret_name }} + key: {{ $name | quote }} + {{- end }} + {{- end }} + {{- range $name, $value := .Values.reloader.deployment.env.field }} + {{- if not ( empty $value) }} + - name: {{ $name | quote }} + valueFrom: + fieldRef: + fieldPath: {{ $value | quote}} + {{- end }} + {{- end }} + {{- if eq .Values.reloader.watchGlobally false }} + - name: KUBERNETES_NAMESPACE + valueFrom: + fieldRef: + fieldPath: metadata.namespace + {{- end }} + image: "{{ .Values.reloader.deployment.image.name }}:{{ .Values.reloader.deployment.image.tag }}" + imagePullPolicy: {{ .Values.reloader.deployment.image.pullPolicy }} + name: {{ template "reloader-name" . }} + serviceAccountName: {{ template "serviceAccountName" . }} diff --git a/stable/reloader/templates/role.yaml b/stable/reloader/templates/role.yaml new file mode 100644 index 000000000000..cff7e69e447a --- /dev/null +++ b/stable/reloader/templates/role.yaml @@ -0,0 +1,38 @@ +{{- if and (not (.Values.reloader.watchGlobally)) (.Values.reloader.rbac.enabled) }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{ include "reloader-labels.selector" . | indent 4 }} +{{- if .Values.reloader.rbac.labels }} +{{ toYaml .Values.reloader.rbac.labels | indent 4 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 4 }} +{{- end }} + name: {{ template "reloader-name" . }}-role + namespace: {{ .Release.Namespace }} +rules: + - apiGroups: + - "" + resources: + - secrets + - configmaps + verbs: + - list + - get + - watch + - apiGroups: + - "extensions" + - "apps" + resources: + - deployments + - daemonsets + - statefulsets + verbs: + - list + - get + - update + - patch +{{- end }} diff --git a/stable/reloader/templates/rolebinding.yaml b/stable/reloader/templates/rolebinding.yaml new file mode 100644 index 000000000000..8db19274e0aa --- /dev/null +++ b/stable/reloader/templates/rolebinding.yaml @@ -0,0 +1,25 @@ +{{- if and (not (.Values.reloader.watchGlobally)) (.Values.reloader.rbac.enabled) }} +--- +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: RoleBinding +metadata: + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{ include "reloader-labels.selector" . | indent 4 }} +{{- if .Values.reloader.rbac.labels }} +{{ toYaml .Values.reloader.rbac.labels | indent 4 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 4 }} +{{- end }} + name: {{ template "reloader-name" . }}-role-binding + namespace: {{ .Release.Namespace }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "reloader-name" . }}-role +subjects: + - kind: ServiceAccount + name: {{ template "serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} diff --git a/stable/reloader/templates/serviceaccount.yaml b/stable/reloader/templates/serviceaccount.yaml new file mode 100644 index 000000000000..461dd527e067 --- /dev/null +++ b/stable/reloader/templates/serviceaccount.yaml @@ -0,0 +1,15 @@ +{{- if .Values.reloader.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: +{{ include "reloader-labels.chart" . | indent 4 }} +{{ include "reloader-labels.selector" . | indent 4 }} +{{- if .Values.reloader.serviceAccount.labels }} +{{ toYaml .Values.reloader.serviceAccount.labels | indent 4 }} +{{- end }} +{{- if .Values.reloader.matchLabels }} +{{ toYaml .Values.reloader.matchLabels | indent 4 }} +{{- end }} + name: {{ template "serviceAccountName" . }} +{{- end }} diff --git a/stable/reloader/values.yaml b/stable/reloader/values.yaml new file mode 100644 index 000000000000..04199f44fc94 --- /dev/null +++ b/stable/reloader/values.yaml @@ -0,0 +1,32 @@ +reloader: + watchGlobally: true + matchLabels: {} + deployment: + annotations: {} + labels: + provider: stakater + group: com.stakater.platform + image: + name: stakater/reloader + tag: "0.0.18" + pullPolicy: IfNotPresent + # Support for extra environment variables. + env: + # Open supports Key value pair as environment variables. + open: + # secret supports Key value pair as environment variables. It gets the values based on keys from default reloader secret if any. + secret: + # field supports Key value pair as environment variables. It gets the values from other fields of pod. + field: + + rbac: + enabled: true + labels: {} + # Service account config for the agent pods + serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + labels: {} + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: reloader From 3b9ed5ea20ad8dee9bea18eaffdecfded7dcd69e Mon Sep 17 00:00:00 2001 From: Renat Galiev Date: Fri, 15 Feb 2019 18:21:03 +0300 Subject: [PATCH 0188/1586] [stable/redis-ha] Fix typo in redis-ha-statefulset (#11378) Signed-off-by: Renat Galiev --- stable/redis-ha/Chart.yaml | 2 +- stable/redis-ha/templates/redis-ha-statefulset.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/redis-ha/Chart.yaml b/stable/redis-ha/Chart.yaml index d07a8f73faa9..179ab774f486 100644 --- a/stable/redis-ha/Chart.yaml +++ b/stable/redis-ha/Chart.yaml @@ -5,7 +5,7 @@ keywords: - redis - keyvalue - database -version: 3.1.5 +version: 3.1.6 appVersion: 5.0.3 description: Highly available Kubernetes implementation of Redis icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png diff --git a/stable/redis-ha/templates/redis-ha-statefulset.yaml b/stable/redis-ha/templates/redis-ha-statefulset.yaml index 3eb1547aeb20..1fc9062e72b7 100644 --- a/stable/redis-ha/templates/redis-ha-statefulset.yaml +++ b/stable/redis-ha/templates/redis-ha-statefulset.yaml @@ -187,7 +187,7 @@ spec: timeoutSeconds: 1 periodSeconds: 15 resources: - {{ toYaml .Values.exporter.resources | indent 10 }} +{{ toYaml .Values.exporter.resources | indent 10 }} ports: - name: exporter-port containerPort: {{ .Values.exporter.port }} From 02a24bb8163921fda11a384e8d4cadcc8261b6eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Patrick=20H=C3=BCtter?= Date: Fri, 15 Feb 2019 17:43:14 +0100 Subject: [PATCH 0189/1586] [stable/kong] Integrated optional support for hostPort on admin, proxy and tls. (#11301) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Integrated optional support for hostPort on admin, proxy and tls. Signed-off-by: Patrick Hütter * Chart version bump Signed-off-by: Patrick Hütter --- stable/kong/Chart.yaml | 2 +- stable/kong/README.md | 7 +++++-- stable/kong/templates/deployment.yaml | 9 +++++++++ 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/stable/kong/Chart.yaml b/stable/kong/Chart.yaml index 51d5f8c78e5f..c6fb11f59641 100644 --- a/stable/kong/Chart.yaml +++ b/stable/kong/Chart.yaml @@ -10,5 +10,5 @@ maintainers: name: kong sources: - https://github.com/Kong/kong -version: 0.9.2 +version: 0.9.3 appVersion: 1.0.2 diff --git a/stable/kong/README.md b/stable/kong/README.md index f8ca06d21d18..964841a8cf13 100644 --- a/stable/kong/README.md +++ b/stable/kong/README.md @@ -51,7 +51,7 @@ and their default values. | Parameter | Description | Default | | ------------------------------ | -------------------------------------------------------------------------------- | ------------------- | | image.repository | Kong image | `kong` | -| image.tag | Kong image version | `1.0.2` | +| image.tag | Kong image version | `1.0.2` | | image.pullPolicy | Image pull policy | `IfNotPresent` | | image.pullSecrets | Image pull secrets | `null` | | replicaCount | Kong instance count | `1` | @@ -59,6 +59,7 @@ and their default values. | admin.servicePort | TCP port on which the Kong admin service is exposed | `8444` | | admin.containerPort | TCP port on which Kong app listens for admin traffic | `8444` | | admin.nodePort | Node port when service type is `NodePort` | | +| admin.hostPort | Host port to use for admin traffic | | | admin.type | k8s service type, Options: NodePort, ClusterIP, LoadBalancer | `NodePort` | | admin.loadBalancerIP | Will reuse an existing ingress static IP for the admin service | `null` | | admin.loadBalancerSourceRanges | Limit admin access to CIDRs if set and service type is `LoadBalancer` | `[]` | @@ -67,14 +68,16 @@ and their default values. | admin.ingress.hosts | List of ingress hosts. | `[]` | | admin.ingress.path | Ingress path. | `/` | | admin.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` | -| proxy.http.enabled | Enables http on the proxy | true | +| proxy.http.enabled | Enables http on the proxy | true | | proxy.http.servicePort | Service port to use for http | 80 | | proxy.http.containerPort | Container port to use for http | 8000 | | proxy.http.nodePort | Node port to use for http | 32080 | +| proxy.http.hostPort | Host port to use for http | | | proxy.tls.enabled | Enables TLS on the proxy | true | | proxy.tls.containerPort | Container port to use for TLS | 8443 | | proxy.tls.servicePort | Service port to use for TLS | 8443 | | proxy.tls.nodePort | Node port to use for TLS | 32443 | +| proxy.tls.hostPort | Host port to use for TLS | | | proxy.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | `NodePort` | | proxy.loadBalancerSourceRanges | Limit proxy access to CIDRs if set and service type is `LoadBalancer` | `[]` | | proxy.loadBalancerIP | To reuse an existing ingress static IP for the admin service | | diff --git a/stable/kong/templates/deployment.yaml b/stable/kong/templates/deployment.yaml index d7191ac1b044..cd097c554310 100644 --- a/stable/kong/templates/deployment.yaml +++ b/stable/kong/templates/deployment.yaml @@ -110,15 +110,24 @@ spec: ports: - name: admin containerPort: {{ .Values.admin.containerPort }} + {{- if .Values.admin.hostPort }} + hostPort: {{ .Values.admin.hostPort }} + {{- end}} protocol: TCP {{- if .Values.proxy.http.enabled }} - name: proxy containerPort: {{ .Values.proxy.http.containerPort }} + {{- if .Values.proxy.http.hostPort }} + hostPort: {{ .Values.proxy.http.hostPort }} + {{- end}} protocol: TCP {{- end }} {{- if .Values.proxy.tls.enabled }} - name: proxy-tls containerPort: {{ .Values.proxy.tls.containerPort }} + {{- if .Values.proxy.tls.hostPort }} + hostPort: {{ .Values.proxy.tls.hostPort }} + {{- end}} protocol: TCP {{- end }} readinessProbe: From 4a64117b98fa196d1c564ef53650e898c574dc75 Mon Sep 17 00:00:00 2001 From: Itay Shakury Date: Fri, 15 Feb 2019 20:05:03 +0200 Subject: [PATCH 0190/1586] [stable/prometheus-operator] allow to configure operator log level (#11326) * allow to configure operator log level Signed-off-by: Itay Shakury * bump chart version again after rebase Signed-off-by: Itay Shakury --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 1 + .../templates/prometheus-operator/deployment.yaml | 3 +++ stable/prometheus-operator/values.yaml | 3 +++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index b632c0ddf567..f8f26ae0aa2b 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.2.1 +version: 2.2.2 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index b07e9cae29a0..e8493f44130a 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -87,6 +87,7 @@ The following tables lists the configurable parameters of the prometheus-operato | `prometheusOperator.serviceAccount` | Create a serviceaccount for the operator | `true` | | `prometheusOperator.name` | Operator serviceAccount name | `""` | | `prometheusOperator.logFormat` | Operator log output formatting | `"logfmt"` | +| `prometheusOperator.logLevel` | Operator log level. Possible values: "all", "debug", "info", "warn", "error", "none" | `"info"` | | `prometheusOperator.createCustomResource` | Create CRDs. Required if deploying anything besides the operator itself as part of the release. The operator will create / update these on startup. If your Helm version < 2.10 you will have to either create the CRDs first or deploy the operator first, then the rest of the resources | `true` | | `prometheusOperator.crdApiGroup` | Specify the API Group for the CustomResourceDefinitions | `monitoring.coreos.com` | | `prometheusOperator.cleanupCustomResource` | Attempt to delete CRDs when the release is removed. This option may be useful while testing but is not recommended, as deleting the CRD definition will delete resources and prevent the operator from being able to clean up resources that it manages | `false` | diff --git a/stable/prometheus-operator/templates/prometheus-operator/deployment.yaml b/stable/prometheus-operator/templates/prometheus-operator/deployment.yaml index dbad33b068a9..809d6fa839ff 100644 --- a/stable/prometheus-operator/templates/prometheus-operator/deployment.yaml +++ b/stable/prometheus-operator/templates/prometheus-operator/deployment.yaml @@ -34,6 +34,9 @@ spec: {{- end }} {{- if .Values.prometheusOperator.logFormat }} - --log-format={{ .Values.prometheusOperator.logFormat }} + {{- end }} + {{- if .Values.prometheusOperator.logLevel }} + - --log-level={{ .Values.prometheusOperator.logLevel }} {{- end }} - --logtostderr=true - --crd-apigroup={{ .Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com" }} diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index 1c73da946939..161974cc391e 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -567,6 +567,9 @@ prometheusOperator: # Use logfmt (default) or json-formatted logging # logFormat: logfmt + ## Decrease log verbosity to errors only + # logLevel: error + ## If true, the operator will create and maintain a service for scraping kubelets ## ref: https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus-operator/README.md ## From 65a1c9ef64cfe16446258a377d233160894ad2d9 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Fri, 15 Feb 2019 21:46:41 +0100 Subject: [PATCH 0191/1586] bump reloader to 0.0.25 (#11452) Signed-off-by: Carlos Panato --- stable/reloader/Chart.yaml | 4 ++-- stable/reloader/README.md | 2 +- stable/reloader/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/reloader/Chart.yaml b/stable/reloader/Chart.yaml index c0126458e940..02dbbb67ae7a 100644 --- a/stable/reloader/Chart.yaml +++ b/stable/reloader/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: reloader description: Reloader chart that runs on kubernetes -version: 1.0.0 -appVersion: 0.0.18 +version: 1.0.1 +appVersion: "v0.0.25" keywords: - Reloader - kubernetes diff --git a/stable/reloader/README.md b/stable/reloader/README.md index fb5375e5e309..b0664a3a3bcd 100644 --- a/stable/reloader/README.md +++ b/stable/reloader/README.md @@ -79,7 +79,7 @@ Update the `values.yaml` and set the following properties | deployment.annotations | Annotations for deployment | `{}` | `{}` | | deployment.labels | Labels for deployment | `provider` | `provider` | | deployment.image.name | Image name for reloader | `stakater/reloader` | `stakater/reloader` | -| deployment.image.tag | Image tag for reloader | `0.0.18` | `0.0.18` | +| deployment.image.tag | Image tag for reloader | `v0.0.25` | `v0.0.25` | | deployment.image.pullPolicy | Image pull policy for reloader | `IfNotPresent` | `IfNotPresent` | | deployment.env.open | Additional key value pair as environment variables | `STORAGE: local` | `` | | deployment.env.secret | Additional Key value pair as environment variables. It gets the values based on keys from default reloader secret if any | `BASIC_AUTH_USER: test` | `` | diff --git a/stable/reloader/values.yaml b/stable/reloader/values.yaml index 04199f44fc94..6d4a5f419a3e 100644 --- a/stable/reloader/values.yaml +++ b/stable/reloader/values.yaml @@ -8,7 +8,7 @@ reloader: group: com.stakater.platform image: name: stakater/reloader - tag: "0.0.18" + tag: "v0.0.25" pullPolicy: IfNotPresent # Support for extra environment variables. env: From 5586b43ba8ddb32119c05b46d3a422cc215e1094 Mon Sep 17 00:00:00 2001 From: Andrew Plummer Date: Fri, 15 Feb 2019 21:19:05 +0000 Subject: [PATCH 0192/1586] [stable/aws-iam-authenticator] Add new chart (#10940) Signed-off-by: Andrew Plummer --- stable/aws-iam-authenticator/.helmignore | 21 ++++++ stable/aws-iam-authenticator/Chart.yaml | 11 +++ stable/aws-iam-authenticator/README.md | 36 ++++++++++ .../templates/_helpers.tpl | 32 +++++++++ .../templates/configmap.yaml | 12 ++++ .../templates/daemonset.yaml | 67 +++++++++++++++++++ stable/aws-iam-authenticator/values.yaml | 12 ++++ 7 files changed, 191 insertions(+) create mode 100644 stable/aws-iam-authenticator/.helmignore create mode 100644 stable/aws-iam-authenticator/Chart.yaml create mode 100644 stable/aws-iam-authenticator/README.md create mode 100644 stable/aws-iam-authenticator/templates/_helpers.tpl create mode 100644 stable/aws-iam-authenticator/templates/configmap.yaml create mode 100644 stable/aws-iam-authenticator/templates/daemonset.yaml create mode 100644 stable/aws-iam-authenticator/values.yaml diff --git a/stable/aws-iam-authenticator/.helmignore b/stable/aws-iam-authenticator/.helmignore new file mode 100644 index 000000000000..f0c131944441 --- /dev/null +++ b/stable/aws-iam-authenticator/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/stable/aws-iam-authenticator/Chart.yaml b/stable/aws-iam-authenticator/Chart.yaml new file mode 100644 index 000000000000..92bf3ba79b93 --- /dev/null +++ b/stable/aws-iam-authenticator/Chart.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for aws-iam-authenticator +name: aws-iam-authenticator +version: 0.1.0 +home: https://github.com/kubernetes-sigs/aws-iam-authenticator +maintainers: + - name: plumdog + email: plummer574@gmail.com +sources: + - https://github.com/kubernetes-sigs/aws-iam-authenticator diff --git a/stable/aws-iam-authenticator/README.md b/stable/aws-iam-authenticator/README.md new file mode 100644 index 000000000000..65f3120c9977 --- /dev/null +++ b/stable/aws-iam-authenticator/README.md @@ -0,0 +1,36 @@ +# AWS IAM Authenticator + +See https://github.com/kubernetes-sigs/aws-iam-authenticator + +In particular, make sure that have configured your API server as in +https://github.com/kubernetes-sigs/aws-iam-authenticator#how-do-i-use-it. (This +chart only installs the DaemonSet and a ConfigMap.) + +## Values + +| Config | Description | Default | +| `image.repository` | Image repo | `gcr.io/heptio-images/authenticator` | +| `image.tag` | Image tag | `v0.1.0` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `config` | All the config, see below | `{}` | +| `resources` | Pod resources | `{}` | +| `hostPathConfig.output` | HostPath output | `/srv/kubernetes/aws-iam-authenticator/` | +| `hostPathConfig.state` | HostPath state | `/srv/kubernetes/aws-iam-authenticator/` | + +### Config + +The value set for `config` is where all the action happens - this is +how you map AWS IAM roles to groups in the cluster. See the +aws-iam-authenticator docs for all of the possible options for this. + +A simple example values file might look like: +``` +config: + clusterID: mycluster.io + server: + mapRoles: + - groups: + - developers # the name of a group within Kubernetes + roleARN: arn:aws:iam::000000000000:role/developer # the ARN of a role in AWS + username: developer +``` diff --git a/stable/aws-iam-authenticator/templates/_helpers.tpl b/stable/aws-iam-authenticator/templates/_helpers.tpl new file mode 100644 index 000000000000..cc1a336c77db --- /dev/null +++ b/stable/aws-iam-authenticator/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "aws-iam-authenticator.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "aws-iam-authenticator.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "aws-iam-authenticator.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/stable/aws-iam-authenticator/templates/configmap.yaml b/stable/aws-iam-authenticator/templates/configmap.yaml new file mode 100644 index 000000000000..b082b08e7d69 --- /dev/null +++ b/stable/aws-iam-authenticator/templates/configmap.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "aws-iam-authenticator.fullname" . }} + labels: + app: {{ template "aws-iam-authenticator.name" . }} + chart: {{ template "aws-iam-authenticator.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + config.yaml: | +{{ toYaml .Values.config | indent 4 }} diff --git a/stable/aws-iam-authenticator/templates/daemonset.yaml b/stable/aws-iam-authenticator/templates/daemonset.yaml new file mode 100644 index 000000000000..66aa35d88556 --- /dev/null +++ b/stable/aws-iam-authenticator/templates/daemonset.yaml @@ -0,0 +1,67 @@ +apiVersion: extensions/v1beta1 +kind: DaemonSet +metadata: + name: {{ template "aws-iam-authenticator.fullname" . }} + labels: + app: {{ template "aws-iam-authenticator.name" . }} + chart: {{ template "aws-iam-authenticator.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +spec: + updateStrategy: + type: RollingUpdate + template: + metadata: + annotations: + scheduler.alpha.kubernetes.io/critical-pod: "" + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} + labels: + app: {{ template "aws-iam-authenticator.name" . }} + release: {{ .Release.Name }} + spec: + # run on the host network (don't depend on CNI) + hostNetwork: true + + # run on each master node + nodeSelector: + node-role.kubernetes.io/master: "" + tolerations: + - effect: NoSchedule + key: node-role.kubernetes.io/master + - key: CriticalAddonsOnly + operator: Exists + + # run `aws-iam-authenticator server` with three volumes + # - config (mounted from the ConfigMap at /etc/aws-iam-authenticator/config.yaml) + # - state (persisted TLS certificate and keys, mounted from the host) + # - output (output kubeconfig to plug into your apiserver configuration, mounted from the host) + containers: + - name: {{ template "aws-iam-authenticator.fullname" . }} + image: gcr.io/heptio-images/authenticator:v0.1.0 + args: + - server + - --config=/etc/aws-iam-authenticator/config.yaml + - --state-dir=/var/aws-iam-authenticator + - --generate-kubeconfig=/etc/kubernetes/aws-iam-authenticator/kubeconfig.yaml + + resources: +{{ toYaml .Values.resources | indent 10 }} + + volumeMounts: + - name: config + mountPath: /etc/aws-iam-authenticator/ + - name: state + mountPath: /var/aws-iam-authenticator/ + - name: output + mountPath: /etc/kubernetes/aws-iam-authenticator/ + + volumes: + - name: config + configMap: + name: {{ template "aws-iam-authenticator.fullname" . }} + - name: output + hostPath: + path: {{ .Values.hostPathConfig.output }} + - name: state + hostPath: + path: {{ .Values.hostPathConfig.state }} diff --git a/stable/aws-iam-authenticator/values.yaml b/stable/aws-iam-authenticator/values.yaml new file mode 100644 index 000000000000..94eac6a81082 --- /dev/null +++ b/stable/aws-iam-authenticator/values.yaml @@ -0,0 +1,12 @@ +image: + repository: gcr.io/heptio-images/authenticator + tag: v0.1.0 + pullPolicy: IfNotPresent + +config: {} + +resources: {} + +hostPathConfig: + output: /srv/kubernetes/aws-iam-authenticator/ + state: /srv/kubernetes/aws-iam-authenticator/ From ea0888448bbb4794f9b5ace1efb1a420f6823af3 Mon Sep 17 00:00:00 2001 From: Dmitriy Lukyanchikov <31628587+dmitriy-lukyanchikov@users.noreply.github.com> Date: Fri, 15 Feb 2019 23:49:36 +0200 Subject: [PATCH 0193/1586] Add namespace value nginx ingress (#10980) * add servicemonitor namespace value Signed-off-by: git config --global --edit * update readme and chart version Signed-off-by: git config --global --edit --- stable/nginx-ingress/Chart.yaml | 2 +- stable/nginx-ingress/README.md | 1 + stable/nginx-ingress/templates/controller-servicemonitor.yaml | 3 +++ stable/nginx-ingress/values.yaml | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index 871e012967b8..22b24745e3e4 100644 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,5 +1,5 @@ name: nginx-ingress -version: 1.3.0 +version: 1.3.1 appVersion: 0.22.0 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. diff --git a/stable/nginx-ingress/README.md b/stable/nginx-ingress/README.md index 11be03a69263..5a9305f779bd 100644 --- a/stable/nginx-ingress/README.md +++ b/stable/nginx-ingress/README.md @@ -127,6 +127,7 @@ Parameter | Description | Default `controller.metrics.service.type` | type of Prometheus metrics service to create | `ClusterIP` `controller.metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` `controller.metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` +`controller.metrics.serviceMonitor.namespace` | namespace where servicemonitor resource should be created | `the same namespace as nginx ingress` `controller.customTemplate.configMapName` | configMap containing a custom nginx template | `""` `controller.customTemplate.configMapKey` | configMap key containing the nginx template | `""` `controller.headers` | configMap key:value pairs containing the [custom headers](https://github.com/kubernetes/ingress-nginx/tree/master/docs/examples/customization/custom-headers) for Nginx | `{}` diff --git a/stable/nginx-ingress/templates/controller-servicemonitor.yaml b/stable/nginx-ingress/templates/controller-servicemonitor.yaml index e68c933b2308..8048bc86a0d9 100644 --- a/stable/nginx-ingress/templates/controller-servicemonitor.yaml +++ b/stable/nginx-ingress/templates/controller-servicemonitor.yaml @@ -3,6 +3,9 @@ apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: name: {{ template "nginx-ingress.controller.fullname" . }} + {{- if .Values.controller.metrics.serviceMonitor.namespace }} + namespace: {{ .Values.controller.metrics.serviceMonitor.namespace }} + {{- end }} labels: app: {{ template "nginx-ingress.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} diff --git a/stable/nginx-ingress/values.yaml b/stable/nginx-ingress/values.yaml index 90da17387f9c..33f7de8f1ffe 100644 --- a/stable/nginx-ingress/values.yaml +++ b/stable/nginx-ingress/values.yaml @@ -279,6 +279,7 @@ controller: serviceMonitor: enabled: false additionalLabels: {} + namespace: "" lifecycle: {} From a59b5b25dec346295bd1ab5df1096213eb5adada Mon Sep 17 00:00:00 2001 From: Lucas Bickel Date: Fri, 15 Feb 2019 23:16:45 +0100 Subject: [PATCH 0194/1586] Make php-fpm configurable (#11032) Signed-off-by: Lucas Bickel --- stable/lamp/Chart.yaml | 2 +- stable/lamp/README.md | 1 + stable/lamp/templates/configmap-php.yaml | 3 +++ stable/lamp/values.yaml | 4 ++++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/lamp/Chart.yaml b/stable/lamp/Chart.yaml index a8d1f34c3003..8b31f0bd0de1 100644 --- a/stable/lamp/Chart.yaml +++ b/stable/lamp/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Modular and transparent LAMP stack chart supporting PHP-FPM, Release Cloning, LoadBalancer, Ingress, SSL and lots more! name: lamp -version: 1.0.0 +version: 1.1.0 appVersion: 7 home: https://github.com/lead4good/helm-lamp-stack maintainers: diff --git a/stable/lamp/README.md b/stable/lamp/README.md index a318af2b5857..b5b31dec6740 100644 --- a/stable/lamp/README.md +++ b/stable/lamp/README.md @@ -162,6 +162,7 @@ FPM is enabled by default, this creates an additional HTTPD container which rout | `php.sockets` | If FPM is enabled, enables communication between HTTPD and PHP via sockets instead of TCP | true | | `php.oldHTTPRoot` | Additionally mounts the webroot at `php.oldHTTPRoot` to compensate for absolute path file links | _empty_ | | `php.ini` | additional PHP config values, see examples on how to use | _empty_ | +| `php.fpm` | addditonal PHP FPM config values | _empty_ | | `php.copyRoot` | if true, copies the containers web root `/var/www/html` into persistent storage. This must be enabled, if the container already comes with files installed to `/var/www/html` | false | | `php.persistentSubpaths` | instead of enabling persistence for the whole webroot, only subpaths of webroot can be enabled for persistence. Have a look at the [nextcloud example](examples/nextcloud.yaml) to see how it works | _empty_ | | `php.resources` | PHP container resource requests/limits | `resources` | diff --git a/stable/lamp/templates/configmap-php.yaml b/stable/lamp/templates/configmap-php.yaml index abe3e9f42d32..d83249afc4c0 100644 --- a/stable/lamp/templates/configmap-php.yaml +++ b/stable/lamp/templates/configmap-php.yaml @@ -24,5 +24,8 @@ data: [www] listen = /var/run/php/php-fpm.sock listen.mode = 0666 + {{- if .Values.php.fpm }} +{{ .Values.php.fpm | indent 4 }} + {{- end }} {{- end }} {{- end }} diff --git a/stable/lamp/values.yaml b/stable/lamp/values.yaml index 06076d01769d..3b9c2d17ae5b 100644 --- a/stable/lamp/values.yaml +++ b/stable/lamp/values.yaml @@ -47,6 +47,10 @@ php: # ini: | # short_open_tag=On + ## php-fpm.conf: additional PHP FPM config values + # fpm: | + # pm.max_children = 120 + ## php.copyRoot if true, copies the containers web root `/var/www/html` into copyRoot: false From 4dc714d05f62333d78a8f09c5f257ed3f81e66f0 Mon Sep 17 00:00:00 2001 From: Miles Matthias Date: Fri, 15 Feb 2019 15:32:17 -0700 Subject: [PATCH 0195/1586] Add note to Spinnaker doc about destination path for additionalConfigMaps (#11437) * move the API_HOST variable to deck.yml, where it belongs Signed-off-by: Miles Matthias * bump chart version for gate fix Signed-off-by: Miles Matthias * noting where additional config maps are written to disk may be helpful to beginners Signed-off-by: Miles Matthias * bump chart version number per vic Signed-off-by: Miles Matthias --- stable/spinnaker/Chart.yaml | 2 +- stable/spinnaker/README.md | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/spinnaker/Chart.yaml b/stable/spinnaker/Chart.yaml index cf42e6e12074..eb37bdc85c6e 100644 --- a/stable/spinnaker/Chart.yaml +++ b/stable/spinnaker/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Open source, multi-cloud continuous delivery platform for releasing software changes with high velocity and confidence. name: spinnaker -version: 1.7.1 +version: 1.7.2 appVersion: 1.11.6 home: http://spinnaker.io/ sources: diff --git a/stable/spinnaker/README.md b/stable/spinnaker/README.md index e35cf8f1a7f6..f772746135ea 100644 --- a/stable/spinnaker/README.md +++ b/stable/spinnaker/README.md @@ -153,3 +153,5 @@ halyard: tasks: useManagedServiceAccounts: true ``` + +Any files added through `additionalConfigMaps` will be written to disk at `/opt/halyard/additionalConfigMaps`. From 0555bd2d5935afeda465e3a8e0d23ce6203f95a1 Mon Sep 17 00:00:00 2001 From: Flynn Date: Fri, 15 Feb 2019 19:05:35 -0500 Subject: [PATCH 0196/1586] Bump to Ambassador 0.50.2 (#11455) * Restore default replicas == 3 Signed-off-by: Flynn * Fix some markdown Signed-off-by: Flynn * Bump chart version, and switch my name to Flynn. :) Signed-off-by: Flynn * Add icon. Signed-off-by: Flynn * Sort OWNERS, and add nbkrause (from Datawire) Signed-off-by: Flynn * Heh. Didn't realize a change to OWNERS required a version bump. Signed-off-by: Flynn * Bump to Ambassador 0.50.2. Signed-off-by: Flynn --- stable/ambassador/Chart.yaml | 4 ++-- stable/ambassador/README.md | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/ambassador/Chart.yaml b/stable/ambassador/Chart.yaml index b11d81fef21e..7ac6156e1808 100644 --- a/stable/ambassador/Chart.yaml +++ b/stable/ambassador/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 0.50.1 +appVersion: 0.50.2 description: A Helm chart for Datawire Ambassador name: ambassador -version: 1.1.2 +version: 1.1.3 icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ sources: diff --git a/stable/ambassador/README.md b/stable/ambassador/README.md index 112e8b845964..c9311bce0811 100755 --- a/stable/ambassador/README.md +++ b/stable/ambassador/README.md @@ -53,7 +53,7 @@ The following tables lists the configurable parameters of the Ambassador chart a | `env` | Any additional environment variables for ambassador pods | `{}` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.repository` | Image | `quay.io/datawire/ambassador` | -| `image.tag` | Image tag | `0.50.1` | +| `image.tag` | Image tag | `0.50.2` | | `imagePullSecrets` | Image pull secrets | `[]` | | `namespace.name` | Set the `AMBASSADOR_NAMESPACE` environment variable | `metadata.namespace` | | `podAnnotations` | Additional annotations for ambassador pods | `{}` | From 935ae19e889fc0a9c5ed5c3bac00a318aea36066 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Sat, 16 Feb 2019 11:34:00 +0100 Subject: [PATCH 0197/1586] stable/rabbitmq: update to 3.7.12 (#11450) Signed-off-by: Bitnami Containers --- stable/rabbitmq/Chart.yaml | 4 ++-- stable/rabbitmq/values-production.yaml | 2 +- stable/rabbitmq/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/rabbitmq/Chart.yaml b/stable/rabbitmq/Chart.yaml index a1acc2a94811..29f14813d6e0 100644 --- a/stable/rabbitmq/Chart.yaml +++ b/stable/rabbitmq/Chart.yaml @@ -1,6 +1,6 @@ name: rabbitmq -version: 4.2.0 -appVersion: 3.7.11 +version: 4.2.1 +appVersion: 3.7.12 description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) keywords: - rabbitmq diff --git a/stable/rabbitmq/values-production.yaml b/stable/rabbitmq/values-production.yaml index f0f9e05afb5c..889003697c75 100644 --- a/stable/rabbitmq/values-production.yaml +++ b/stable/rabbitmq/values-production.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/rabbitmq - tag: 3.7.11 + tag: 3.7.12 ## set to true if you would like to see extra information on logs ## it turns BASH and NAMI debugging in minideb diff --git a/stable/rabbitmq/values.yaml b/stable/rabbitmq/values.yaml index c38e4d9921e0..cacbdc219af3 100644 --- a/stable/rabbitmq/values.yaml +++ b/stable/rabbitmq/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/rabbitmq - tag: 3.7.11 + tag: 3.7.12 ## set to true if you would like to see extra information on logs ## it turns BASH and NAMI debugging in minideb From 30adb9a913165bbfc0e79f1ee4a8a5d7dff2b896 Mon Sep 17 00:00:00 2001 From: elieser1101 Date: Sat, 16 Feb 2019 14:34:54 -0400 Subject: [PATCH 0198/1586] fix typo in default jenkins agent image fixes #11356 (#11463) * fix typo in default jenkins agent image Signed-off-by: Elieser Pereira * Chart Version bumped for typo fix in default jenkins agent image Signed-off-by: Elieser Pereira --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index cbf54bd18e3f..c081c6f0cd7a 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.32.4 +version: 0.32.5 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index ed3708292ee0..d10a5a22ac37 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -108,7 +108,7 @@ Some third-party systems, e.g. GitHub, use HTML-formatted data in their payload | `Agent.AlwaysPullImage` | Always pull agent container image before build | `false` | | `Agent.CustomJenkinsLabels`| Append Jenkins labels to the agent | `{}` | | `Agent.Enabled` | Enable Kubernetes plugin jnlp-agent podTemplate | `true` | -| `Agent.Image` | Agent image name | `jenkinsci/jnlp-slave` | +| `Agent.Image` | Agent image name | `jenkins/jnlp-slave` | | `Agent.ImagePullSecret` | Agent image pull secret | Not set | | `Agent.ImageTag` | Agent image tag | `3.27-1` | | `Agent.Privileged` | Agent privileged container | `false` | From c875d2b9bf0f5c121acc8554714bed57aa83a958 Mon Sep 17 00:00:00 2001 From: William Jeanneau Date: Sat, 16 Feb 2019 21:39:38 -0500 Subject: [PATCH 0199/1586] Added custom labels on jenkins ingress (#11466) Signed-off-by: wjeanneau --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/README.md | 1 + stable/jenkins/templates/jenkins-master-ingress.yaml | 4 ++++ stable/jenkins/values.yaml | 1 + 4 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index c081c6f0cd7a..9d80bda127db 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.32.5 +version: 0.32.6 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index d10a5a22ac37..3e9bcbc7239d 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -72,6 +72,7 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.ExtraPorts` | Open extra ports, for other uses | Not set | | `Master.OverwriteConfig` | Replace config w/ ConfigMap on boot | `false` | | `Master.Ingress.Annotations` | Ingress annotations | `{}` | +| `Master.Ingress.Labels` | Ingress labels | `{}` | | `Master.Ingress.Path` | Ingress path | Not set | | `Master.Ingress.TLS` | Ingress TLS configuration | `[]` | | `Master.JCasC.enabled` | Wheter Jenkins Configuration as Code is enabled or not | `false` | diff --git a/stable/jenkins/templates/jenkins-master-ingress.yaml b/stable/jenkins/templates/jenkins-master-ingress.yaml index 9c75f4467c61..7d8b04c788b1 100644 --- a/stable/jenkins/templates/jenkins-master-ingress.yaml +++ b/stable/jenkins/templates/jenkins-master-ingress.yaml @@ -2,6 +2,10 @@ apiVersion: {{ .Values.Master.Ingress.ApiVersion }} kind: Ingress metadata: +{{- if .Values.Master.Ingress.Labels }} + labels: +{{ toYaml .Values.Master.Ingress.Labels | indent 4 }} +{{- end }} {{- if .Values.Master.Ingress.Annotations }} annotations: {{ toYaml .Values.Master.Ingress.Annotations | indent 4 }} diff --git a/stable/jenkins/values.yaml b/stable/jenkins/values.yaml index c5b537a94881..4d3e9b093385 100644 --- a/stable/jenkins/values.yaml +++ b/stable/jenkins/values.yaml @@ -244,6 +244,7 @@ Master: Ingress: ApiVersion: extensions/v1beta1 + Labels: {} Annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" From 5fd24a8a7e2c5c5434eb51fe808dddbc6a7ca801 Mon Sep 17 00:00:00 2001 From: Braden Wright Date: Mon, 18 Feb 2019 02:17:35 -0600 Subject: [PATCH 0200/1586] stable/postgres bumped and update values-production as well, fixed merge conflict (#11313) Signed-off-by: Braden Wright --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 4 ++++ stable/postgresql/templates/statefulset-slaves.yaml | 7 +++++++ stable/postgresql/templates/statefulset.yaml | 7 +++++++ stable/postgresql/values-production.yaml | 4 ++++ stable/postgresql/values.yaml | 4 ++++ 6 files changed, 27 insertions(+), 1 deletion(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 989d37be1117..65bf17499597 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.11.2 +version: 3.11.3 appVersion: 10.7.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index e3a18cb0399b..6b4bd64f225e 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -97,9 +97,13 @@ The following tables lists the configurable parameters of the PostgreSQL chart a | `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | | `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | | `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | +| `master.podAnnotations` | Map of annotations to add to the pods (postgresql master) | `{}` | +| `master.podLabels` | Map of labels to add to the pods (postgresql master) | `{}` | | `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | | `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | | `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | +| `slave.podAnnotations` | Map of annotations to add to the pods (postgresql slave) | `{}` | +| `slave.podLabels` | Map of labels to add to the pods (postgresql slave) | `{}` | | `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | | `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | | `securityContext.enabled` | Enable security context | `true` | diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml index 198d1ae8415c..186730f541d8 100644 --- a/stable/postgresql/templates/statefulset-slaves.yaml +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -25,6 +25,13 @@ spec: release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} role: slave +{{- with .Values.slavePod.labels }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.slavePod.annotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} spec: {{- if .Values.image.pullSecrets }} imagePullSecrets: diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index c966ffe9fa1e..5d1b6b647f44 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -26,6 +26,13 @@ spec: release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} role: master +{{- with .Values.master.podLabels }} +{{ toYaml . | indent 8 }} +{{- end }} +{{- with .Values.master.podAnnotations }} + annotations: +{{ toYaml . | indent 8 }} +{{- end }} spec: {{- if or .Values.image.pullSecrets .Values.metrics.image.pullSecrets }} imagePullSecrets: diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index 29bbdf2d3924..8b0efc09aaac 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -206,6 +206,8 @@ master: nodeSelector: {} affinity: {} tolerations: [] + podLabels: {} + podAnnotations: {} ## ## PostgreSQL Slave parameters @@ -218,6 +220,8 @@ slave: nodeSelector: {} affinity: {} tolerations: [] + podLabels: {} + podAnnotations: {} ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index b2fa2d216e57..352c906406ff 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -213,6 +213,8 @@ master: nodeSelector: {} affinity: {} tolerations: [] + podLabels: {} + podAnnotations: {} ## ## PostgreSQL Slave parameters @@ -225,6 +227,8 @@ slave: nodeSelector: {} affinity: {} tolerations: [] + podLabels: {} + podAnnotations: {} ## Configure resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ From 4bb602bcc896db3359c99baece04ecc454b965cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Mon, 18 Feb 2019 11:27:06 +0100 Subject: [PATCH 0201/1586] [stable/postgresql] Fix broken compatibility with initDBScripts with Docker Inc PostgreSQL container (#11482) Signed-off-by: Javier J. Salmeron Garcia --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/templates/statefulset.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 65bf17499597..6ccd5e61cc07 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.11.3 +version: 3.11.4 appVersion: 10.7.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index 5d1b6b647f44..2adc1f08449c 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -195,7 +195,7 @@ spec: volumeMounts: {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - name: custom-init-scripts - mountPath: /docker-entrypoint-initdb.d/configmap + mountPath: /docker-entrypoint-initdb.d/ {{- end }} {{- if .Values.initdbScriptsSecret }} - name: custom-init-scripts-secret From b032d016db2f9f39acd70d020527e97521cc30ca Mon Sep 17 00:00:00 2001 From: Karol Chrapek Date: Mon, 18 Feb 2019 11:37:01 +0100 Subject: [PATCH 0202/1586] [stable/prometheus-node-exporter] Add options to change volume mount propagation (#11194) * Add options to change volume mount propagation Signed-off-by: Karol Chrapek * Add missing new line Signed-off-by: Karol Chrapek --- stable/prometheus-node-exporter/Chart.yaml | 2 +- .../prometheus-node-exporter/templates/daemonset.yaml | 11 +++++++---- stable/prometheus-node-exporter/values.yaml | 1 + 3 files changed, 9 insertions(+), 5 deletions(-) diff --git a/stable/prometheus-node-exporter/Chart.yaml b/stable/prometheus-node-exporter/Chart.yaml index 569c8b1c8f0f..00e3ac939925 100644 --- a/stable/prometheus-node-exporter/Chart.yaml +++ b/stable/prometheus-node-exporter/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.17.0" description: A Helm chart for prometheus node-exporter name: prometheus-node-exporter -version: 1.2.0 +version: 1.3.0 home: https://github.com/prometheus/node_exporter/ sources: - https://github.com/prometheus/node_exporter/ diff --git a/stable/prometheus-node-exporter/templates/daemonset.yaml b/stable/prometheus-node-exporter/templates/daemonset.yaml index 74261bdc3259..dfb15f1d1ea2 100644 --- a/stable/prometheus-node-exporter/templates/daemonset.yaml +++ b/stable/prometheus-node-exporter/templates/daemonset.yaml @@ -7,18 +7,18 @@ spec: selector: matchLabels: app: {{ template "prometheus-node-exporter.name" . }} - release: {{ .Release.Name }} + release: {{ .Release.Name }} updateStrategy: type: RollingUpdate rollingUpdate: - maxUnavailable: 1 + maxUnavailable: 1 template: metadata: labels: {{ include "prometheus-node-exporter.labels" . | indent 8 }} spec: {{- if and .Values.rbac.create .Values.serviceAccount.create }} serviceAccountName: {{ template "prometheus-node-exporter.serviceAccountName" . }} -{{- end }} +{{- end }} {{- if .Values.securityContext }} securityContext: {{ toYaml .Values.securityContext | indent 8 }} @@ -63,6 +63,9 @@ spec: - name: {{ $mount.name }} mountPath: {{ $mount.mountPath }} readOnly: {{ $mount.readOnly }} + {{- if $mount.mountPropagation }} + mountPropagation: {{ $mount.mountPropagation }} + {{- end }} {{- end }} {{- end }} hostNetwork: true @@ -92,4 +95,4 @@ spec: hostPath: path: {{ $mount.hostPath }} {{- end }} - {{- end }} + {{- end }} \ No newline at end of file diff --git a/stable/prometheus-node-exporter/values.yaml b/stable/prometheus-node-exporter/values.yaml index 5f4298c683ff..fcd7acbdd491 100644 --- a/stable/prometheus-node-exporter/values.yaml +++ b/stable/prometheus-node-exporter/values.yaml @@ -87,3 +87,4 @@ extraHostVolumeMounts: {} # hostPath: # mountPath: # readOnly: true|false +# mountPropagation: None|HostToContainer|Bidirectional From 6877582cd8adab52bf8bdef64010ce7f0509e491 Mon Sep 17 00:00:00 2001 From: Nick Troast Date: Mon, 18 Feb 2019 02:52:27 -0800 Subject: [PATCH 0203/1586] [stable/prometheus-operator] allow empty ruleSelector and ruleNamespaceSelector (#11395) Currently an empty ruleSelector or ruleNamespaceSelector does not select all PrometheusRules or Namespaces respectively. Fix the prometheus template to allow empty ruleSelector and ruleNamespaceSelector. Signed-off-by: Nick Troast --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 8 ++++---- .../templates/prometheus/prometheus.yaml | 7 +++++-- stable/prometheus-operator/values.yaml | 20 +++++++++---------- 4 files changed, 19 insertions(+), 18 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index f8f26ae0aa2b..e02edba0c1bc 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.2.2 +version: 2.2.3 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index e8493f44130a..fd046c62a630 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -148,8 +148,8 @@ The following tables lists the configurable parameters of the prometheus-operato | `prometheus.additionalServiceMonitors` | List of `serviceMonitor` objects to create. See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitorspec | `[]` | | `prometheus.prometheusSpec.podMetadata` | Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata Metadata Labels and Annotations gets propagated to the prometheus pods. | `{}` | | `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` | If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the prometheus resource to be created with selectors based on values in the helm deployment, which will also match the servicemonitors created | `true` | -| `prometheus.prometheusSpec.serviceMonitorSelector` | ServiceMonitors to be selected for target discovery. | `{}` | -| `prometheus.prometheusSpec.serviceMonitorNamespaceSelector` | Namespaces to be selected for ServiceMonitor discovery. If nil, only check own namespace. | `{}` | +| `prometheus.prometheusSpec.serviceMonitorSelector` | ServiceMonitors to be selected for target discovery. If {}, select all ServiceMonitors | `{}` | +| `prometheus.prometheusSpec.serviceMonitorNamespaceSelector` | Namespaces to be selected for ServiceMonitor discovery. If nil, select own namespace. If {}, select all namespaces. | `{}` | | `prometheus.prometheusSpec.image.repository` | Base image to use for a Prometheus deployment. | `quay.io/prometheus/prometheus` | | `prometheus.prometheusSpec.image.tag` | Tag of Prometheus container image to be deployed. | `v2.5.0` | | `prometheus.prometheusSpec.paused` | When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. | `false` | @@ -163,8 +163,8 @@ The following tables lists the configurable parameters of the prometheus-operato | `prometheus.prometheusSpec.routePrefix` | The route prefix Prometheus registers HTTP handlers for. This is useful, if using ExternalURL and a proxy is rewriting HTTP routes of a request, and the actual ExternalURL is still true, but the server serves requests under a different route prefix. For example for use with `kubectl proxy`. | `/` | | `prometheus.prometheusSpec.storageSpec` | Storage spec to specify how storage shall be used. | `{}` | | `prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues` | If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the prometheus resource to be created with selectors based on values in the helm deployment, which will also match the PrometheusRule resources created. | `true` | -| `prometheus.prometheusSpec.ruleSelector` | A selector to select which PrometheusRules to mount for loading alerting rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated. | `{}` | -| `prometheus.prometheusSpec.ruleNamespaceSelector` | Namespaces to be selected for PrometheusRules discovery. If unspecified, only the same namespace as the Prometheus object is in is used. | `{}` | +| `prometheus.prometheusSpec.ruleSelector` | A selector to select which PrometheusRules to mount for loading alerting rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated. If {}, select all PrometheusRules | `{}` | +| `prometheus.prometheusSpec.ruleNamespaceSelector` | Namespaces to be selected for PrometheusRules discovery. If nil, select own namespace. If {}, select all namespaces. | `{}` | | `prometheus.prometheusSpec.alertingEndpoints` | Alertmanagers to which alerts will be sent https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints Default configuration will connect to the alertmanager deployed as part of this release | `[]` | | `prometheus.prometheusSpec.resources` | Define resources requests and limits for single Pods. | `{}` | | `prometheus.prometheusSpec.nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | diff --git a/stable/prometheus-operator/templates/prometheus/prometheus.yaml b/stable/prometheus-operator/templates/prometheus/prometheus.yaml index f528b2e151f2..97fa2da3fad0 100644 --- a/stable/prometheus-operator/templates/prometheus/prometheus.yaml +++ b/stable/prometheus-operator/templates/prometheus/prometheus.yaml @@ -93,10 +93,11 @@ spec: securityContext: {{ toYaml .Values.prometheus.prometheusSpec.securityContext | indent 4 }} {{- end }} - {{- if .Values.prometheus.prometheusSpec.ruleNamespaceSelector }} ruleNamespaceSelector: {{ toYaml .Values.prometheus.prometheusSpec.ruleNamespaceSelector | indent 4 }} +{{ else }} + ruleNamespaceSelector: {} {{- end }} {{- if .Values.prometheus.prometheusSpec.ruleSelector }} ruleSelector: @@ -106,7 +107,9 @@ spec: matchLabels: app: {{ template "prometheus-operator.name" . }} release: {{ .Release.Name | quote }} - {{- end }} +{{ else }} + ruleSelector: {} +{{- end }} {{- if .Values.prometheus.prometheusSpec.storageSpec }} storage: {{ toYaml .Values.prometheus.prometheusSpec.storageSpec | indent 4 }} diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index 161974cc391e..d3583256975a 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -798,7 +798,7 @@ prometheus: configMaps: [] ## Namespaces to be selected for PrometheusRules discovery. - ## If unspecified, only the same namespace as the Prometheus object is in is used. + ## If nil, select own namespace. If {}, select all namespaces. ## ruleNamespaceSelector: {} @@ -808,10 +808,8 @@ prometheus: ## ruleSelectorNilUsesHelmValues: true - ## Rules CRD selector - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/design.md - ## If unspecified the release `app` and `release` will be used as the label selector - ## to load rules + ## PrometheusRules to be selected for target discovery. + ## If {}, select all ServiceMonitors ## ruleSelector: {} ## Example which select all prometheusrules resources @@ -835,17 +833,17 @@ prometheus: ## serviceMonitorSelectorNilUsesHelmValues: true - ## serviceMonitorSelector will limit which servicemonitors are used to create scrape - ## configs in Prometheus. See serviceMonitorSelectorUseHelmLabels + ## ServiceMonitors to be selected for target discovery. + ## If {}, select all ServiceMonitors ## serviceMonitorSelector: {} - - # serviceMonitorSelector: {} + ## Example which selects ServiceMonitors with label "prometheus" set to "somelabel" + # serviceMonitorSelector: # matchLabels: # prometheus: somelabel - ## serviceMonitorNamespaceSelector will limit namespaces from which serviceMonitors are used to create scrape - ## configs in Prometheus. By default all namespaces will be used + ## Namespaces to be selected for ServiceMonitor discovery. + ## If nil, select own namespace. If {}, select all namespaces. ## serviceMonitorNamespaceSelector: {} From 512ccd9feafbed6410b452bb1c4ed7797befa84a Mon Sep 17 00:00:00 2001 From: Tomasz Nowak Date: Mon, 18 Feb 2019 11:52:37 +0100 Subject: [PATCH 0204/1586] [datadog] Enable dogstatsd over unix domain socket (#11474) Signed-off-by: Tomasz Nowak --- stable/datadog/Chart.yaml | 2 +- stable/datadog/README.md | 2 ++ stable/datadog/templates/daemonset.yaml | 17 +++++++++++++++++ stable/datadog/templates/deployment.yaml | 17 +++++++++++++++++ stable/datadog/values.yaml | 10 ++++++++++ 5 files changed, 47 insertions(+), 1 deletion(-) diff --git a/stable/datadog/Chart.yaml b/stable/datadog/Chart.yaml index cab2ae11ced8..26319f363293 100755 --- a/stable/datadog/Chart.yaml +++ b/stable/datadog/Chart.yaml @@ -1,5 +1,5 @@ name: datadog -version: 1.20.0 +version: 1.21.0 appVersion: 6.9.0 description: DataDog Agent keywords: diff --git a/stable/datadog/README.md b/stable/datadog/README.md index d4553dd0c156..1ef50d3f797f 100644 --- a/stable/datadog/README.md +++ b/stable/datadog/README.md @@ -83,6 +83,8 @@ The following table lists the configurable parameters of the Datadog chart and t | `datadog.tags` | Set host tags | `nil` | | `datadog.nonLocalTraffic` | Enable statsd reporting from any external ip | `False` | | `datadog.useCriSocketVolume` | Enable mounting the container runtime socket in Agent containers | `True` | +| `datadog.dogstatsdOriginDetection` | Enable origin detection for container tagging | `False` | +| `datadog.useDogStatsDSocketVolume` | Enable dogstatsd over Unix Domain Socket | `False` | | `datadog.volumes` | Additional volumes for the daemonset or deployment | `nil` | | `datadog.volumeMounts` | Additional volumeMounts for the daemonset or deployment | `nil` | | `datadog.podAnnotationsAsTags` | Kubernetes Annotations to Datadog Tags mapping | `nil` | diff --git a/stable/datadog/templates/daemonset.yaml b/stable/datadog/templates/daemonset.yaml index 8681376f3c0a..45452b4eec48 100644 --- a/stable/datadog/templates/daemonset.yaml +++ b/stable/datadog/templates/daemonset.yaml @@ -84,6 +84,10 @@ spec: - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC value: {{ .Values.datadog.nonLocalTraffic | quote }} {{- end }} + {{- if .Values.datadog.dogstatsdOriginDetection }} + - name: DD_DOGSTATSD_ORIGIN_DETECTION + value: {{ .Values.datadog.dogstatsdOriginDetection | quote }} + {{- end }} {{- if .Values.datadog.tags }} - name: DD_TAGS value: {{ .Values.datadog.tags | quote }} @@ -164,6 +168,10 @@ spec: - name: DD_HEALTH_PORT value: "5555" {{- end }} + {{- if .Values.datadog.useDogStatsDSocketVolume }} + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + {{- end }} {{- if .Values.datadog.env }} {{ toYaml .Values.datadog.env | indent 10 }} {{- end }} @@ -173,6 +181,10 @@ spec: mountPath: {{ default "/var/run/docker.sock" .Values.datadog.criSocketPath | quote }} readOnly: true {{- end }} + {{- if .Values.datadog.useDogStatsDSocketVolume }} + - name: dsdsocket + mountPath: "/var/run/datadog" + {{- end }} - name: procdir mountPath: /host/proc readOnly: true @@ -223,6 +235,11 @@ spec: path: {{ default "/var/run/docker.sock" .Values.datadog.criSocketPath | quote }} name: runtimesocket {{- end }} + {{- if .Values.datadog.useDogStatsDSocketVolume }} + - hostPath: + path: "/var/run/datadog/" + name: dsdsocket + {{- end }} - hostPath: path: /proc name: procdir diff --git a/stable/datadog/templates/deployment.yaml b/stable/datadog/templates/deployment.yaml index 836b72811af3..7ab7e44a6c9d 100644 --- a/stable/datadog/templates/deployment.yaml +++ b/stable/datadog/templates/deployment.yaml @@ -70,6 +70,10 @@ spec: - name: DD_DOGSTATSD_NON_LOCAL_TRAFFIC value: {{ .Values.datadog.nonLocalTraffic | quote }} {{- end }} + {{- if .Values.datadog.dogstatsdOriginDetection }} + - name: DD_DOGSTATSD_ORIGIN_DETECTION + value: {{ .Values.datadog.dogstatsdOriginDetection | quote }} + {{- end }} {{- if .Values.datadog.tags }} - name: DD_TAGS value: {{ .Values.datadog.tags | quote }} @@ -88,6 +92,10 @@ spec: - name: DD_CRI_SOCKET_PATH value: {{ .Values.datadog.criSocketPath | quote }} {{- end }} + {{- if .Values.datadog.useDogStatsDSocketVolume }} + - name: DD_DOGSTATSD_SOCKET + value: "/var/run/datadog/dsd.socket" + {{- end }} {{- if .Values.datadog.env }} {{ toYaml .Values.datadog.env | indent 10 }} {{- end }} @@ -97,6 +105,10 @@ spec: mountPath: {{ default "/var/run/docker.sock" .Values.datadog.criSocketPath | quote }} readOnly: true {{- end }} + {{- if .Values.datadog.useDogStatsDSocketVolume }} + - name: dsdsocket + mountPath: "/var/run/datadog" + {{- end }} - name: procdir mountPath: /host/proc readOnly: true @@ -134,6 +146,11 @@ spec: path: {{ default "/var/run/docker.sock" .Values.datadog.criSocketPath | quote }} name: runtimesocket {{- end }} + {{- if .Values.datadog.useDogStatsDSocketVolume }} + - hostPath: + path: "/var/run/datadog/" + name: dsdsocket + {{- end }} - hostPath: path: /proc name: procdir diff --git a/stable/datadog/values.yaml b/stable/datadog/values.yaml index bf2ebfd480e7..f83fd385cd06 100644 --- a/stable/datadog/values.yaml +++ b/stable/datadog/values.yaml @@ -171,9 +171,19 @@ datadog: ## # nonLocalTraffic: true + ## Enable origin detection for container tagging + ## https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging + ## + # dogstatsdOriginDetection: true + ## Enable container runtime socket volume mounting useCriSocketVolume: true + ## Enable dogstatsd over Unix Domain Socket + ## ref: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ + ## + # useDogStatsDSocketVolume: true + ## Set host tags. ## ref: https://github.com/DataDog/docker-dd-agent#environment-variables ## From bf990fe317c1049f460140d9bb34b56c445a887b Mon Sep 17 00:00:00 2001 From: Hendrik Purmann Date: Mon, 18 Feb 2019 12:00:11 +0100 Subject: [PATCH 0205/1586] Fix invalid yaml output when no extra config is specified (#11483) Signed-off-by: Hendrik Purmann --- stable/elastalert/Chart.yaml | 2 +- stable/elastalert/templates/config.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/elastalert/Chart.yaml b/stable/elastalert/Chart.yaml index 549a72181124..181853e1b74b 100644 --- a/stable/elastalert/Chart.yaml +++ b/stable/elastalert/Chart.yaml @@ -1,6 +1,6 @@ description: ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch. name: elastalert -version: 0.11.0 +version: 0.11.1 appVersion: 0.1.38 home: https://github.com/Yelp/elastalert icon: https://static-www.elastic.co/assets/blteb1c97719574938d/logo-elastic-elasticsearch-lt.svg diff --git a/stable/elastalert/templates/config.yaml b/stable/elastalert/templates/config.yaml index a6de66f54efb..8908b9f16c70 100644 --- a/stable/elastalert/templates/config.yaml +++ b/stable/elastalert/templates/config.yaml @@ -42,4 +42,6 @@ data: {{- end }} alert_time_limit: minutes: {{ .Values.alertRetryLimitMins }} +{{- if .Values.extraConfigOptions }} {{ toYaml .Values.extraConfigOptions | indent 4 }} +{{- end }} From b4bf081ab549da777f305e14700ec82a0366f418 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Sven=20M=C3=BCller?= Date: Mon, 18 Feb 2019 12:45:20 +0100 Subject: [PATCH 0206/1586] [stable/prometheus-cloudwatch-exporter] Adjust service targetPort to reference container port name. (#11462) * Reference container port via port name. Signed-off-by: svenmueller * Bump Helm Chart version. Signed-off-by: svenmueller * Fix linting error. Signed-off-by: svenmueller --- stable/prometheus-cloudwatch-exporter/Chart.yaml | 2 +- .../templates/deployment.yaml | 6 +++--- .../prometheus-cloudwatch-exporter/templates/service.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/prometheus-cloudwatch-exporter/Chart.yaml b/stable/prometheus-cloudwatch-exporter/Chart.yaml index 30ac344717c6..b6b377cb2175 100644 --- a/stable/prometheus-cloudwatch-exporter/Chart.yaml +++ b/stable/prometheus-cloudwatch-exporter/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.5.0" description: A Helm chart for prometheus cloudwatch-exporter name: prometheus-cloudwatch-exporter -version: 0.4.0 +version: 0.4.1 home: https://github.com/prometheus/cloudwatch_exporter sources: - https://github.com/prometheus/cloudwatch_exporter diff --git a/stable/prometheus-cloudwatch-exporter/templates/deployment.yaml b/stable/prometheus-cloudwatch-exporter/templates/deployment.yaml index 9d5eb5e82a41..9e28ee9ba693 100644 --- a/stable/prometheus-cloudwatch-exporter/templates/deployment.yaml +++ b/stable/prometheus-cloudwatch-exporter/templates/deployment.yaml @@ -61,13 +61,13 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - - name: {{ .Values.service.portName }} + - name: container-port containerPort: 9106 protocol: TCP livenessProbe: httpGet: path: /-/healthy - port: {{ .Values.service.portName }} + port: container-port initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds}} periodSeconds: {{ .Values.livenessProbe.periodSeconds }} timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} @@ -76,7 +76,7 @@ spec: readinessProbe: httpGet: path: /-/ready - port: {{ .Values.service.portName }} + port: container-port initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds}} periodSeconds: {{ .Values.readinessProbe.periodSeconds }} timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} diff --git a/stable/prometheus-cloudwatch-exporter/templates/service.yaml b/stable/prometheus-cloudwatch-exporter/templates/service.yaml index def2c9e7e45e..3723dd9ed075 100644 --- a/stable/prometheus-cloudwatch-exporter/templates/service.yaml +++ b/stable/prometheus-cloudwatch-exporter/templates/service.yaml @@ -16,7 +16,7 @@ spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} - targetPort: {{ .Values.service.targetPort }} + targetPort: container-port protocol: TCP name: {{ .Values.service.portName }} selector: From 2978da57109b37351f9d032fb0a73a976e56cf20 Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Mon, 18 Feb 2019 12:17:30 +0000 Subject: [PATCH 0207/1586] cert-manager: fast-forward to upstream 45fbfcd1 (#11168) * Automated cherry pick of #1314 (jetstack/cert-manager#1315) * Automated cherry pick of #1294 (jetstack/cert-manager#1296) * Automated cherry pick of #1276 (jetstack/cert-manager#1277) * Automated cherry pick of #1258 #1266 (jetstack/cert-manager#1273) * Automated cherry pick of #1259 (jetstack/cert-manager#1260) * Update Chart.yaml in webhook (jetstack/cert-manager#1249) Signed-off-by: James Munnelly --- stable/cert-manager/Chart.yaml | 4 +-- stable/cert-manager/README.md | 10 +++++-- .../cert-manager-v0.6.0-dev.5.tgz | Bin 9134 -> 0 bytes stable/cert-manager/requirements.lock | 6 ++-- stable/cert-manager/requirements.yaml | 2 +- .../cert-manager/templates/00-namespace.yaml | 9 ------ .../templates/certificate-crd.yaml | 26 ------------------ .../templates/clusterissuer-crd.yaml | 22 --------------- stable/cert-manager/templates/issuer-crd.yaml | 22 --------------- stable/cert-manager/templates/rbac.yaml | 2 +- stable/cert-manager/values.yaml | 2 +- stable/cert-manager/webhook/Chart.yaml | 4 +-- .../cert-manager/webhook/templates/pki.yaml | 4 ++- stable/cert-manager/webhook/values.yaml | 2 +- 14 files changed, 22 insertions(+), 93 deletions(-) delete mode 100644 stable/cert-manager/cert-manager-v0.6.0-dev.5.tgz delete mode 100644 stable/cert-manager/templates/00-namespace.yaml delete mode 100644 stable/cert-manager/templates/certificate-crd.yaml delete mode 100644 stable/cert-manager/templates/clusterissuer-crd.yaml delete mode 100644 stable/cert-manager/templates/issuer-crd.yaml diff --git a/stable/cert-manager/Chart.yaml b/stable/cert-manager/Chart.yaml index edfe99c2b682..e5c6b644149b 100644 --- a/stable/cert-manager/Chart.yaml +++ b/stable/cert-manager/Chart.yaml @@ -1,6 +1,6 @@ name: cert-manager -version: v0.6.0 -appVersion: v0.6.0 +version: v0.6.5 +appVersion: v0.6.1 description: A Helm chart for cert-manager home: https://github.com/jetstack/cert-manager keywords: diff --git a/stable/cert-manager/README.md b/stable/cert-manager/README.md index 5914878c7d1a..31cae589c651 100644 --- a/stable/cert-manager/README.md +++ b/stable/cert-manager/README.md @@ -23,6 +23,12 @@ To install the chart with the release name `my-release`: $ kubectl apply \ -f https://raw.githubusercontent.com/jetstack/cert-manager/release-0.6/deploy/manifests/00-crds.yaml +## IMPORTANT: if you are deploying into a namespace that **already exists**, +## you MUST ensure the namespace has an additional label on it in order for +## the deployment to succeed +$ kubectl label namespace certmanager.k8s.io/disable-validation="true" + +## Install the cert-manager helm chart $ helm install --name my-release stable/cert-manager ``` @@ -66,7 +72,7 @@ The following table lists the configurable parameters of the cert-manager chart | --------- | ----------- | ------- | | `global.imagePullSecrets` | Reference to one or more secrets to be used when pulling images | `[]` | | `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` | -| `image.tag` | Image tag | `v0.6.0` | +| `image.tag` | Image tag | `v0.6.1` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `replicaCount` | Number of cert-manager replicas | `1` | | `clusterResourceNamespace` | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources | Same namespace as cert-manager pod @@ -101,7 +107,7 @@ The following table lists the configurable parameters of the cert-manager chart | `webhook.extraArgs` | Optional flags for cert-manager webhook component | `[]` | | `webhook.resources` | CPU/memory resource requests/limits for the webhook pods | | | `webhook.image.repository` | Webhook image repository | `quay.io/jetstack/cert-manager-webhook` | -| `webhook.image.tag` | Webhook image tag | `v0.6.0` | +| `webhook.image.tag` | Webhook image tag | `v0.6.1` | | `webhook.image.pullPolicy` | Webhook image pull policy | `IfNotPresent` | | `webhook.caSyncImage.repository` | CA sync image repository | `quay.io/munnerz/apiextensions-ca-helper` | | `webhook.caSyncImage.tag` | CA sync image tag | `v0.1.0` | diff --git a/stable/cert-manager/cert-manager-v0.6.0-dev.5.tgz b/stable/cert-manager/cert-manager-v0.6.0-dev.5.tgz deleted file mode 100644 index e281684bfe304b962af57a1d2992e21b980e9cae..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 9134 zcmY+qWl)^W^EHgS2MECl4vXvJ!QI_GxH|y?1PcLzLvVKw!2*lBySoJl7Mx|Tm*4$9 zU;guHs(PmDOjpnJsnbIhi$)0dzX34Av0BJ$a$3o&@GJX+`7C*KIjyz$>p66_ z%UPmWsgN2M0 z3IazV9Qrs#><$w(rBIPO)8Mutu|fVjN+UQdxs*2_RvfT^_?c0fpSkqT36Wtl)ZOC< zcy|0KxDnAcpwCP=VM?TUu6&Vm+c-6?HvU+&p;MOZ$Gg~z+~!ze1Ivx=mjN;FXvI*t zh7`jt(fmm)R}ephVvcfVL)yclXXvlE5ECq@qQde&BNFEpp zWUtDyPHAa%aB%$Svt=biq7^*T4K`aF0bR3{#1Fh3&ORDj2U9E6-puzRap4l3YRjM% zjD>66KrjZ}qnHBBy2&q8s)r4#%IP&~>row|!}f@p{zgGi8If1ZlXWd6%acp4u+@Bl z^qUR1iGYxXQV!onlAk+^AQGT>!ytoZ^Epv~;~M*uD~XJcjy>|H0c2AVEkfsd=O(Ye zUy5`1&xVYHm3+_M8&?L86dIDX2E1JFwzQPFR_0?`o?4S!3k~Xy~x6 zeQVne@Q3r$5J72yaEib6E0A7vyG+v8m42DyEJhe9SmfPr%9}w#efsF4SggIHKg_io z<$+Y@4rk3`!!SNWfEdP)GKK$xeff^LWAY6s%{7KsDZ zQe8|zf$y9v6hVUGuoX(wD3V`iB)Zvp$G$l!P_NY-*MTRP%z!3y>)hS~#)y5n+6Qpx z5+C5gK*e?!y;Vy~Z>`u0$CW)F0!4a2{Rp0J6fGPh>vjg86kh)6=?QQS$oFIQDc|8l zc`#mi=J05->n%~(v^3^MKONDi?SDEV!ggm2s+O77S7|V$$Y4u7XQF~zo_43WHDe6C zUe^G;L9E4MU7857+@e9HfSzZg{L&YL(tw37O{J>2impdt^q1?bxu*2DA3X_?1haQe zb+nmTcwR5SNr!!{Qqw=XO#diGPes=Q58iOTNM?-I)rllgBL!R9r#9m_N|3sIX-2Gc zq&kX68>d-9O(J;Mx}_bQs}`&Hi_HaI$6Z2Dx!yXEz=I}m+sLFT5q$ZcC>Ir#h6oi^ zGrDr{hd0M9I@{`eJU#1tM**RJ{L0uI1?$@69R4%{*1sgf-3lH2Eawx~rKNO;NtgeN zIDkOTj$TwimzP@Ke)9R!sQ*~Ft#?1cy{;@o>_Ys)_tz-??0%=Pp!<{RmOC!uNrAa) z+xNJEi}z>fICS4E;f?E;wW>c0N@u_?1tyjiD+E}#selzL<;8CO5_Xtv1#jFqHmE&T zoCp&)XT6PEmSpCb(PQ*il$P#_tIr(_s!PIbljziXxsw=Gm8LW`f@`IRQw4^C$-leZ zSrX6QTnz}H4H(984)8XA>8s^3x?C3~BbN937wem74W^fDO258kGmW!Qtl;^eOtDIW z?Iwl^7k6_)*%w>?AbZ-rw<~2(lER_8>Ns$##w8GjaxGf0)4np|ky%?!mFgtO4x=dQ z7U2ub`_mpAS*CRs!}Yt+mcJpjPU*Z@Ey%@wZm+oaQCu|V_UT1AFQ8u3Jo&{{kTi7? z7#e!HgF@18V4dr(IW4Q#bM+OyLkYxR#KUq3aayNq&-dHEd*Efs zh3&;2;DGoFbwYTA8Z09?VM2rwYr4glwIjnW0`?Ziz!-#GTIZioJ`;g7^*089%5o}A2h3U+bj?ahO)|Qd7YHo`cCu|{) z?NsJGgR_Un=KF5L{EX)vS#bG{uk-ibLG~}m{rLGw-ru-6k6!kFVs9PIXG{6JX>cp( zhHiJP3&3Y#^3v{{2`?ax=YrF2len?y=I<0LzRjpJKZ<3tOelTUm&q7=Q^(%F;2)rR z!GandK|j^?#{XBmlvz%KC5qT>N~g3E$(UkFXIM{)#eOU}jU|szMevL{mjL`SHGe)n z@V>q}ZyvsS`b04q;~$;fNPih9Nt55`W1GJ^=^m!1o!Z2^DC+4Nkxk^3&C&1<@&Yo? zU(Ju%AeU;n(~t3$=Vw}V_xwa!;ZVRiK3u+59bXixHI4EpE+|Bratnc7xwF33$W6!v zMRyWtP*GY<;d4ne)SV`3AZw3{{6;MJr#1WOt_fX936nw7L>W@@6bhA^LUeP1SSnGY z1nLW&0UKm`ViXDQV?vCro2$30i-FABtZS6+&nABHBQ6*g31HDvy2By~wb z^NYyW-AbiM&z}qB`L-HhF?`;sX2U|(diyxX1sPWAi`&^Vn%)75Zrh$V*%-rNXq}zR z!jJcZqdu?`#luu1;)MEpr@3W1-REj0aGZ#LCXPZ<8CRdK74hY_Su^dSL2(yxwl<#t z?VzNiNW~BSQ>%u4?VgCVvXWd8lOb-;;(le)DoY(>lJ-v>^`C!Mg%`5D?R>n$Ew@u& zXq)G=M0J+L>U9lsz#UaB=HFTSSQers6r6$^C=>m#To#wxqx;+&8F@Lu?trg z*r4*;HQGHasC~7IvEXfgFpr+#)Q{-Ot`t4xm`_8{nU$~d6ODcj=r8tKeXu;OBjkNpTuUX1$r{hZpxZtqzM*S;W7?x6>VUw?TRwN=VZNTWfv%HaOEdsA~&vo$JJoQ3&>6gFBx= zI|2m+?-mt2JD2ihvEK4xSVo5Jl9R$48|$9_7EY?Y8sF+mqLl?AhI*;MQ=0&A~~jp*^By#~6a^n|q^(m3x>0tmbhs!HO2ms*&uGE}K+ zxg|BpcLm{}a}Yj|vgww64q1Wm9Cy4d!kW@=-d%~x)_omv;&sTTiMCFGwo;;G7wA9N3?nec*&1Ts( z0pFL}PyJJ-WkZig{$oytjyAM)B;;Q=@8cE@{t=#zm%lQmQo|P$uJAgtR-qz)7m^7* z!h`JGwjx`0jkY?(wgS{?z0&+-BlnZUWRrrh1gfFbC4`CXy&=`iS)21o?Gk05g34u- ze%m(P^xKh0Oj#KMvUAVF!KW>Qyvm{L=* z-dygpW!*5*qjP5(_cyXI4!c_W*;jK?SF2`SxN1Q+)*Y`A`tLSrOEJ}jSY?MA zBIdU{9&yr%uD(P}ZKRD#-~*Y8A?l7tEsD>*cT3WCYqFOrHLa`d@0yE$*~@tVg^KBhA|+6r_a|4_N01~y9T+4f!0ZBhwcjt)-CXZ94?s^`^-P@4<4DN`KZ zb;YbK&DF8A{uvnh_A_rIVtm2~e8Eupv}qmc;E~#>8$0=x_vEiy(73afltVor62G%m z9CrtNSOEaP`HPmjyrAN;7N8{(n3}vav%0Fwc%r&nX;8^iaQF_Kq)pMr0244Omjl?* zwDU#CIlX8nR8Ohq_GLI`Yso_zV^%L=rVOtO8#=`>9QaevjqCxi<7L?b-eD(1vH=&g zsSjoofs=aTQ+Fp6Uk9?eucKy5N&U8#kL{=3*gmZ#M4A!aHwjJ~J1IRrY-yqtyN`Xf z%>P%V!<(349E0e5geN4sp$R{Q(M5b6lZJ9)a)N6c&CZp@6oz{8p@OZMuPXT&LFOy< z5M`g_OH8^T;bFl^$&+v)%*WeCSlXm!aM5hbW$hPL`z1_KGVe>1tNqIi9N9l7Zd^y% zNtVY4Cfg1FXg`rhiojmbvr5ELFyh9<2WtBlozQ(%%p;A6)K0pGb0s6LuZnwU1uNfn z-VrPlYkPBGmp4d(&)&G_c?_F<2Zarl;n&dj@bt0#ww7ppy2n9x?J5EVtkcsEowJ&1 znoZA6KYbtH-h(>=uI_a|~-LZ6WJWl3*BXsad$rcrZ|_;Ua`#=esm z$ReyG{pW4X#_EGw$&2q>`xaTUhp#!v;=-Zo+aVw0!;v*C$f%m)eAT-Eo-^Flmk^E$l1sBa zw|&IcqEASm{b$~B8LD~w2rm~Reu{{$YeI>Fs8H3K)4V#21{(9xV@YJa^elSZbPEjJZN^GI(W^$6+4k+@s7Wn8&>gIy|zVwofIr&It z{n01L2Id*t74t!t9ntlvRt6jF#@y9mS)T7XTR zIY5cWM#@F!MmMS-P2RzF|2E>f6DE^SG9&9WsEBb|nP67lD#B@ns14Ne2_^Ba69y+h z`gJ^IbPJ~w{sFFTcL0e8oEy=gT$?ru5~yW1KB}ax;%k6SZf4)ta%|DXet^HS`|||v zf)wj6S-K;eLwC!JH$#2#64Fcw$5zMWCqPj$igvQ3y z=&(WJo>?dlPjcdBv6hL_bU`Wn51r6Q!W_w-ST_SEJxsf%T-8ZHifyODfHjJl<@7c^)Uc`ASe%Rp>o`90yD&H2k zrV_M)v zxvpVkdtX5yP!;s0Q1XOWVl*R1*5P}S2x)*I!5?3Fmni*p4IiamgDKoL3XLuP zi-3*jr}afO`h$;;l%>AOzw9#7mm(g@?DA_1rX?t@Bz{fyi!EDhH)X{%{(kzBerzeQ zayyu{8b=LgS=9bMdw3dcCi*47Beh;ps4dn{yd8yLip$S03Cfo<5k?+e2FmU3|H8vb z&#faA^(S+8aYRF})k9#w;VXu55iD&!@x&d>$4=9XDZp^E-_8Px{`uT-jK6?CjQLVs zC4BCQE@@uTfL!RU_$;mx+}L#OQocFAV8Q$F{z^!tOTW5&=B-lQ+}Rrz%67wu&Db9< zxj6`C5u2+nq-240+itFb!;8mQjwjq3Y`T{19cRL|b7oqt%YWX-X_lEOn`yX@a1MQi z2PuUg*76oR21t+FYYO~gYi>09{iH#G90FDbptlUj#i^_>46gL;?x0g%yo`vGy~4&D zW?qNe4b^b9Yr^`aOTVy>Y$1i{Cd4>3gI$(BnpEe9bn*sb_BAL1pYuHU3pSJu?g%}~ zPqxeVf+kU}I7q9~`bn#~H!ed)QlD<0*AqUDG?;L5$CRKYm-+Nggl4(PTU-Z8AOx>` zam@ScndNbZ)Yn>;h!B|T@jvq=HI>fhCk02^}7I< zM}i?x*GWeuCwSw2j9)Ew>d?a0#F|q7P*O~BAFwiZ#;>&n_Idi1kUrUcJ%Z)Qg(4;w zK6CYe>gvHQoowZM3~Z|=pcFCRy@VbWb;UmU@k)w|_&yg=m7X6jd*&rP$-%7s!a^S4 zZ=>dtM@IS;r}nH!ZZ?j7ovywlJKjgR1CM@}>tIssNO7$AjUK?UWb(Ws6QDZ1Te5{w zwdz12MT>wHM+Ii8LJR-Mmz2N4{#_R-#WH0~?E8)hkzzC3*(KqIW9@1w7*JP+gN7Fg z-+O=@JF4h^vaTU8wForz0z&J@Ma*zy_khJCY-pI`=c~q`-M$!FckEF^^IS3ZKY&TFo9r;e zZ8z;DL`}Aj7zpC{Gq(dUF#dKWd%7R^c}$eGdvFM68*>%FzsdSpkb1#yZgsH0IWZif zxxal=wVoV`qPN!T&e{3C3GaE8jgdLcHFdmi1a!8q9#j>(;IG?-VPr&8q@A6^uXk7= zSIux#e2;#rNlCNgBxS?U!iLc0SR*_JU_Xn0jlQzg+gBWj-x)gN4L_rE~nrRy*l97 zPe8M-q21(i+H7wcw_ZpigG@bhUR`l!Z626x)h4PfC>FDcPvyl$hVM)!)gGw;2pQVh z2@t|qi8|Rm6*{usxZ-?K;?C5&x7Mjw3mV$#kaq2X`5sDUXrcLWf9TChFPiv+Ux^#g z7@F+dr^chj`7(0GnT$B4nm2nAKy-}oE7rz$EfqE<-B19Unp>yh zWQYuJ{OzUbZEc7RhD-*>2JYSz)JhF-gfSOJPg9$2r+ZYh4oq-rW5R>1;p3RK0iU*L(gU@QGsGj^(e4a>F*!0)g$;OgUR+)bQXEXGKbQ+aFaP?RvI;G=f_fHgAHkw z91i3=u_{ujup5h1UFOHW3HfUz5n;bnrsCtK;TqtLefh*ng>g;u4qX&#^;UetG@f(lq;Y9a%2vTsnE>4+l+6he@H+ z$z1FR*DFQhH}Jk93__{OGS0Nmw~n%PO~!#v%l54Tbvx}nX=TNS1@YfAlvX?GEk%i= zMBk`%c!gGz7&RRgP@wkDLdXn!v+}=ffdDZ{r>m&=*2J2b0NrK9f4Tg~9jy(;-X5{} zJz=`>GU`rJE8MQ(&Kx0Ls3mgbfn0q)(wPre565=;0c;2^RTC1q z?jhRuZT?f)i;j)5-$04ocWkCQitD>N6<^c@e;_TZ-YN@Y?7l;POsF7#$W(4Ovkh~dAt}_S0&|B-JooL2saPSgVR8q~S`xds=+5wj|mxB8tGjfowsh%*q zgQUTJ$Y6A#;Xs?u2->yUW(a}s;YQ=^r8}VB>%(%}&ni#P{e~3+v)15*DodN@xX_6A zyx8bxX_UikSj*}&vLuv*8Z{5ibOV~fZz31~AbnkVj z0RyLlv=9A{ta#za5t)9{xC_>tWz^$tBg_~>*(<5sV6x?>wShyYNz%aU@KNDUf0|2= zqDrx!fTHbg*G7P{%?7yGOHRIn0j8QQYbt$)J{=}Xd8p$pGUMivDrX^tv2B0%;HJKd zsPT}N*KCN)T=Wd(hJ|iZmoM;Tz+-*9$-S1^ZC#Gwu+Z}Bzlix?(7kX?+vSQO-n}pLM(lqOAQUl7uNj3oJAYVt{m7wd%QTc zIkg#)iBHODcUIw1t{tDo5r)hnv*#$~{LM)Ik~YD1O?rZs*nec~Bff!}Lgo>(L}xd- zpK^q@gOf-1QC==~(nDI>0HYZ|RW^K27g&=sJo>O2e9d8sZXhE_G|j=z21kUgQ!lLVKTQko7pACYX7Prl@=JLaHqe)*bgT@lgKTD;S zRaNh%HjT4Q%?K%9_O3;M@;ghrgD>cu3%+h|@;dYI&~GZS&~PGbzb1uS%4*c*oq6c* zM67^StebCiigRkzrTtttER`Ob^}vLuhHsFzeR_fyF!_0WKcPGFxz=&@Hk&uw>zyuj z8nW`Yb6Cuzk-p4hY{XaS0#iM4qOufOlR(k+;}!+>YZS}^6&_hxt=!nE{LrPI34M65 z6!smF-aeM~oXo|C$IO|Z$cjgr1vgi(r!L%UN_%7O@U;(glWus(V=HadG0}`UMIhM2 zqw$i3qxk-WD_q~eh+D8TXq%=}NpA4PcB8gUkij!zV zAqngMYwr9+0cdc6deoaJgvfO*+%bXV#Vf$70>0zowf$3MF$O%#|AlRx11eBJpOZ7| z0TKpqzpA&dbS~*v77*3b?UVtqz{a}&cGLhDrkb(9>@MWz0|y&S>AxxO1%MkKx>5}2 zT$!zFKyHC`C5J0BLumR06yPMuxP_X9zxvDjdGxC65(6azA@=`S|NrTM-v4zcUHPBA z%NpkV|5nl4Tf_p_2GXss+g5L+?S-F#K67*aPe4^qh`U_hf5qbe`uGpsmLN>22zLJp z0Q<>|2(X#}g%bnr;uQlS zkJ$nd|7YdvDIR(4g*m{Fv`v%avGDGRxTLeCG zygGTs&;Rc~>_I@yE(B}C0&)NZ{lAdFW4wZSO|n$XyRooYyDPJ9gw3PxL!y>JBUN-|2O;Qv%~9w@xIZKMD;l-Q)LZUE@5jUOi4t zk^51gu;v%AFlQm*+v0u46HfCCzFkYr$1*Yz)XH_bygS4A)Z2P69(`N^oE{oY?&B_M z0cw=vA4MM_`;2Cho!_RB{9D|M-{-rZcJKHmdT%RF*LZJ7%UDxD>lPwfqVY*R{oI3l t*cdHue9zFwXvAbia}s8@AiSHdT3M?%&Se1A>(?A0NZwcr&KMr<{{y;FTt)x@ diff --git a/stable/cert-manager/requirements.lock b/stable/cert-manager/requirements.lock index a3c0070e6582..a0e31312bc53 100644 --- a/stable/cert-manager/requirements.lock +++ b/stable/cert-manager/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: webhook repository: file://webhook - version: v0.6.0 -digest: sha256:93a9a73b4f6aa718152642d6a4156fb6f9a4fb078d0136065c42bab2fe76c9b0 -generated: 2019-01-22T16:13:19.816854629Z + version: v0.6.3 +digest: sha256:77dcd917e3112dfc7ddb3f1cca72bb337f067706b1020dec0fda4a2d41a945bf +generated: 2019-02-05T13:43:12.838251554Z diff --git a/stable/cert-manager/requirements.yaml b/stable/cert-manager/requirements.yaml index 16f21f133100..a1f7bc5f18f0 100644 --- a/stable/cert-manager/requirements.yaml +++ b/stable/cert-manager/requirements.yaml @@ -1,6 +1,6 @@ # requirements.yaml dependencies: - name: webhook - version: "v0.6.0" + version: "v0.6.3" repository: "file://webhook" condition: webhook.enabled diff --git a/stable/cert-manager/templates/00-namespace.yaml b/stable/cert-manager/templates/00-namespace.yaml deleted file mode 100644 index 1502a599772d..000000000000 --- a/stable/cert-manager/templates/00-namespace.yaml +++ /dev/null @@ -1,9 +0,0 @@ -{{ if .Values.createNamespaceResource }} -apiVersion: v1 -kind: Namespace -metadata: - name: {{ .Release.Namespace | quote }} - labels: - name: {{ .Release.Namespace | quote }} - certmanager.k8s.io/disable-validation: "true" -{{- end }} diff --git a/stable/cert-manager/templates/certificate-crd.yaml b/stable/cert-manager/templates/certificate-crd.yaml deleted file mode 100644 index 0657c4af516d..000000000000 --- a/stable/cert-manager/templates/certificate-crd.yaml +++ /dev/null @@ -1,26 +0,0 @@ -{{- if .Values.createCustomResource -}} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: certificates.certmanager.k8s.io -{{- if semverCompare ">=2.10-0" .Capabilities.TillerVersion.SemVer }} - annotations: - "helm.sh/hook": crd-install -{{- end }} - labels: - app: {{ template "cert-manager.name" . }} - chart: {{ template "cert-manager.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - group: certmanager.k8s.io - version: v1alpha1 - scope: Namespaced - names: - kind: Certificate - plural: certificates - {{- if .Values.certificateResourceShortNames }} - shortNames: -{{ toYaml .Values.certificateResourceShortNames | indent 6 }} - {{- end -}} -{{- end -}} diff --git a/stable/cert-manager/templates/clusterissuer-crd.yaml b/stable/cert-manager/templates/clusterissuer-crd.yaml deleted file mode 100644 index cfa67b9ae76e..000000000000 --- a/stable/cert-manager/templates/clusterissuer-crd.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.createCustomResource -}} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: clusterissuers.certmanager.k8s.io -{{- if semverCompare ">=2.10-0" .Capabilities.TillerVersion.SemVer }} - annotations: - "helm.sh/hook": crd-install -{{- end }} - labels: - app: {{ template "cert-manager.name" . }} - chart: {{ template "cert-manager.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - group: certmanager.k8s.io - version: v1alpha1 - names: - kind: ClusterIssuer - plural: clusterissuers - scope: Cluster -{{- end -}} diff --git a/stable/cert-manager/templates/issuer-crd.yaml b/stable/cert-manager/templates/issuer-crd.yaml deleted file mode 100644 index 5886676e5a13..000000000000 --- a/stable/cert-manager/templates/issuer-crd.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if .Values.createCustomResource -}} -apiVersion: apiextensions.k8s.io/v1beta1 -kind: CustomResourceDefinition -metadata: - name: issuers.certmanager.k8s.io -{{- if semverCompare ">=2.10-0" .Capabilities.TillerVersion.SemVer }} - annotations: - "helm.sh/hook": crd-install -{{- end }} - labels: - app: {{ template "cert-manager.name" . }} - chart: {{ template "cert-manager.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} -spec: - group: certmanager.k8s.io - version: v1alpha1 - names: - kind: Issuer - plural: issuers - scope: Namespaced -{{- end -}} diff --git a/stable/cert-manager/templates/rbac.yaml b/stable/cert-manager/templates/rbac.yaml index 4d3532073eea..cf4cb0a5d569 100644 --- a/stable/cert-manager/templates/rbac.yaml +++ b/stable/cert-manager/templates/rbac.yaml @@ -10,7 +10,7 @@ metadata: heritage: {{ .Release.Service }} rules: - apiGroups: ["certmanager.k8s.io"] - resources: ["certificates", "issuers", "clusterissuers", "orders", "challenges"] + resources: ["certificates", "certificates/finalizers", "issuers", "clusterissuers", "orders", "orders/finalizers", "challenges"] verbs: ["*"] - apiGroups: [""] resources: ["configmaps", "secrets", "events", "services", "pods"] diff --git a/stable/cert-manager/values.yaml b/stable/cert-manager/values.yaml index e14b49a3c381..f78af7b3265c 100644 --- a/stable/cert-manager/values.yaml +++ b/stable/cert-manager/values.yaml @@ -21,7 +21,7 @@ strategy: {} image: repository: quay.io/jetstack/cert-manager-controller - tag: v0.6.0 + tag: v0.6.1 pullPolicy: IfNotPresent # Override the namespace used to store DNS provider credentials etc. for ClusterIssuer diff --git a/stable/cert-manager/webhook/Chart.yaml b/stable/cert-manager/webhook/Chart.yaml index 02829d1fe9e3..56cf1dae7e15 100644 --- a/stable/cert-manager/webhook/Chart.yaml +++ b/stable/cert-manager/webhook/Chart.yaml @@ -1,7 +1,7 @@ name: webhook apiVersion: v1 -version: "v0.6.0" -appVersion: "v0.6.0" +version: "v0.6.3" +appVersion: "v0.6.1" description: A Helm chart for deploying the cert-manager webhook component home: https://github.com/jetstack/cert-manager sources: diff --git a/stable/cert-manager/webhook/templates/pki.yaml b/stable/cert-manager/webhook/templates/pki.yaml index 1654b29b56d1..41285755fca5 100644 --- a/stable/cert-manager/webhook/templates/pki.yaml +++ b/stable/cert-manager/webhook/templates/pki.yaml @@ -12,7 +12,7 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: - selfsigned: {} + selfSigned: {} --- @@ -29,6 +29,7 @@ metadata: heritage: {{ .Release.Service }} spec: secretName: {{ include "webhook.rootCACertificate" . }} + duration: 43800h # 5y issuerRef: name: {{ include "webhook.selfSignedIssuer" . }} commonName: "ca.webhook.cert-manager" @@ -66,6 +67,7 @@ metadata: heritage: {{ .Release.Service }} spec: secretName: {{ include "webhook.servingCertificate" . }} + duration: 8760h # 1y issuerRef: name: {{ include "webhook.rootCAIssuer" . }} dnsNames: diff --git a/stable/cert-manager/webhook/values.yaml b/stable/cert-manager/webhook/values.yaml index 82499b5d4c1b..142b1f199163 100644 --- a/stable/cert-manager/webhook/values.yaml +++ b/stable/cert-manager/webhook/values.yaml @@ -28,7 +28,7 @@ resources: {} image: repository: quay.io/jetstack/cert-manager-webhook - tag: v0.6.0 + tag: v0.6.1 pullPolicy: IfNotPresent caSyncImage: From dab07b11a22fa6c4aa7f8b8ad8bae632927531c0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Mon, 18 Feb 2019 13:25:05 +0100 Subject: [PATCH 0208/1586] [stable/mongodb] Allow extra parameters in metrics exporter (#11488) * [stable/mongodb] Allow extra parameters in metrics exporter Signed-off-by: Javier J. Salmeron Garcia * Remove ghost values Signed-off-by: Javier J. Salmeron Garcia * Remove trailing whitespace Signed-off-by: Javier J. Salmeron Garcia --- stable/mongodb/Chart.yaml | 2 +- stable/mongodb/README.md | 1 + stable/mongodb/templates/deployment-standalone.yaml | 4 ++-- stable/mongodb/templates/statefulset-primary-rs.yaml | 4 ++-- stable/mongodb/templates/statefulset-secondary-rs.yaml | 4 ++-- stable/mongodb/values-production.yaml | 3 +++ stable/mongodb/values.yaml | 3 +++ 7 files changed, 14 insertions(+), 7 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index 7c4959385f17..a23040ce264b 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,5 +1,5 @@ name: mongodb -version: 5.3.4 +version: 5.4.0 appVersion: 4.0.6 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: diff --git a/stable/mongodb/README.md b/stable/mongodb/README.md index 0fefc6cc7381..7f959ebc164b 100644 --- a/stable/mongodb/README.md +++ b/stable/mongodb/README.md @@ -112,6 +112,7 @@ The following table lists the configurable parameters of the MongoDB chart and t | `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | | `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` (does not add image pull secrets to deployed pods) | | `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | {} | +| `metrics.extraArgs` | String with extra arguments for the MongoDB Exporter | `` | | `metrics.resources` | Exporter resource requests/limit | Memory: `256Mi`, CPU: `100m` | | `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | | `metrics.serviceMonitor.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | {} | diff --git a/stable/mongodb/templates/deployment-standalone.yaml b/stable/mongodb/templates/deployment-standalone.yaml index e221f11717e0..6360b928defb 100644 --- a/stable/mongodb/templates/deployment-standalone.yaml +++ b/stable/mongodb/templates/deployment-standalone.yaml @@ -165,9 +165,9 @@ spec: secretKeyRef: name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} key: mongodb-root-password - command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://root:${MONGODB_ROOT_PASSWORD}@localhost:{{ .Values.service.port }}/admin' ] + command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://root:${MONGODB_ROOT_PASSWORD}@localhost:{{ .Values.service.port }}/admin {{ .Values.metrics.extraArgs }}' ] {{- else }} - command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://localhost:{{ .Values.service.port }}' ] + command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://localhost:{{ .Values.service.port }} {{ .Values.metrics.extraArgs }}' ] {{- end }} ports: - name: metrics diff --git a/stable/mongodb/templates/statefulset-primary-rs.yaml b/stable/mongodb/templates/statefulset-primary-rs.yaml index ad74455868dc..b32523699f44 100644 --- a/stable/mongodb/templates/statefulset-primary-rs.yaml +++ b/stable/mongodb/templates/statefulset-primary-rs.yaml @@ -186,9 +186,9 @@ spec: secretKeyRef: name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} key: mongodb-root-password - command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://root:${MONGODB_ROOT_PASSWORD}@localhost:{{ .Values.service.port }}/admin' ] + command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://root:${MONGODB_ROOT_PASSWORD}@localhost:{{ .Values.service.port }}/admin {{ .Values.metrics.extraArgs }}' ] {{- else }} - command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://localhost:{{ .Values.service.port }}' ] + command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://localhost:{{ .Values.service.port }} {{ .Values.metrics.extraArgs }}' ] {{- end }} ports: - name: metrics diff --git a/stable/mongodb/templates/statefulset-secondary-rs.yaml b/stable/mongodb/templates/statefulset-secondary-rs.yaml index 69910ab3302c..1ff5e6995dea 100644 --- a/stable/mongodb/templates/statefulset-secondary-rs.yaml +++ b/stable/mongodb/templates/statefulset-secondary-rs.yaml @@ -170,9 +170,9 @@ spec: secretKeyRef: name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{- else }}{{ template "mongodb.fullname" . }}{{- end }} key: mongodb-root-password - command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://root:${MONGODB_ROOT_PASSWORD}@localhost:{{ .Values.service.port }}/admin' ] + command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://root:${MONGODB_ROOT_PASSWORD}@localhost:{{ .Values.service.port }}/admin {{ .Values.metrics.extraArgs }}' ] {{- else }} - command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://localhost:{{ .Values.service.port }}' ] + command: [ 'sh', '-c', '/bin/mongodb_exporter --mongodb.uri mongodb://localhost:{{ .Values.service.port }} {{ .Values.metrics.extraArgs }}' ] {{- end }} ports: - name: metrics diff --git a/stable/mongodb/values-production.yaml b/stable/mongodb/values-production.yaml index 5e357d9f6eac..c3da0ec52147 100644 --- a/stable/mongodb/values-production.yaml +++ b/stable/mongodb/values-production.yaml @@ -248,6 +248,9 @@ metrics: # pullSecrets: # - myRegistrKeySecretName + ## String with extra arguments to the metrics exporter + ## ref: https://github.com/dcu/mongodb_exporter/blob/master/mongodb_exporter.go + extraArgs: "" ## Metrics exporter resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## diff --git a/stable/mongodb/values.yaml b/stable/mongodb/values.yaml index d24a6527a1f7..fba5cda8cf62 100644 --- a/stable/mongodb/values.yaml +++ b/stable/mongodb/values.yaml @@ -248,6 +248,9 @@ metrics: # pullSecrets: # - myRegistrKeySecretName + ## String with extra arguments to the metrics exporter + ## ref: https://github.com/dcu/mongodb_exporter/blob/master/mongodb_exporter.go + extraArgs: "" ## Metrics exporter resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## From 7de3fa930007801f9b5e7d3afc7300c72bb0eed2 Mon Sep 17 00:00:00 2001 From: Ash Caire Date: Mon, 18 Feb 2019 21:00:51 +0800 Subject: [PATCH 0209/1586] [stable/prometheus-operator] Add custom PrometheusRules (#11266) This commit allows the specification of custom PrometheusRule resources via alertmanager.additionalPrometheusRules. To assist the implementation, the ServiceMonitor manifest has also been updated to remove the v1 List type, which was subsequently clobbered. Signed-off-by: Ash Caire --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 1 + .../prometheus-operator/ci/test-values.yaml | 8 ++++ .../alertmanager/prometheusrules.yaml | 17 +++++++ .../templates/prometheus/servicemonitors.yaml | 45 +++++++++---------- stable/prometheus-operator/values.yaml | 8 ++++ 6 files changed, 56 insertions(+), 25 deletions(-) create mode 100644 stable/prometheus-operator/templates/alertmanager/prometheusrules.yaml diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index e02edba0c1bc..137c3f185a4e 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.2.3 +version: 2.2.4 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index fd046c62a630..07ecd698d3be 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -207,6 +207,7 @@ The following tables lists the configurable parameters of the prometheus-operato | `alertmanager.service.externalIPs` | List of IP addresses at which the Alertmanager server service is available | `[]` | | `alertmanager.service.loadBalancerIP` | Alertmanager Loadbalancer IP | `""` | | `alertmanager.service.loadBalancerSourceRanges` | Alertmanager Load Balancer Source Ranges | `[]` | +| `alertmanager.additionalPrometheusRules` | List of `prometheusRule` objects to create. See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusrulespec | `[]` | | `alertmanager.config` | Provide YAML to configure Alertmanager. See https://prometheus.io/docs/alerting/configuration/#configuration-file. The default provided works to suppress the DeadMansSwitch alert from `defaultRules.create` | `{"global":{"resolve_timeout":"5m"},"route":{"group_by":["job"],"group_wait":"30s","group_interval":"5m","repeat_interval":"12h","receiver":"null","routes":[{"match":{"alertname":"DeadMansSwitch"},"receiver":"null"}]},"receivers":[{"name":"null"}]}` | | `alertmanager.alertmanagerSpec.podMetadata` | Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata Metadata Labels and Annotations gets propagated to the prometheus pods. | `{}` | | `alertmanager.alertmanagerSpec.image.tag` | Tag of Alertmanager container image to be deployed. | `v0.15.3` | diff --git a/stable/prometheus-operator/ci/test-values.yaml b/stable/prometheus-operator/ci/test-values.yaml index d0f9409a84b6..b930b95aac11 100644 --- a/stable/prometheus-operator/ci/test-values.yaml +++ b/stable/prometheus-operator/ci/test-values.yaml @@ -292,6 +292,14 @@ alertmanager: ## additionalPeers: [] + additionalPrometheusRules: [] + # - name: my_rule_file + # groups: + # - name: my_group + # rules: + # - record: my_record + # expr: 100 * my_record + ## Using default values from https://github.com/helm/charts/blob/master/stable/grafana/values.yaml ## grafana: diff --git a/stable/prometheus-operator/templates/alertmanager/prometheusrules.yaml b/stable/prometheus-operator/templates/alertmanager/prometheusrules.yaml new file mode 100644 index 000000000000..2db8ee1d61ea --- /dev/null +++ b/stable/prometheus-operator/templates/alertmanager/prometheusrules.yaml @@ -0,0 +1,17 @@ +{{- if and .Values.alertmanager.enabled .Values.alertmanager.additionalPrometheusRules }} +{{- range .Values.alertmanager.additionalPrometheusRules }} +apiVersion: {{ printf "%s/v1" ($.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} +kind: PrometheusRule +metadata: + name: {{ template "prometheus-operator.name" $ }}-{{ .name }} + labels: + app: {{ template "prometheus-operator.name" $ }} +{{ include "prometheus-operator.labels" $ | indent 4 }} + {{- if .additionalLabels }} +{{ toYaml .additionalLabels | indent 4 }} + {{- end }} +spec: + groups: +{{ toYaml .groups| indent 4 }} +{{- end }} +{{- end }} diff --git a/stable/prometheus-operator/templates/prometheus/servicemonitors.yaml b/stable/prometheus-operator/templates/prometheus/servicemonitors.yaml index 61f3ca3cf850..d1fc8451574d 100644 --- a/stable/prometheus-operator/templates/prometheus/servicemonitors.yaml +++ b/stable/prometheus-operator/templates/prometheus/servicemonitors.yaml @@ -1,29 +1,26 @@ {{- if and .Values.prometheus.enabled .Values.prometheus.additionalServiceMonitors }} -apiVersion: v1 -kind: List -items: {{- range .Values.prometheus.additionalServiceMonitors }} - - apiVersion: {{ printf "%s/v1" ($.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} - kind: ServiceMonitor - metadata: - name: {{ .name }} - labels: - app: {{ template "prometheus-operator.name" $ }}-prometheus -{{ include "prometheus-operator.labels" $ | indent 8 }} - {{- if .additionalLabels }} -{{ toYaml .additionalLabels | indent 8 }} - {{- end }} - spec: - endpoints: -{{ toYaml .endpoints | indent 8 }} - {{- if .jobLabel }} - jobLabel: {{ .jobLabel }} +apiVersion: {{ printf "%s/v1" ($.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} +kind: ServiceMonitor +metadata: + name: {{ template "prometheus-operator.name" $ }}-{{ .name }} + labels: + app: {{ template "prometheus-operator.name" $ }}-prometheus +{{ include "prometheus-operator.labels" $ | indent 4 }} + {{- if .additionalLabels }} +{{ toYaml .additionalLabels | indent 4 }} {{- end }} - {{- if .namespaceSelector }} - namespaceSelector: -{{ toYaml .namespaceSelector | indent 8 }} - {{- end }} - selector: -{{ toYaml .selector | indent 8 }} +spec: + endpoints: +{{ toYaml .endpoints | indent 4 }} +{{- if .jobLabel }} + jobLabel: {{ .jobLabel }} +{{- end }} +{{- if .namespaceSelector }} + namespaceSelector: +{{ toYaml .namespaceSelector | indent 4 }} +{{- end }} + selector: +{{ toYaml .selector | indent 4 }} {{- end }} {{- end }} diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index d3583256975a..0d0729bb84f3 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -292,6 +292,14 @@ alertmanager: ## additionalPeers: [] + additionalPrometheusRules: [] + # - name: my_rule_file + # groups: + # - name: my_group + # rules: + # - record: my_record + # expr: 100 * my_record + ## Using default values from https://github.com/helm/charts/blob/master/stable/grafana/values.yaml ## grafana: From e785f608074b9bb7e0fc7181c14e1194eb10dfe9 Mon Sep 17 00:00:00 2001 From: Steve Larkin Date: Mon, 18 Feb 2019 17:35:53 +0100 Subject: [PATCH 0210/1586] [stable/airflow] Remove dependency on initContainer for creating connections (#11495) Signed-off-by: Steve Larkin --- stable/airflow/Chart.yaml | 2 +- .../templates/deployments-scheduler.yaml | 24 +++++++++++-------- 2 files changed, 15 insertions(+), 11 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index faa7d0dd5f06..889ac4e61d6d 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,6 +1,6 @@ description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 0.17.3 +version: 0.17.4 appVersion: 1.10.0 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/templates/deployments-scheduler.yaml b/stable/airflow/templates/deployments-scheduler.yaml index 25972f2d3ec9..3c90e3fa0b0c 100755 --- a/stable/airflow/templates/deployments-scheduler.yaml +++ b/stable/airflow/templates/deployments-scheduler.yaml @@ -77,15 +77,15 @@ spec: {{- else if .Values.dags.initContainer.enabled }} - name: dags-data mountPath: {{ .Values.dags.path }} - {{- if .Values.airflow.connections }} - - name: connections - mountPath: /usr/local/connections - {{- end}} {{- end }} {{- if .Values.logsPersistence.enabled }} - name: logs-data mountPath: {{ .Values.logs.path }} {{- end }} + {{- if .Values.airflow.connections }} + - name: connections + mountPath: /usr/local/connections + {{- end}} args: - "bash" - "-c" @@ -113,6 +113,10 @@ spec: export PATH=/usr/local/airflow/.local/bin:$PATH && echo "executing initdb" && airflow initdb && + {{- if .Values.airflow.connections }} + echo "adding connections" && + /usr/local/connections/add-connections.sh && + {{- end }} echo "executing scheduler" && airflow scheduler -n {{ .Values.airflow.schedulerNumRuns }} {{- end }} @@ -138,12 +142,6 @@ spec: configMap: name: {{ template "airflow.fullname" . }}-git-clone defaultMode: 0755 - {{- if .Values.airflow.connections }} - - name: connections - secret: - secretName: {{ template "airflow.fullname" . }}-connections - defaultMode: 0755 - {{- end }} {{- if .Values.dags.git.secret }} - name: git-clone-secret secret: @@ -151,3 +149,9 @@ spec: defaultMode: 0700 {{- end }} {{- end }} + {{- if .Values.airflow.connections }} + - name: connections + secret: + secretName: {{ template "airflow.fullname" . }}-connections + defaultMode: 0755 + {{- end }} From 8ade52063ff2faa61a0e0bdeedac97953233862e Mon Sep 17 00:00:00 2001 From: Jannis Oeltjen Date: Mon, 18 Feb 2019 19:28:59 +0100 Subject: [PATCH 0211/1586] [stable/sonarqube] missing documentation for existingClaim (#11444) * [stable/sonarqube] Add missing documentation for persistence.existingClaim Signed-off-by: Jannis Oeltjen * [stable/sonarqube] bump version Signed-off-by: Jannis Oeltjen * [stable/sonarqube] Remove trailing whitespaces in values.yml Signed-off-by: Jannis Oeltjen --- stable/sonarqube/Chart.yaml | 2 +- stable/sonarqube/README.md | 1 + stable/sonarqube/values.yaml | 4 ++++ 3 files changed, 6 insertions(+), 1 deletion(-) diff --git a/stable/sonarqube/Chart.yaml b/stable/sonarqube/Chart.yaml index 702605669914..2cf880072ae7 100644 --- a/stable/sonarqube/Chart.yaml +++ b/stable/sonarqube/Chart.yaml @@ -1,6 +1,6 @@ name: sonarqube description: Sonarqube is an open sourced code quality scanning tool -version: 0.14.0 +version: 0.14.1 appVersion: 7.6 keywords: - coverage diff --git a/stable/sonarqube/README.md b/stable/sonarqube/README.md index fde78b6233bf..c7e2afffd2a9 100644 --- a/stable/sonarqube/README.md +++ b/stable/sonarqube/README.md @@ -55,6 +55,7 @@ The following table lists the configurable parameters of the Sonarqube chart and | `service.loadBalancerSourceRanges` | Kubernetes service LB Allowed inbound IP addresses | 0.0.0.0/0 | | `service.loadBalancerIP` | Kubernetes service LB Optional fixed external IP | None | | `persistence.enabled` | Flag for enabling persistent storage | false | +| `persistence.existingClaim` | Do not create a new PVC but use this one | None | | `persistence.storageClass` | Storage class to be used | "-" | | `persistence.accessMode` | Volumes access mode to be set | `ReadWriteOnce` | | `persistence.size` | Size of the volume | None | diff --git a/stable/sonarqube/values.yaml b/stable/sonarqube/values.yaml index 4bbfece51426..172fe894ca6e 100755 --- a/stable/sonarqube/values.yaml +++ b/stable/sonarqube/values.yaml @@ -90,6 +90,10 @@ resources: {} # memory: 128Mi persistence: enabled: false + ## Specify an existing volume claim instead of creating a new one. + ## When using this option all following options like storageClass, accessMode and size are ignored. + # existingClaim: + ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is From 6b08a1052b88f8211d066c1cac458564fca7d933 Mon Sep 17 00:00:00 2001 From: Eduardo Baitello Date: Mon, 18 Feb 2019 16:34:45 -0300 Subject: [PATCH 0212/1586] [stable/prometheus-operator] fix README.md (#11333) * Fix stable/prometheus-operator README.md Fix configuration parameter documentation for controller-manager Exporter Signed-off-by: Eduardo Baitello * [stable/prometheus-operator] Bump chart version Signed-off-by: Eduardo Baitello --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 137c3f185a4e..be664f8f8b65 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.2.4 +version: 2.2.5 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index 07ecd698d3be..1f8bd0ee6f44 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -265,7 +265,7 @@ The following tables lists the configurable parameters of the prometheus-operato | `kubeControllerManager.endpoints` | Endpoints where Controller-manager runs. Provide this if running Controller-manager outside the cluster | `[]` | | `kubeControllermanager.service.port` | Controller-manager port for the service runs on | `10252` | | `kubeControllermanager.service.targetPort` | Controller-manager targetPort for the service runs on | `10252` | -| `kubeControllermanager.service.targetPort.selector` | Controller-manager service selector | `{"k8s-app" : "kube-controller-manager" }` +| `kubeControllermanager.service.selector` | Controller-manager service selector | `{"k8s-app" : "kube-controller-manager" }` | `coreDns.enabled` | Deploy coreDns scraping components. Use either this or kubeDns | true | | `coreDns.service.port` | CoreDns port | `9153` | | `coreDns.service.targetPort` | CoreDns targetPort | `9153` | From 2825962427f016b8220b429ae73b399f96e6040a Mon Sep 17 00:00:00 2001 From: Sergei Ivanov Date: Mon, 18 Feb 2019 19:57:06 +0000 Subject: [PATCH 0213/1586] Reuse nexus.fullname template in nexus.proxy-ks.name (#11083) Get rid of double dash and use a shorter name when the release name contains chart name Signed-off-by: Sergei Ivanov --- stable/sonatype-nexus/Chart.yaml | 2 +- stable/sonatype-nexus/templates/_helpers.tpl | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/stable/sonatype-nexus/Chart.yaml b/stable/sonatype-nexus/Chart.yaml index 96a06c064b16..248b314523d4 100644 --- a/stable/sonatype-nexus/Chart.yaml +++ b/stable/sonatype-nexus/Chart.yaml @@ -1,5 +1,5 @@ name: sonatype-nexus -version: 1.16.0 +version: 1.16.1 appVersion: 3.15.2-01 description: Sonatype Nexus is an open source repository manager keywords: diff --git a/stable/sonatype-nexus/templates/_helpers.tpl b/stable/sonatype-nexus/templates/_helpers.tpl index f60b262c6cea..3cd2c837e44d 100644 --- a/stable/sonatype-nexus/templates/_helpers.tpl +++ b/stable/sonatype-nexus/templates/_helpers.tpl @@ -36,8 +36,7 @@ Create a default fully qualified name for proxy keystore secret. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "nexus.proxy-ks.name" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s-%s" $name .Release.Name "-proxy-ks" | trunc 63 | trimSuffix "-" -}} +{{- printf "%s-%s" (include "nexus.fullname" .) "proxy-ks" | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* Manage the labels for each entity */}} From 155659de436be352b0e8fd12d4954d82c62c7068 Mon Sep 17 00:00:00 2001 From: Jannis Oeltjen Date: Mon, 18 Feb 2019 21:06:20 +0100 Subject: [PATCH 0214/1586] [stable/sonarqube] Option for settings encryption secret (#11419) Add another option to use a Kubernetes Secret for settings encryption by setting the the sonar.secretKeyPath property and mounting the actual secret file as a volume. Signed-off-by: Jannis Oeltjen --- stable/sonarqube/Chart.yaml | 2 +- stable/sonarqube/README.md | 1 + stable/sonarqube/templates/config.yaml | 10 ++++++++-- stable/sonarqube/templates/deployment.yaml | 12 ++++++++++++ stable/sonarqube/values.yaml | 5 +++++ 5 files changed, 27 insertions(+), 3 deletions(-) diff --git a/stable/sonarqube/Chart.yaml b/stable/sonarqube/Chart.yaml index 2cf880072ae7..0e76e403cfa8 100644 --- a/stable/sonarqube/Chart.yaml +++ b/stable/sonarqube/Chart.yaml @@ -1,6 +1,6 @@ name: sonarqube description: Sonarqube is an open sourced code quality scanning tool -version: 0.14.1 +version: 0.15.0 appVersion: 7.6 keywords: - coverage diff --git a/stable/sonarqube/README.md b/stable/sonarqube/README.md index c7e2afffd2a9..3c18165c49b6 100644 --- a/stable/sonarqube/README.md +++ b/stable/sonarqube/README.md @@ -60,6 +60,7 @@ The following table lists the configurable parameters of the Sonarqube chart and | `persistence.accessMode` | Volumes access mode to be set | `ReadWriteOnce` | | `persistence.size` | Size of the volume | None | | `sonarProperties` | Custom `sonar.properties` file | None | +| `sonarSecretKey` | Name of existing secret used for settings encryption | None | | `database.type` | Set to "mysql" to use mysql database | `postgresql`| | `postgresql.enabled` | Set to `false` to use external server / mysql database | `true` | | `postgresql.postgresServer` | Hostname of the external Postgresql server| `null` | diff --git a/stable/sonarqube/templates/config.yaml b/stable/sonarqube/templates/config.yaml index b571bb4c9f6d..01d1e334f18b 100644 --- a/stable/sonarqube/templates/config.yaml +++ b/stable/sonarqube/templates/config.yaml @@ -9,7 +9,13 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} data: + {{- if and .Values.sonarSecretKey (not .Values.sonarProperties) }} + sonar.properties: sonar.secretKeyPath=/opt/sonarqube/secret/sonar-secret.txt + {{- end }} {{- if .Values.sonarProperties }} sonar.properties: -{{ toYaml .Values.sonarProperties | indent 4}} - {{- end}} +{{ toYaml .Values.sonarProperties | indent 4 }} + {{- end }} + {{- if and .Values.sonarSecretKey .Values.sonarProperties }} + sonar.secretKeyPath=/opt/sonarqube/secret/sonar-secret.txt + {{- end }} diff --git a/stable/sonarqube/templates/deployment.yaml b/stable/sonarqube/templates/deployment.yaml index 688bc1b475e7..6362ac6c5773 100644 --- a/stable/sonarqube/templates/deployment.yaml +++ b/stable/sonarqube/templates/deployment.yaml @@ -119,6 +119,10 @@ spec: - mountPath: /opt/sonarqube/conf/ name: config {{- end }} + {{- if .Values.sonarSecretKey }} + - mountPath: /opt/sonarqube/secret/ + name: secret + {{- end }} - mountPath: /opt/sonarqube/data name: sonarqube subPath: data @@ -150,6 +154,14 @@ spec: - key: sonar.properties path: sonar.properties {{- end }} + {{- if .Values.sonarSecretKey }} + - name: secret + secret: + secretName: {{ .Values.sonarSecretKey }} + items: + - key: sonar-secret.txt + path: sonar-secret.txt + {{- end }} - name: install-plugins configMap: name: {{ template "sonarqube.fullname" . }}-install-plugins diff --git a/stable/sonarqube/values.yaml b/stable/sonarqube/values.yaml index 172fe894ca6e..fd8ec4b04683 100755 --- a/stable/sonarqube/values.yaml +++ b/stable/sonarqube/values.yaml @@ -126,6 +126,11 @@ plugins: # sonar.security.realm=LDAP # ldap.url=ldaps://organization.com +# Kubernetes secret that contains the encryption key for the sonarqube instance. +# The secret must contain the key 'sonar-secret.txt'. +# The 'sonar.secretKeyPath' property will be set automatically. +# sonarSecretKey: "settings-encryption-secret" + ## Configuration value to select database type ## Option to use "postgresql" or "mysql" database type, by default "postgresql" is chosen ## Set the "enable" field to true of the database type you select (if you want to use internal database) and false of the one you don't select From 482af9cb85f2955836f99ae828ca0c0c3a393ff2 Mon Sep 17 00:00:00 2001 From: Pavel Dmytrenko Date: Tue, 19 Feb 2019 00:15:29 +0200 Subject: [PATCH 0215/1586] [stable/kibana] Fix initContainers indentation (#11324) * [stable/kibana] Fix indentation for initContainers Signed-off-by: Pavel Dmytrenko * [stable/kibana] Add test case Signed-off-by: Pavel Dmytrenko * [stable/kibana] Bump version Signed-off-by: Pavel Dmytrenko * [stable/kibana] Simplify dashboardImport testcase Signed-off-by: Pavel Dmytrenko * [stable/kibana] Add testcase for all init container types Signed-off-by: Pavel Dmytrenko * [stable/kibana] Update logtrail plugin to v6.6.0 compatible Signed-off-by: Pavel Dmytrenko --- stable/kibana/Chart.yaml | 2 +- .../kibana/ci/initcontainers-all-values.yaml | 22 +++++++++++++++++++ stable/kibana/ci/plugin-install.yaml | 2 +- stable/kibana/templates/deployment.yaml | 4 ++-- stable/kibana/values.yaml | 2 +- 5 files changed, 27 insertions(+), 5 deletions(-) create mode 100644 stable/kibana/ci/initcontainers-all-values.yaml diff --git a/stable/kibana/Chart.yaml b/stable/kibana/Chart.yaml index 7fb1e9f7998e..756b32f7ed26 100644 --- a/stable/kibana/Chart.yaml +++ b/stable/kibana/Chart.yaml @@ -1,5 +1,5 @@ name: kibana -version: 1.5.1 +version: 1.5.2 appVersion: 6.6.0 description: Kibana is an open source data visualization plugin for Elasticsearch icon: https://raw.githubusercontent.com/elastic/kibana/master/src/ui/public/icons/kibana-color.svg diff --git a/stable/kibana/ci/initcontainers-all-values.yaml b/stable/kibana/ci/initcontainers-all-values.yaml new file mode 100644 index 000000000000..986c21fd3841 --- /dev/null +++ b/stable/kibana/ci/initcontainers-all-values.yaml @@ -0,0 +1,22 @@ +--- +# enable all init container types + +# A dashboard is defined by a name and a string with the json payload or the download url +dashboardImport: + dashboards: + k8s: https://raw.githubusercontent.com/monotek/kibana-dashboards/master/k8s-fluentd-elasticsearch.json + +# Enable the plugin init container with plugins retrieved from an URL +plugins: + enabled: true + reset: false + # Use to add/upgrade plugin + values: + - logtrail,0.1.31,https://github.com/sivasamyk/logtrail/releases/download/v0.1.31/logtrail-6.6.0-0.1.31.zip + # - other_plugin + +# Add your own init container +initContainers: + echo-container: + image: "busybox" + command: ['sh', '-c', 'echo Hello from init container! && sleep 3'] diff --git a/stable/kibana/ci/plugin-install.yaml b/stable/kibana/ci/plugin-install.yaml index 57912bd6197f..8e9284a60f18 100644 --- a/stable/kibana/ci/plugin-install.yaml +++ b/stable/kibana/ci/plugin-install.yaml @@ -5,5 +5,5 @@ plugins: reset: false # Use to add/upgrade plugin values: - - logtrail,0.1.30,https://github.com/sivasamyk/logtrail/releases/download/v0.1.30/logtrail-6.4.3-0.1.30.zip + - logtrail,0.1.31,https://github.com/sivasamyk/logtrail/releases/download/v0.1.31/logtrail-6.6.0-0.1.31.zip # - other_plugin diff --git a/stable/kibana/templates/deployment.yaml b/stable/kibana/templates/deployment.yaml index b7377f09ded4..1daf0d33856c 100644 --- a/stable/kibana/templates/deployment.yaml +++ b/stable/kibana/templates/deployment.yaml @@ -36,8 +36,8 @@ spec: initContainers: {{- if .Values.initContainers }} {{- range $key, $value := .Values.initContainers }} - - name: "{{ $key }}" -{{ toYaml $value | indent 10 }} + - name: "{{ $key }}" +{{ toYaml $value | indent 8 }} {{- end }} {{- end }} {{- if .Values.dashboardImport.dashboards }} diff --git a/stable/kibana/values.yaml b/stable/kibana/values.yaml index b547edec3753..615474370c70 100644 --- a/stable/kibana/values.yaml +++ b/stable/kibana/values.yaml @@ -163,7 +163,7 @@ plugins: # Use to add/upgrade plugin values: # - elastalert-kibana-plugin,1.0.1,https://github.com/bitsensor/elastalert-kibana-plugin/releases/download/1.0.1/elastalert-kibana-plugin-1.0.1-6.4.2.zip - # - logtrail,0.1.30,https://github.com/sivasamyk/logtrail/releases/download/v0.1.30/logtrail-6.4.2-0.1.30.zip + # - logtrail,0.1.31,https://github.com/sivasamyk/logtrail/releases/download/v0.1.31/logtrail-6.6.0-0.1.31.zip # - other_plugin persistentVolumeClaim: From b0298e4f359baba704df9060b33a577ecc12e477 Mon Sep 17 00:00:00 2001 From: Tom Riley <11618735+thomasriley@users.noreply.github.com> Date: Mon, 18 Feb 2019 22:54:11 +0000 Subject: [PATCH 0216/1586] Add optional support for configuring Prometheus scrape ServiceMonitor (#11451) * Add optional support for configuring Prometheus scrape via Prometheus-Operator ServiceMonitor Signed-off-by: thomasriley * Bump Chart version Signed-off-by: thomasriley * Fix linting error Signed-off-by: thomasriley * Make the namespace value optional and remove the unnecessary telemetryPath & interval options Signed-off-by: thomasriley * Re-add interval and metrics path options but make them optional Signed-off-by: thomasriley --- stable/filebeat/Chart.yaml | 2 +- stable/filebeat/templates/servicemonitor.yaml | 30 +++++++++++++++++++ stable/filebeat/values.yaml | 11 +++++++ 3 files changed, 42 insertions(+), 1 deletion(-) create mode 100644 stable/filebeat/templates/servicemonitor.yaml diff --git a/stable/filebeat/Chart.yaml b/stable/filebeat/Chart.yaml index 3b718030ba68..8ce01f4c549c 100644 --- a/stable/filebeat/Chart.yaml +++ b/stable/filebeat/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: A Helm chart to collect Kubernetes logs with filebeat icon: https://www.elastic.co/assets/blt47799dcdcf08438d/logo-elastic-beats-lt.svg name: filebeat -version: 1.3.0 +version: 1.4.0 appVersion: 6.6.0 home: https://www.elastic.co/products/beats/filebeat sources: diff --git a/stable/filebeat/templates/servicemonitor.yaml b/stable/filebeat/templates/servicemonitor.yaml new file mode 100644 index 000000000000..6eb5ff19504f --- /dev/null +++ b/stable/filebeat/templates/servicemonitor.yaml @@ -0,0 +1,30 @@ +{{- if and ( .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" ) ( .Values.monitoring.serviceMonitor.enabled ) ( .Values.monitoring.enabled ) }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: +{{- if .Values.monitoring.serviceMonitor.labels }} + labels: +{{ toYaml .Values.monitoring.serviceMonitor.labels | indent 4}} +{{- end }} + name: {{ template "filebeat.fullname" . }}-prometheus-exporter +{{- if .Values.monitoring.serviceMonitor.namespace }} + namespace: {{ .Values.monitoring.serviceMonitor.namespace }} +{{- end }} +spec: + endpoints: + - targetPort: {{ .Values.monitoring.exporterPort }} +{{- if .Values.monitoring.serviceMonitor.interval }} + interval: {{ .Values.monitoring.serviceMonitor.interval }} +{{- end }} +{{- if .Values.monitoring.serviceMonitor.telemetryPath }} + path: {{ .Values.monitoring.serviceMonitor.telemetryPath }} +{{- end }} + jobLabel: {{ template "filebeat.fullname" . }}-prometheus-exporter + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + selector: + matchLabels: + app: {{ template "filebeat.name" . }} + release: {{ .Release.Name }} +{{- end }} \ No newline at end of file diff --git a/stable/filebeat/values.yaml b/stable/filebeat/values.yaml index 8f5276410919..5d8606c2b177 100644 --- a/stable/filebeat/values.yaml +++ b/stable/filebeat/values.yaml @@ -145,6 +145,17 @@ podSecurityPolicy: ## Dont forget to enable http on config.http.enabled (exposing filebeat stats) monitoring: enabled: true + serviceMonitor: + # When set true and if Prometheus Operator is installed then use a ServiceMonitor to configure scraping + enabled: true + # Set the namespace the ServiceMonitor should be deployed + # namespace: monitoring + # Set how frequently Prometheus should scrape + # interval: 30s + # Set path to beats-exporter telemtery-path + # telemetryPath: /metrics + # Set labels for the ServiceMonitor, use this to define your scrape label for Prometheus Operator + # labels: image: repository: trustpilot/beat-exporter tag: 0.1.1 From 57e7476a388012e72363a182108f4b18d5079699 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?N=C3=A9stor=20Salceda?= Date: Tue, 19 Feb 2019 07:53:17 +0100 Subject: [PATCH 0217/1586] [stable/sysdig] Improvements for latests versions of Sysdig Agent (#11493) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Use a 5s pod termination grace period Is lowered to avoid data gaps if the pod fails to terminate quickly. The faster it finishes less time takes a new agent to start up successfully, thus it means prevent some data gaps. Signed-off-by: Néstor Salceda * Check for running file instead of relying on logs Some people disable log files and this can be problematic. Signed-off-by: Néstor Salceda * Mount whole /run and /var/run inside the container This is done for accessing the CRI / containerd socket, when present. Signed-off-by: Néstor Salceda * Avoid floating references for the agent This is described on [Best Practices](https://github.com/helm/helm/blob/master/docs/chart_best_practices/pods.md) Signed-off-by: Néstor Salceda * Update Chart version and CHANGELOG Signed-off-by: Néstor Salceda --- stable/sysdig/CHANGELOG.md | 9 +++++++++ stable/sysdig/Chart.yaml | 4 ++-- stable/sysdig/README.md | 4 ++-- stable/sysdig/templates/daemonset.yaml | 19 ++++++++++++------- stable/sysdig/values.yaml | 4 ++-- 5 files changed, 27 insertions(+), 13 deletions(-) diff --git a/stable/sysdig/CHANGELOG.md b/stable/sysdig/CHANGELOG.md index a45391dd5e35..a30f2986b923 100644 --- a/stable/sysdig/CHANGELOG.md +++ b/stable/sysdig/CHANGELOG.md @@ -3,6 +3,15 @@ This file documents all notable changes to Sysdig Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v1.3.0 + +### Major Changes + +* Use a lower pod termination grace period for avoiding data gaps when pod fails to terminate quickly. +* Check running file on readinessProbe instead of relaying on logs. +* Mount /run and /var/run instead of Docker socket. It allows to access CRI / containerd socket. +* Avoid floating references for the image. + ## v1.2.1 ### Minor Changes diff --git a/stable/sysdig/Chart.yaml b/stable/sysdig/Chart.yaml index 147b62be13d9..fa08faf04600 100755 --- a/stable/sysdig/Chart.yaml +++ b/stable/sysdig/Chart.yaml @@ -1,6 +1,6 @@ name: sysdig -version: 1.2.2 -appVersion: 0.81.0 +version: 1.3.0 +appVersion: 0.88.1 description: Sysdig Monitor and Secure agent keywords: - monitoring diff --git a/stable/sysdig/README.md b/stable/sysdig/README.md index 6b7faf4daabb..432e28969bfd 100644 --- a/stable/sysdig/README.md +++ b/stable/sysdig/README.md @@ -42,8 +42,8 @@ The following table lists the configurable parameters of the Sysdig chart and th | --- | --- | --- | | `image.registry` | Sysdig agent image registry | `docker.io` | | `image.repository` | The image repository to pull from | `sysdig/agent` | -| `image.tag` | The image tag to pull | `latest` | -| `image.pullPolicy` | The Image pull policy | `Always` | +| `image.tag` | The image tag to pull | `0.88.1` | +| `image.pullPolicy` | The Image pull policy | `IfNotPresent` | | `image.pullSecrets` | Image pull secrets | `nil` | | `rbac.create` | If true, create & use RBAC resources | `true` | | `serviceAccount.create` | Create serviceAccount | `true` | diff --git a/stable/sysdig/templates/daemonset.yaml b/stable/sysdig/templates/daemonset.yaml index cdd23a3758e6..f990fafeb3a9 100644 --- a/stable/sysdig/templates/daemonset.yaml +++ b/stable/sysdig/templates/daemonset.yaml @@ -25,6 +25,7 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet hostPID: true + terminationGracePeriodSeconds: 5 {{- if .Values.image.pullSecrets }} imagePullSecrets: {{ toYaml .Values.image.pullSecrets | indent 8 }} @@ -39,12 +40,9 @@ spec: privileged: true readinessProbe: exec: - command: [ "test", "-e", "/opt/draios/logs/draios.log" ] + command: [ "test", "-e", "/opt/draios/logs/running" ] initialDelaySeconds: 10 volumeMounts: - - mountPath: /host/var/run/docker.sock - name: docker-sock - readOnly: false - mountPath: /host/dev name: dev-vol readOnly: false @@ -60,6 +58,10 @@ spec: - mountPath: /host/usr name: usr-vol readOnly: true + - mountPath: /host/run + name: run-vol + - mountPath: /host/var/run + name: varrun-vol - mountPath: /dev/shm name: dshm - mountPath: /opt/draios/etc/kubernetes/config @@ -74,9 +76,6 @@ spec: - name: dshm emptyDir: medium: Memory - - name: docker-sock - hostPath: - path: /var/run/docker.sock - name: dev-vol hostPath: path: /dev @@ -92,6 +91,12 @@ spec: - name: usr-vol hostPath: path: /usr + - name: run-vol + hostPath: + path: /run + - name: varrun-vol + hostPath: + path: /var/run - name: sysdig-agent-config configMap: name: {{ template "sysdig.fullname" . }} diff --git a/stable/sysdig/values.yaml b/stable/sysdig/values.yaml index ad04fd16d500..550e51be874b 100644 --- a/stable/sysdig/values.yaml +++ b/stable/sysdig/values.yaml @@ -3,11 +3,11 @@ image: registry: docker.io repository: sysdig/agent - tag: latest + tag: 0.88.1 # Specify a imagePullPolicy # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images - pullPolicy: Always + pullPolicy: IfNotPresent # Optionally specify an array of imagePullSecrets. # Secrets must be manually created in the namespace. # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ From 51b2fd57f5394a322bbf65609041ad2382d52124 Mon Sep 17 00:00:00 2001 From: acondrat Date: Tue, 19 Feb 2019 11:33:29 +0200 Subject: [PATCH 0218/1586] [stable/prometheus] allow for relabeling in the apiserver ServiceMonitor (#11015) * Relablings for the API Server ServiceMonitor Signed-off-by: Arcadie Condrat * removed extra spaces Signed-off-by: Arcadie Condrat * version bump Signed-off-by: Arcadie Condrat * version bump Signed-off-by: Arcadie Condrat * version bump Signed-off-by: Arcadie Condrat * version bump Signed-off-by: Arcadie Condrat * version bump Signed-off-by: acondrat * version bump Signed-off-by: acondrat --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 1 + .../exporters/kube-api-server/servicemonitor.yaml | 4 ++++ stable/prometheus-operator/values.yaml | 12 ++++++++++++ 4 files changed, 18 insertions(+), 1 deletion(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index be664f8f8b65..b1ff65dc7c4f 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.2.5 +version: 2.2.6 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index 1f8bd0ee6f44..f815825a5b15 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -254,6 +254,7 @@ The following tables lists the configurable parameters of the prometheus-operato | Parameter | Description | Default | | ----- | ----------- | ------ | | `kubeApiServer.enabled` | Deploy `serviceMonitor` to scrape the Kubernetes API server | `true` | +| `kubeApiServer.relabelings` | Relablings for the API Server ServiceMonitor | `[]` | | `kubeApiServer.tlsConfig.serverName` | Name of the server to use when validating TLS certificate | `kubernetes` | | `kubeApiServer.tlsConfig.insecureSkipVerify` | Skip TLS certificate validation when scraping | `false` | | `kubeApiServer.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus | `component` | diff --git a/stable/prometheus-operator/templates/exporters/kube-api-server/servicemonitor.yaml b/stable/prometheus-operator/templates/exporters/kube-api-server/servicemonitor.yaml index a0bf69657af1..60d600cda836 100644 --- a/stable/prometheus-operator/templates/exporters/kube-api-server/servicemonitor.yaml +++ b/stable/prometheus-operator/templates/exporters/kube-api-server/servicemonitor.yaml @@ -12,6 +12,10 @@ spec: interval: 30s port: https scheme: https +{{- if .Values.kubeApiServer.relabelings }} + relabelings: +{{ toYaml .Values.kubeApiServer.relabelings | indent 6 }} +{{- end }} tlsConfig: caFile: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt serverName: {{ .Values.kubeApiServer.tlsConfig.serverName }} diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index 0d0729bb84f3..f3666abbdda2 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -364,6 +364,18 @@ kubeApiServer: serverName: kubernetes insecureSkipVerify: false + ## If your API endpoint address is not reachable (as in AKS) you can replace it with the kubernetes service + ## + relabelings: [] + # - sourceLabels: + # - __meta_kubernetes_namespace + # - __meta_kubernetes_service_name + # - __meta_kubernetes_endpoint_port_name + # action: keep + # regex: default;kubernetes;https + # - targetLabel: __address__ + # replacement: kubernetes.default.svc:443 + serviceMonitor: jobLabel: component selector: From 4e22b0120f0101f14b9a325b539b84d18596ba33 Mon Sep 17 00:00:00 2001 From: boxboatmatt <36642033+boxboatmatt@users.noreply.github.com> Date: Tue, 19 Feb 2019 04:50:26 -0500 Subject: [PATCH 0219/1586] Add the ability to specify labels and annotations for service, pod and deployment (#11205) Signed-off-by: Matthew DeVenny --- stable/mssql-linux/Chart.yaml | 2 +- stable/mssql-linux/README.md | 4 ++++ stable/mssql-linux/templates/deployment.yaml | 10 ++++++++++ stable/mssql-linux/templates/service.yaml | 3 +++ stable/mssql-linux/values.yaml | 5 +++++ 5 files changed, 23 insertions(+), 1 deletion(-) diff --git a/stable/mssql-linux/Chart.yaml b/stable/mssql-linux/Chart.yaml index c9d522d24c4b..b20477481aaf 100644 --- a/stable/mssql-linux/Chart.yaml +++ b/stable/mssql-linux/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: SQL Server 2017 Linux Helm Chart name: mssql-linux -version: 0.6.5 +version: 0.7.0 appVersion: 14.0.3023.8 home: https://hub.docker.com/r/microsoft/mssql-server-linux/ icon: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1I4Dx diff --git a/stable/mssql-linux/README.md b/stable/mssql-linux/README.md index 07900ea142e5..6cb7c741b19d 100644 --- a/stable/mssql-linux/README.md +++ b/stable/mssql-linux/README.md @@ -99,7 +99,11 @@ The configuration parameters in this section control the resources requested and | service.type | Service Type | `ClusterIP` | | service.port | Service Port | `1433` | | service.annotations | Kubernetes service annotations | `{}` | +| service.labels | Kubernetes service labels | `{}` | | deployment.annotations | Kubernetes deployment annotations | `{}` | +| deployment.labels | Kubernetes deployment labels | `{}` | +| pod.annotations | Kubernetes pod annotations | `{}` | +| pod.labels | Kubernetes pod labels | `{}` | | collation | Default collation for SQL Server | `SQL_Latin1_General_CP1_CI_AS` | | lcid | Default languages for SQL Server | `1033` | | hadr | Enable Availability Group | `0` | diff --git a/stable/mssql-linux/templates/deployment.yaml b/stable/mssql-linux/templates/deployment.yaml index c72ca334fa8d..c07344cf6188 100644 --- a/stable/mssql-linux/templates/deployment.yaml +++ b/stable/mssql-linux/templates/deployment.yaml @@ -7,6 +7,9 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} +{{- if .Values.deployment.labels }} +{{ toYaml .Values.deployment.labels | indent 4 }} +{{- end }} {{- if .Values.deployment.annotations }} annotations: {{ toYaml .Values.deployment.annotations | indent 4 }} @@ -22,6 +25,13 @@ spec: labels: app: {{ template "mssql.name" . }} release: {{ .Release.Name }} +{{- if .Values.pod.labels }} +{{ toYaml .Values.pod.labels | indent 8 }} +{{- end }} +{{- if .Values.pod.annotations }} + annotations: +{{ toYaml .Values.pod.annotations | indent 8 }} +{{- end }} spec: containers: - name: {{ .Chart.Name }} diff --git a/stable/mssql-linux/templates/service.yaml b/stable/mssql-linux/templates/service.yaml index 017f1936aa1b..74f34a525d1f 100644 --- a/stable/mssql-linux/templates/service.yaml +++ b/stable/mssql-linux/templates/service.yaml @@ -7,6 +7,9 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} +{{- if .Values.service.labels }} +{{ toYaml .Values.service.labels | indent 4 }} +{{- end }} {{- if .Values.service.annotations }} annotations: {{ toYaml .Values.service.annotations | indent 4 }} diff --git a/stable/mssql-linux/values.yaml b/stable/mssql-linux/values.yaml index 22882a57cc6e..fd42de1db3bf 100644 --- a/stable/mssql-linux/values.yaml +++ b/stable/mssql-linux/values.yaml @@ -22,8 +22,13 @@ service: type: ClusterIP port: 1433 annotations: {} + labels: {} deployment: annotations: {} + labels: {} +pod: + annotations: {} + labels: {} persistence: enabled: true # existingDataClaim: From a32221a9596d6cc3fa4baf602a59afa51601f12c Mon Sep 17 00:00:00 2001 From: Mathias Petermann Date: Tue, 19 Feb 2019 13:07:27 +0100 Subject: [PATCH 0220/1586] [stable/jenkins] Fix markdown syntax in README (#11496) * Fix markdown syntax Signed-off-by: mathias petermann * Version bump Signed-off-by: mathias petermann --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/README.md | 14 +++++++------- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index 9d80bda127db..427161b6e805 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.32.6 +version: 0.32.7 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index 3e9bcbc7239d..61bdc3b11c36 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -115,13 +115,13 @@ Some third-party systems, e.g. GitHub, use HTML-formatted data in their payload | `Agent.Privileged` | Agent privileged container | `false` | | `Agent.resources` | Resources allocation (Requests and Limits) | `{requests: {cpu: 200m, memory: 256Mi}, limits: {cpu: 200m, memory: 256Mi}}`| | `Agent.volumes` | Additional volumes | `nil` | -| `Agent.envVars | Environment variables for the slave Pod | Not set | -| `Agent.Command | Executed command when side container starts | Not set | -| `Agent.Args | Arguments passed to executed command | Not set | -| `Agent.SideContainerName | Side container name in agent | jnlp | -| `Agent.TTYEnabled | Allocate pseudo tty to the side container | false | -| `Agent.ContainerCap | Maximum number of agent | 10 | -| `Agent.PodName | slave Pod base name | Not set | +| `Agent.envVars` | Environment variables for the slave Pod | Not set | +| `Agent.Command` | Executed command when side container starts | Not set | +| `Agent.Args` | Arguments passed to executed command | Not set | +| `Agent.SideContainerName` | Side container name in agent | jnlp | +| `Agent.TTYEnabled` | Allocate pseudo tty to the side container | false | +| `Agent.ContainerCap` | Maximum number of agent | 10 | +| `Agent.PodName` | slave Pod base name | Not set | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. From 9981867ce76520d34e0c831a318af38a62d6c0a8 Mon Sep 17 00:00:00 2001 From: Naseem Date: Tue, 19 Feb 2019 07:18:56 -0500 Subject: [PATCH 0221/1586] Add upgrading section to readme (#11515) Signed-off-by: Naseem Ullah --- stable/datadog/Chart.yaml | 2 +- stable/datadog/README.md | 8 ++++++++ 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/datadog/Chart.yaml b/stable/datadog/Chart.yaml index 26319f363293..134a84938a4c 100755 --- a/stable/datadog/Chart.yaml +++ b/stable/datadog/Chart.yaml @@ -1,5 +1,5 @@ name: datadog -version: 1.21.0 +version: 1.21.1 appVersion: 6.9.0 description: DataDog Agent keywords: diff --git a/stable/datadog/README.md b/stable/datadog/README.md index 1ef50d3f797f..45031ffbc042 100644 --- a/stable/datadog/README.md +++ b/stable/datadog/README.md @@ -230,3 +230,11 @@ Standard paths are: - Containerd socket: `/var/run/containerd/containerd.sock` - Cri-o socket: `/var/run/crio/crio.sock` + +## Updating + +### From < 1.19.0 to >= 1.19.0 + +Version `1.19.0` introduces the use of release name as full name if it contains the chart name(`datadog` in this case). +E.g. with a release name of `datadog`, this renames the `DaemonSet` from `datadog-datadog` to `datadog`. +The suggested approach is to delete the release and reinstall it. \ No newline at end of file From a27b06f06b5418a4a60da29c03c17e73e58b5f3e Mon Sep 17 00:00:00 2001 From: Victor Boissiere Date: Tue, 19 Feb 2019 13:32:12 +0100 Subject: [PATCH 0222/1586] [stable/rabbitmq] Add priorityClassName (#11108) * Add rabbitmq priority class name Signed-off-by: Victor Boissiere * Bump rabbitmq chart version Signed-off-by: Victor Boissiere --- stable/rabbitmq/Chart.yaml | 2 +- stable/rabbitmq/README.md | 1 + stable/rabbitmq/templates/statefulset.yaml | 3 +++ stable/rabbitmq/values-production.yaml | 4 ++++ stable/rabbitmq/values.yaml | 4 ++++ 5 files changed, 13 insertions(+), 1 deletion(-) diff --git a/stable/rabbitmq/Chart.yaml b/stable/rabbitmq/Chart.yaml index 29f14813d6e0..7869fd23d02a 100644 --- a/stable/rabbitmq/Chart.yaml +++ b/stable/rabbitmq/Chart.yaml @@ -1,5 +1,5 @@ name: rabbitmq -version: 4.2.1 +version: 4.3.0 appVersion: 3.7.12 description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) keywords: diff --git a/stable/rabbitmq/README.md b/stable/rabbitmq/README.md index 4994376773a0..984868204fe0 100644 --- a/stable/rabbitmq/README.md +++ b/stable/rabbitmq/README.md @@ -79,6 +79,7 @@ The following table lists the configurable parameters of the RabbitMQ chart and | `securityContext.fsGroup` | Group ID for the container | `1001` | | `securityContext.runAsUser` | User ID for the container | `1001` | | `resources` | resource needs and limits to apply to the pod | {} | +| `priorityClassName` | Pod priority class name | `` | | `nodeSelector` | Node labels for pod assignment | {} | | `affinity` | Affinity settings for pod assignment | {} | | `tolerations` | Toleration labels for pod assignment | [] | diff --git a/stable/rabbitmq/templates/statefulset.yaml b/stable/rabbitmq/templates/statefulset.yaml index 185f28bd38d4..5c3f0573f649 100644 --- a/stable/rabbitmq/templates/statefulset.yaml +++ b/stable/rabbitmq/templates/statefulset.yaml @@ -40,6 +40,9 @@ spec: {{- if .Values.affinity }} affinity: {{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} {{- end }} {{- if .Values.nodeSelector }} nodeSelector: diff --git a/stable/rabbitmq/values-production.yaml b/stable/rabbitmq/values-production.yaml index 889003697c75..7745b286acba 100644 --- a/stable/rabbitmq/values-production.yaml +++ b/stable/rabbitmq/values-production.yaml @@ -151,6 +151,10 @@ resources: ## Replica count, set to 3 to provide a default available cluster replicas: 3 +## Pod priority +## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +# priorityClassName: "" + ## Node labels and tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature diff --git a/stable/rabbitmq/values.yaml b/stable/rabbitmq/values.yaml index cacbdc219af3..1011a0ab71b0 100644 --- a/stable/rabbitmq/values.yaml +++ b/stable/rabbitmq/values.yaml @@ -149,6 +149,10 @@ resources: {} ## Replica count, set to 1 to provide a default available cluster replicas: 1 +## Pod priority +## https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ +# priorityClassName: "" + ## Node labels and tolerations for pod assignment ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature From 23c3e66dc2a26eade3afef9405722ee22570772f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?N=C3=A9stor=20Salceda?= Date: Tue, 19 Feb 2019 13:39:51 +0100 Subject: [PATCH 0223/1586] Revert the checksum annotations (#11283) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The sysdig agent automatically restarts when it detects a configuration change. Signed-off-by: Néstor Salceda --- stable/sysdig/CHANGELOG.md | 12 ++++++++++++ stable/sysdig/Chart.yaml | 2 +- stable/sysdig/templates/daemonset.yaml | 3 --- 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/stable/sysdig/CHANGELOG.md b/stable/sysdig/CHANGELOG.md index a30f2986b923..a62f7c738249 100644 --- a/stable/sysdig/CHANGELOG.md +++ b/stable/sysdig/CHANGELOG.md @@ -3,6 +3,12 @@ This file documents all notable changes to Sysdig Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v1.3.1 + +### Minor Changes + +* Revert v1.2.1 changes. The agent automatically restarts when detects a change in the configuration. + ## v1.3.0 ### Major Changes @@ -12,6 +18,12 @@ numbering uses [semantic versioning](http://semver.org). * Mount /run and /var/run instead of Docker socket. It allows to access CRI / containerd socket. * Avoid floating references for the image. +## v1.2.2 + +### Minor Changes + +* Fix value in the agent tags example. + ## v1.2.1 ### Minor Changes diff --git a/stable/sysdig/Chart.yaml b/stable/sysdig/Chart.yaml index fa08faf04600..e004bad072f8 100755 --- a/stable/sysdig/Chart.yaml +++ b/stable/sysdig/Chart.yaml @@ -1,5 +1,5 @@ name: sysdig -version: 1.3.0 +version: 1.3.1 appVersion: 0.88.1 description: Sysdig Monitor and Secure agent keywords: diff --git a/stable/sysdig/templates/daemonset.yaml b/stable/sysdig/templates/daemonset.yaml index f990fafeb3a9..2565f99acf1d 100644 --- a/stable/sysdig/templates/daemonset.yaml +++ b/stable/sysdig/templates/daemonset.yaml @@ -15,9 +15,6 @@ spec: labels: app: {{ template "sysdig.fullname" .}} role: monitoring - annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} - checksum/custom-app-checks: {{ include (print $.Template.BasePath "/configmap-custom-app-checks.yaml") . | sha256sum }} spec: serviceAccountName: {{ template "sysdig.serviceAccountName" .}} tolerations: From dd1d1031ba3d5c15e67819e241df4e68599c2bd7 Mon Sep 17 00:00:00 2001 From: Johnny You Date: Tue, 19 Feb 2019 21:51:42 +0900 Subject: [PATCH 0224/1586] [stable/postgresql] add `postgresqlExtendedConf` for stateful slave (#11403) Signed-off-by: LittleWhiteYA --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/templates/statefulset-slaves.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 6ccd5e61cc07..e41fe8c35db5 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.11.4 +version: 3.11.5 appVersion: 10.7.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml index 186730f541d8..7c1d7d98cdd2 100644 --- a/stable/postgresql/templates/statefulset-slaves.yaml +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -166,7 +166,7 @@ spec: - name: data mountPath: {{ .Values.persistence.mountPath }} {{ end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.extendedConfConfigMap }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - name: postgresql-extended-config mountPath: /bitnami/postgresql/conf/conf.d/ {{- end }} @@ -185,7 +185,7 @@ spec: configMap: name: {{ template "postgresql.configurationCM" . }} {{- end }} - {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.extendedConfConfigMap }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.postgresqlExtendedConf .Values.extendedConfConfigMap }} - name: postgresql-extended-config configMap: name: {{ template "postgresql.extendedConfigurationCM" . }} From ccfb3d0417487adcb327fb1e6ddf4073dd0a2e49 Mon Sep 17 00:00:00 2001 From: Nik Voss Date: Tue, 19 Feb 2019 14:04:59 +0100 Subject: [PATCH 0225/1586] Fixed configmap dashboard problems, when no custom files are provided. (#11034) Signed-off-by: Niklas Voss --- stable/prometheus-operator/Chart.yaml | 2 +- .../templates/grafana/configmap-dashboards.yaml | 7 +++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index b1ff65dc7c4f..ec6ab495a1f7 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.2.6 +version: 2.2.7 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/templates/grafana/configmap-dashboards.yaml b/stable/prometheus-operator/templates/grafana/configmap-dashboards.yaml index 2eab290256aa..0289154b9f61 100644 --- a/stable/prometheus-operator/templates/grafana/configmap-dashboards.yaml +++ b/stable/prometheus-operator/templates/grafana/configmap-dashboards.yaml @@ -1,8 +1,10 @@ {{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} +{{- $files := .Files.Glob "dashboards/*.json" }} +{{- if $files }} apiVersion: v1 kind: ConfigMapList items: -{{- range $path, $fileContents := .Files.Glob "dashboards/*.json" }} +{{- range $path, $fileContents := $files }} {{- $dashboardName := regexReplaceAll "(^.*/)(.*)\\.json$" $path "${2}" }} - apiVersion: v1 kind: ConfigMap @@ -17,4 +19,5 @@ items: data: {{ $dashboardName }}.json: {{ $.Files.Get $path | toJson }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} +{{- end }} From 4de9a954d7c7bbce59444c51a3971e71c736cd59 Mon Sep 17 00:00:00 2001 From: gdmello Date: Tue, 19 Feb 2019 08:31:50 -0500 Subject: [PATCH 0226/1586] Fix "ReadString: expects " or n, but found t, error found in #10 byte of ...|thStyle":true,"s3Url|..., bigger context ..." (#11427) Signed-off-by: gdmello --- stable/ark/Chart.yaml | 2 +- stable/ark/templates/backupstoragelocation.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/ark/Chart.yaml b/stable/ark/Chart.yaml index e114397aff43..07de839da149 100644 --- a/stable/ark/Chart.yaml +++ b/stable/ark/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.10.1 description: A Helm chart for ark name: ark -version: 3.0.0 +version: 3.0.1 home: https://github.com/heptio/ark icon: https://cdn-images-1.medium.com/max/1600/1*-9mb3AKnKdcL_QD3CMnthQ.png sources: diff --git a/stable/ark/templates/backupstoragelocation.yaml b/stable/ark/templates/backupstoragelocation.yaml index 0816947118eb..63c066568eaf 100644 --- a/stable/ark/templates/backupstoragelocation.yaml +++ b/stable/ark/templates/backupstoragelocation.yaml @@ -20,7 +20,7 @@ spec: region: {{ . }} {{- end }} {{- with .s3ForcePathStyle }} - s3ForcePathStyle: {{ . }} + s3ForcePathStyle: {{ . | quote }} {{- end }} {{- with .s3Url }} s3Url: {{ . }} From 5a2a613a1a5781f4a3b5f5c611afa961409bdfef Mon Sep 17 00:00:00 2001 From: Xavier Vello Date: Tue, 19 Feb 2019 14:56:57 +0100 Subject: [PATCH 0227/1586] etc/password is automatically added, document it (#11529) Signed-off-by: Xavier Vello --- stable/datadog/Chart.yaml | 2 +- stable/datadog/values.yaml | 15 ++++++--------- 2 files changed, 7 insertions(+), 10 deletions(-) diff --git a/stable/datadog/Chart.yaml b/stable/datadog/Chart.yaml index 134a84938a4c..ffa2b7e74b75 100755 --- a/stable/datadog/Chart.yaml +++ b/stable/datadog/Chart.yaml @@ -1,5 +1,5 @@ name: datadog -version: 1.21.1 +version: 1.21.2 appVersion: 6.9.0 description: DataDog Agent keywords: diff --git a/stable/datadog/values.yaml b/stable/datadog/values.yaml index f83fd385cd06..64959997267d 100644 --- a/stable/datadog/values.yaml +++ b/stable/datadog/values.yaml @@ -206,6 +206,7 @@ datadog: # apmEnabled: true ## Un-comment this to enable live process monitoring + ## /etc/passwd will automatically be mounted to allow username resolution ## ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset ## # processAgentEnabled: true @@ -217,18 +218,14 @@ datadog: # - name: # value: - ## The dd-agent supports detailed process and container monitoring and - ## requires control over the volume and volumeMounts for the daemonset - ## or deployment. - ## ref: https://docs.datadoghq.com/guides/process/ - ## + ## If needed, you can specify additionnal volumes to mount in the dd-agent container # volumes: # - hostPath: - # path: /etc/passwd - # name: passwd + # path: /host/path + # name: myvolume # volumeMounts: - # - name: passwd - # mountPath: /etc/passwd + # - name: myvolume + # mountPath: /container/path # readOnly: true ## Enable leader election mechanism for event collection From 7a098df7a6a4ab9c51c20e6ae21309de2f3bfce8 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Tue, 19 Feb 2019 15:16:09 +0100 Subject: [PATCH 0228/1586] set keepNamespaces to false when testing on ci (#11531) Signed-off-by: Carlos Panato --- stable/concourse/Chart.yaml | 2 +- stable/concourse/ci/default-values.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) create mode 100644 stable/concourse/ci/default-values.yaml diff --git a/stable/concourse/Chart.yaml b/stable/concourse/Chart.yaml index 5f81dce9a20e..634054d25381 100644 --- a/stable/concourse/Chart.yaml +++ b/stable/concourse/Chart.yaml @@ -1,5 +1,5 @@ name: concourse -version: 3.7.3 +version: 3.7.4 appVersion: 4.2.2 description: Concourse is a simple and scalable CI system. icon: https://avatars1.githubusercontent.com/u/7809479 diff --git a/stable/concourse/ci/default-values.yaml b/stable/concourse/ci/default-values.yaml new file mode 100644 index 000000000000..182342ee46eb --- /dev/null +++ b/stable/concourse/ci/default-values.yaml @@ -0,0 +1,4 @@ +concourse: + web: + kubernetes: + keepNamespaces: false From 9de96faa0e7f34c8190827501138e53aba417ac4 Mon Sep 17 00:00:00 2001 From: Erik Aaron Hansen Date: Tue, 19 Feb 2019 15:27:33 +0100 Subject: [PATCH 0229/1586] [stable/jenkins] Support custom master pod labels in deployment (#9714) (#11511) * [stable/jenkins] Support custom master pod labels in deployment (#9714) (#11508) Signed-off-by: Erik Aaron Hansen * [stable/jenkins] Version bump Signed-off-by: Erik Aaron Hansen * [stable/jenkins] Version bump Signed-off-by: Erik Aaron Hansen --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/README.md | 1 + stable/jenkins/templates/jenkins-master-deployment.yaml | 3 +++ stable/jenkins/values.yaml | 4 +++- 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index 427161b6e805..aa2d6971bfbc 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.32.7 +version: 0.32.8 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index 61bdc3b11c36..d0f6739ad359 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -42,6 +42,7 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.AuthorizationStrategy` | Jenkins XML job config for AuthorizationStrategy | Not set | | `Master.DeploymentLabels` | Custom Deployment labels | Not set | | `Master.ServiceLabels` | Custom Service labels | Not set | +| `Master.PodLabels` | Custom Pod labels | Not set | | `Master.AdminUser` | Admin username (and password) created as a secret if useSecurity is true | `admin` | | `Master.AdminPassword` | Admin password (and user) created as a secret if useSecurity is true | Random value | | `Master.JenkinsAdminEmail` | Email address for the administrator of the Jenkins instance | Not set | diff --git a/stable/jenkins/templates/jenkins-master-deployment.yaml b/stable/jenkins/templates/jenkins-master-deployment.yaml index 5b886bcd8c55..79e59afe14ac 100644 --- a/stable/jenkins/templates/jenkins-master-deployment.yaml +++ b/stable/jenkins/templates/jenkins-master-deployment.yaml @@ -30,6 +30,9 @@ spec: release: {{ .Release.Name | quote }} chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" component: "{{ .Release.Name }}-{{ .Values.Master.Component }}" + {{- range $key, $val := .Values.Master.PodLabels }} + {{ $key }}: {{ $val | quote }} + {{- end}} annotations: checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} {{- if .Values.Master.PodAnnotations }} diff --git a/stable/jenkins/values.yaml b/stable/jenkins/values.yaml index 4d3e9b093385..6bcf59398864 100644 --- a/stable/jenkins/values.yaml +++ b/stable/jenkins/values.yaml @@ -72,12 +72,14 @@ Master: # Master Service annotations ServiceAnnotations: {} # Master Custom Labels - DeploymentLabels: + DeploymentLabels: {} # foo: bar # bar: foo # Master Service Labels ServiceLabels: {} # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https + # Put labels on jeknins-master pod + PodLabels: {} # Used to create Ingress record (should used with ServiceType: ClusterIP) # HostName: jenkins.cluster.local # NodePort: Date: Tue, 19 Feb 2019 16:59:17 +0100 Subject: [PATCH 0230/1586] [stable/sysdig] Add resource limits and enable rollingUpdate strategy by default (#11535) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Provide a sane default resource limits for the Agent installation Signed-off-by: Néstor Salceda * Update the Sysdig Agent using rolling updates by default This configuration also supports the old OnDelete strategy and allows you to tune the maxUnavailable, maxSurge or minReadySeconds Signed-off-by: Néstor Salceda * Update Chart version and update CHANGELOG Signed-off-by: Néstor Salceda * Limit also the CPU used per Agent Signed-off-by: Néstor Salceda * Update CPU limit setting in the README Signed-off-by: Néstor Salceda --- stable/sysdig/CHANGELOG.md | 7 ++++++ stable/sysdig/Chart.yaml | 2 +- stable/sysdig/README.md | 35 +++++++++++++++----------- stable/sysdig/templates/daemonset.yaml | 2 +- stable/sysdig/values.yaml | 30 +++++++++++----------- 5 files changed, 45 insertions(+), 31 deletions(-) diff --git a/stable/sysdig/CHANGELOG.md b/stable/sysdig/CHANGELOG.md index a62f7c738249..2ecf65a10356 100644 --- a/stable/sysdig/CHANGELOG.md +++ b/stable/sysdig/CHANGELOG.md @@ -3,6 +3,13 @@ This file documents all notable changes to Sysdig Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v1.3.2 + +### Minor Changes + +* Provide sane defaults resources for the Sysdig Agent. +* Use RollingUpdate strategy by default. + ## v1.3.1 ### Minor Changes diff --git a/stable/sysdig/Chart.yaml b/stable/sysdig/Chart.yaml index e004bad072f8..7d122e4b8941 100755 --- a/stable/sysdig/Chart.yaml +++ b/stable/sysdig/Chart.yaml @@ -1,5 +1,5 @@ name: sysdig -version: 1.3.1 +version: 1.3.2 appVersion: 0.88.1 description: Sysdig Monitor and Secure agent keywords: diff --git a/stable/sysdig/README.md b/stable/sysdig/README.md index 432e28969bfd..b1db4c2f82ea 100644 --- a/stable/sysdig/README.md +++ b/stable/sysdig/README.md @@ -38,21 +38,26 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the Sysdig chart and their default values. -| Parameter | Description | Default | -| --- | --- | --- | -| `image.registry` | Sysdig agent image registry | `docker.io` | -| `image.repository` | The image repository to pull from | `sysdig/agent` | -| `image.tag` | The image tag to pull | `0.88.1` | -| `image.pullPolicy` | The Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Image pull secrets | `nil` | -| `rbac.create` | If true, create & use RBAC resources | `true` | -| `serviceAccount.create` | Create serviceAccount | `true` | -| `serviceAccount.name` | Use this value as serviceAccountName | ` ` | -| `sysdig.accessKey` | Your Sysdig Monitor Access Key | `Nil` You must provide your own key | -| `sysdig.settings` | Settings for agent's configuration file | `{}` | -| `secure.enabled` | Enable Sysdig Secure | `false` | -| `customAppChecks` | The custom app checks deployed with your agent | `{}` | -| `tolerations` | The tolerations for scheduling | `node-role.kubernetes.io/master:NoSchedule` | +| Parameter | Description | Default | +| --- | --- | --- | +| `image.registry` | Sysdig agent image registry | `docker.io` | +| `image.repository` | The image repository to pull from | `sysdig/agent` | +| `image.tag` | The image tag to pull | `0.88.1` | +| `image.pullPolicy` | The Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets | `nil` | +| `resources.requests.cpu` | CPU requested for being run in a node | `100m` | +| `resources.requests.memory` | Memory requested for being run in a node | `512Mi` | +| `resources.limits.cpu` | CPU limit | `200m` | +| `resources.limits.memory` | Memory limit | `1024Mi` | +| `rbac.create` | If true, create & use RBAC resources | `true` | +| `serviceAccount.create` | Create serviceAccount | `true` | +| `serviceAccount.name` | Use this value as serviceAccountName | ` ` | +| `daemonset.updateStrategy.type` | The updateStrategy for updating the daemonset | `RollingUpdate` | +| `sysdig.accessKey` | Your Sysdig Monitor Access Key | `Nil` You must provide your own key | +| `sysdig.settings` | Settings for agent's configuration file | `{}` | +| `secure.enabled` | Enable Sysdig Secure | `false` | +| `customAppChecks` | The custom app checks deployed with your agent | `{}` | +| `tolerations` | The tolerations for scheduling | `node-role.kubernetes.io/master:NoSchedule` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/sysdig/templates/daemonset.yaml b/stable/sysdig/templates/daemonset.yaml index 2565f99acf1d..7a0d87007262 100644 --- a/stable/sysdig/templates/daemonset.yaml +++ b/stable/sysdig/templates/daemonset.yaml @@ -107,5 +107,5 @@ spec: name: {{ template "sysdig.fullname" . }}-custom-app-checks {{- end }} updateStrategy: - type: {{ default "OnDelete" .Values.daemonset.updateStrategy | quote }} +{{ toYaml .Values.daemonset.updateStrategy | indent 4 }} {{- end }} diff --git a/stable/sysdig/values.yaml b/stable/sysdig/values.yaml index 550e51be874b..660a7dc2829b 100644 --- a/stable/sysdig/values.yaml +++ b/stable/sysdig/values.yaml @@ -15,17 +15,16 @@ image: # pullSecrets: # - name: myRegistrKeySecretName -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 30m - # memory: 128Mi - # requests: - # cpu: 20m - # memory: 128Mi +resources: + # Although resources needed are subjective on the actual workload we provide + # a sane defaults ones. If you have more questions or concerns, please refer + # to Sysdig Support for more info about it + requests: + cpu: 100m + memory: 512Mi + limits: + cpu: 200m + memory: 1024Mi rbac: # true here enables creation of rbac resources @@ -37,10 +36,13 @@ serviceAccount: # Use this value as serviceAccountName name: -daemonset: {} - # Allow the DaemonSet to perform a rolling update on helm update +daemonset: + # Perform rolling updates by default in the DaemonSet agent # ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ - # updateStrategy: RollingUpdate + updateStrategy: + # You can also customize maxUnavailable, maxSurge or minReadySeconds if you + # need it + type: RollingUpdate sysdig: # Required: You need your Sysdig Monitor access key before running agents. From 1054663825bfe72302c68f661ef33cee376730fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20de=20Saint=20Martin?= Date: Tue, 19 Feb 2019 17:47:21 +0100 Subject: [PATCH 0231/1586] [Documentation] Document how to test a Chart in the Review Guidelines. (#10633) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [Documentation] Document how to test a Chart in the Review Guidelines. Signed-off-by: Cédric de Saint Martin * Oops, documentation already exists: improve it, points to it. Signed-off-by: Cédric de Saint Martin * eg instead of example. Signed-off-by: Cédric de Saint Martin * helm chart test != this test tool but still related. Signed-off-by: Cédric de Saint Martin * Better english. Signed-off-by: Cédric de Saint Martin * Better way to state that we need empty file for default values. Signed-off-by: Cédric de Saint Martin * English. Signed-off-by: Cédric de Saint Martin --- REVIEW_GUIDELINES.md | 10 ++++++++++ test/README.md | 10 +++++++++- 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/REVIEW_GUIDELINES.md b/REVIEW_GUIDELINES.md index eadf19519081..979578a29da5 100644 --- a/REVIEW_GUIDELINES.md +++ b/REVIEW_GUIDELINES.md @@ -349,3 +349,13 @@ While reviewing Charts that contain workloads such as [Deployments](https://kube 10. As much as possible complex pre-app setups are configured using [init containers](https://kubernetes.io/docs/concepts/workloads/pods/init-containers/). More [configuration](https://kubernetes.io/docs/concepts/configuration/overview/) best practices. + + +## Tests + +This repository follows a [test procedure](https://github.com/helm/charts/blob/master/test/README.md). This allows the charts of this repository to be tested according to several rules (linting, semver checking, deployment testing, etc) for every Pull Request. + +The `ci` directory of a given Chart allows testing different use cases, by allowing you to define different sets of values overriding `values.yaml`, one file per set. See the [documentation](https://github.com/helm/charts/blob/master/test/README.md#providing-custom-test-values) for more information. + +This directory MUST exist with at least one test file in it. + diff --git a/test/README.md b/test/README.md index 49b4f9900621..92a8b058f225 100644 --- a/test/README.md +++ b/test/README.md @@ -19,6 +19,8 @@ The static analysis currently: ### Operational Testing +Operational testing allows deploying a Release for the changed Helm Chart to test it. + #### Procedure Pull requests testing is run via the [Kubernetes Test Infrastructure](https://github.com/kubernetes/test-infra). @@ -34,10 +36,16 @@ The testing logic has been extrated to the [chart-testing](https://github.com/ku #### Providing Custom Test Values -Testing charts with default values may not be suitable in all cases. For instance, charts may require some values to be set which should not be part of the chart's default `values.yaml` (such as keys etc.). Furthermore, it may be desirable to test a chart with different configurations. +Testing charts with default values may not be suitable in all cases. For instance, charts may require some values to be set which should not be part of the chart's default `values.yaml` (such as keys etc.). Furthermore, it is often desirable to test a chart with different configurations, reflecting different use cases (e.g. setting a password instead of using the default generated one, activating persistence instead of using the default emptyDir volume, etc.). In order to enable custom test values, create a directory `ci` in the chart's directory and add any number of `*-values.yaml` files to this directory. Only files with a suffix `-values.yaml` are considered. Instead of using the defaults, the chart is then installed and tested separately for each of these files using the `--values` flag. +Please note that in order to test using the default values when using the `ci` directory, an empty values file must be present in the directory. + +For examples, you can take a look at existing tests in this repository (e.g. [Kibana Chart](https://github.com/helm/charts/tree/7755cea24c028db07e2e36933ec13c28efea9a32/stable/kibana/ci)). + +Please also note that it is a different concept than "[Helm Chart Test](https://github.com/helm/helm/blob/master/docs/chart_tests.md)", although the Helm Chart test, if defined, will be run by this test tool for each test values. + #### Triggering In order for the tests to be kicked off one of the From 294d448c6d92ee0a6480578c6df059821e472392 Mon Sep 17 00:00:00 2001 From: Omer Levi Hevroni Date: Tue, 19 Feb 2019 20:05:48 +0200 Subject: [PATCH 0232/1586] [kuberhealthy] added nodes to cluster role (#11473) * added nodes to cluster role Signed-off-by: omerlh * bump version Signed-off-by: omerlh --- stable/kuberhealthy/Chart.yaml | 2 +- stable/kuberhealthy/templates/clusterrole.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/stable/kuberhealthy/Chart.yaml b/stable/kuberhealthy/Chart.yaml index bc83f8d60901..860d8d6ac264 100644 --- a/stable/kuberhealthy/Chart.yaml +++ b/stable/kuberhealthy/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "1.0.0" home: https://comcast.github.io/kuberhealthy/ description: The official Helm chart for Kuberhealthy. name: kuberhealthy -version: 1.0.1 +version: 1.0.2 maintainers: - name: integrii email: eric.greer@comcast.com diff --git a/stable/kuberhealthy/templates/clusterrole.yaml b/stable/kuberhealthy/templates/clusterrole.yaml index ea2e4214d20d..25a404d4aa2c 100644 --- a/stable/kuberhealthy/templates/clusterrole.yaml +++ b/stable/kuberhealthy/templates/clusterrole.yaml @@ -9,6 +9,7 @@ rules: - pods - namespaces - componentstatuses + - nodes verbs: - get - list From 85c63f053e9f68340104ec79195e75e89046df04 Mon Sep 17 00:00:00 2001 From: "David J. M. Karlsen" Date: Tue, 19 Feb 2019 20:13:54 +0100 Subject: [PATCH 0233/1586] add securityContext to allow running with strict PSP (#11547) Signed-off-by: David J. M. Karlsen --- stable/kuberhealthy/Chart.yaml | 2 +- stable/kuberhealthy/README.md | 5 +++++ stable/kuberhealthy/templates/deployment.yaml | 2 ++ stable/kuberhealthy/values.yaml | 6 ++++++ 4 files changed, 14 insertions(+), 1 deletion(-) diff --git a/stable/kuberhealthy/Chart.yaml b/stable/kuberhealthy/Chart.yaml index 860d8d6ac264..8fccf6f85898 100644 --- a/stable/kuberhealthy/Chart.yaml +++ b/stable/kuberhealthy/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "1.0.0" home: https://comcast.github.io/kuberhealthy/ description: The official Helm chart for Kuberhealthy. name: kuberhealthy -version: 1.0.2 +version: 1.1.0 maintainers: - name: integrii email: eric.greer@comcast.com diff --git a/stable/kuberhealthy/README.md b/stable/kuberhealthy/README.md index 31b30c3f4c0a..93ea6999f8bd 100644 --- a/stable/kuberhealthy/README.md +++ b/stable/kuberhealthy/README.md @@ -54,6 +54,11 @@ deployment: maxUnavailable: 1 imagePullPolicy: IfNotPresent namespace: kuberhealthy +securityContext: # default container security context + runAsNonRoot: true + runAsUser: 999 + fsGroup: 999 + allowPrivilegeEscalation: false ``` diff --git a/stable/kuberhealthy/templates/deployment.yaml b/stable/kuberhealthy/templates/deployment.yaml index 6ad4e85c8be9..27456c274912 100644 --- a/stable/kuberhealthy/templates/deployment.yaml +++ b/stable/kuberhealthy/templates/deployment.yaml @@ -30,6 +30,8 @@ spec: automountServiceAccountToken: true containers: - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + securityContext: + {{- toYaml .Values.securityContext | nindent 10 -}} imagePullPolicy: {{ .Values.deployment.imagePullPolicy }} livenessProbe: failureThreshold: 3 diff --git a/stable/kuberhealthy/values.yaml b/stable/kuberhealthy/values.yaml index 7fab74ad4d68..6236f76a870c 100644 --- a/stable/kuberhealthy/values.yaml +++ b/stable/kuberhealthy/values.yaml @@ -31,6 +31,12 @@ deployment: maxUnavailable: 1 imagePullPolicy: IfNotPresent +securityContext: + runAsNonRoot: true + runAsUser: 999 + fsGroup: 999 + allowPrivilegeEscalation: false + # Please remember that changing the service type to LoadBalancer # will expose Kuberhealthy to the internet, which could cause # error messages shown by Kuberhealthy to be exposed to the From 87a1489cb7d8b6c864da158a07b49f6110eb8a9a Mon Sep 17 00:00:00 2001 From: RaduBerinde Date: Tue, 19 Feb 2019 15:26:35 -0500 Subject: [PATCH 0234/1586] cockroachdb: Update version to 2.1.5 (#11540) Signed-off-by: Radu Berinde --- stable/cockroachdb/Chart.yaml | 4 ++-- stable/cockroachdb/README.md | 2 +- stable/cockroachdb/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/cockroachdb/Chart.yaml b/stable/cockroachdb/Chart.yaml index bf7db185c594..61ce124fbfa3 100755 --- a/stable/cockroachdb/Chart.yaml +++ b/stable/cockroachdb/Chart.yaml @@ -1,7 +1,7 @@ name: cockroachdb home: https://www.cockroachlabs.com -version: 2.0.10 -appVersion: 2.1.4 +version: 2.0.11 +appVersion: 2.1.5 description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png sources: diff --git a/stable/cockroachdb/README.md b/stable/cockroachdb/README.md index a4e43eebdf1d..18a41b5fbe79 100644 --- a/stable/cockroachdb/README.md +++ b/stable/cockroachdb/README.md @@ -69,7 +69,7 @@ The following table lists the configurable parameters of the CockroachDB chart a | ------------------------------ | ------------------------------------------------ | ----------------------------------------- | | `Name` | Chart name | `cockroachdb` | | `Image` | Container image name | `cockroachdb/cockroach` | -| `ImageTag` | Container image tag | `v2.1.4` | +| `ImageTag` | Container image tag | `v2.1.5` | | `ImagePullPolicy` | Container pull policy | `Always` | | `Replicas` | k8s statefulset replicas | `3` | | `MaxUnavailable` | k8s PodDisruptionBudget parameter | `1` | diff --git a/stable/cockroachdb/values.yaml b/stable/cockroachdb/values.yaml index 7ee05aabba7a..a49fcb65660d 100644 --- a/stable/cockroachdb/values.yaml +++ b/stable/cockroachdb/values.yaml @@ -5,7 +5,7 @@ Name: "cockroachdb" Image: "cockroachdb/cockroach" -ImageTag: "v2.1.4" +ImageTag: "v2.1.5" ImagePullPolicy: "Always" Replicas: 3 MaxUnavailable: 1 From e5c66bb3cc8f48450f71de5de4d1f70771899581 Mon Sep 17 00:00:00 2001 From: Viktor Radnai Date: Tue, 19 Feb 2019 22:43:27 +0000 Subject: [PATCH 0235/1586] Prometheus operator grafana servicemonitor (#11545) * [stable/prometheus-operator] Add ServiceMonitor for bundled Grafana Signed-off-by: Viktor Radnai * Update documentation (also for alertmanager monitoring) Signed-off-by: Viktor Radnai * Bump chart version Signed-off-by: Viktor Radnai * Add grafana selfMonitor setting to ci/test-values.yaml Signed-off-by: Viktor Radnai --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 2 ++ .../prometheus-operator/ci/test-values.yaml | 4 ++++ .../templates/grafana/servicemonitor.yaml | 21 +++++++++++++++++++ stable/prometheus-operator/values.yaml | 4 ++++ 5 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 stable/prometheus-operator/templates/grafana/servicemonitor.yaml diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index ec6ab495a1f7..575fcdc215d0 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.2.7 +version: 2.3.0 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index f815825a5b15..fcda20636d5f 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -189,6 +189,7 @@ The following tables lists the configurable parameters of the prometheus-operato | Parameter | Description | Default | | ----- | ----------- | ------ | | `alertmanager.enabled` | Deploy alertmanager | `true` | +| `alertmanager.serviceMonitor.selfMonitor` | Create a `serviceMonitor` to automatically monitor the alartmanager instance | `true` | | `alertmanager.serviceAccount.create` | Create a `serviceAccount` for alertmanager | `true` | | `alertmanager.serviceAccount.name` | Name for Alertmanager service account | `""` | | `alertmanager.podDisruptionBudget.enabled` | If true, create a pod disruption budget for Alertmanager pods. The created resource cannot be modified once created - it must be deleted to perform a change | `true` | @@ -236,6 +237,7 @@ The following tables lists the configurable parameters of the prometheus-operato | Parameter | Description | Default | | ----- | ----------- | ------ | | `grafana.enabled` | If true, deploy the grafana sub-chart | `true` | +| `grafana.serviceMonitor.selfMonitor` | Create a `serviceMonitor` to automatically monitor the grafana instance | `true` | | `grafana.adminPassword` | Admin password to log into the grafana UI | "prom-operator" | | `grafana.defaultDashboardsEnabled` | Deploy default dashboards. These are loaded using the sidecar | `true` | | `grafana.ingress.enabled` | Enables Ingress for Grafana | `false` | diff --git a/stable/prometheus-operator/ci/test-values.yaml b/stable/prometheus-operator/ci/test-values.yaml index b930b95aac11..61b1da4547a8 100644 --- a/stable/prometheus-operator/ci/test-values.yaml +++ b/stable/prometheus-operator/ci/test-values.yaml @@ -355,6 +355,10 @@ grafana: # configMap: certs-configmap # readOnly: true + ## If true, create a serviceMonitor for grafana + ## + serviceMonitor: + selfMonitor: true ## Component scraping the kube api server ## diff --git a/stable/prometheus-operator/templates/grafana/servicemonitor.yaml b/stable/prometheus-operator/templates/grafana/servicemonitor.yaml new file mode 100644 index 000000000000..954a842c3f4e --- /dev/null +++ b/stable/prometheus-operator/templates/grafana/servicemonitor.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.grafana.enabled .Values.grafana.serviceMonitor.selfMonitor }} +apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} +kind: ServiceMonitor +metadata: + name: {{ template "prometheus-operator.fullname" . }}-grafana + labels: + app: {{ template "prometheus-operator.name" . }}-grafana +{{ include "prometheus-operator.labels" . | indent 4 }} +spec: + selector: + matchLabels: + app: grafana + release: {{ .Release.Name | quote }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace | quote }} + endpoints: + - port: service + interval: 30s + path: "{{ trimSuffix "/" .Values.grafana.ingress.path }}/metrics" +{{- end }} diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index f3666abbdda2..75ee59770887 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -355,6 +355,10 @@ grafana: # configMap: certs-configmap # readOnly: true + ## If true, create a serviceMonitor for grafana + ## + serviceMonitor: + selfMonitor: true ## Component scraping the kube api server ## From fa4468c8cab5dd5a511f3aa2bcab194217e5bb18 Mon Sep 17 00:00:00 2001 From: Maor Friedman Date: Wed, 20 Feb 2019 00:18:20 +0100 Subject: [PATCH 0236/1586] [stable/grafana] re-add raw json dashboards in addition to files (#11552) * [stable/grafana] re-add raw json dashboards in addition to files Signed-off-by: Maor Friedman * [stable/grafana] add documentation regarding dashboard import methods Signed-off-by: Maor Friedman --- stable/grafana/Chart.yaml | 2 +- stable/grafana/README.md | 32 +++++++++++++++++++ .../templates/dashboards-json-configmap.yaml | 9 ++++-- stable/grafana/values.yaml | 27 +++++++++------- 4 files changed, 55 insertions(+), 15 deletions(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index 353494aa9c4a..a2b0f9c03a5c 100755 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 2.0.1 +version: 2.0.2 appVersion: 5.4.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/README.md b/stable/grafana/README.md index ec1013556da1..98efab048854 100644 --- a/stable/grafana/README.md +++ b/stable/grafana/README.md @@ -93,6 +93,38 @@ The command removes all the Kubernetes components associated with the chart and | `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` | | `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` | +## Import dashboards + +There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: + +```yaml +dashboards: + default: + some-dashboard: + json: | + { + "annotations": + + ... + # Complete json file here + ... + + "title": "Some Dashboard", + "uid": "abcd1234", + "version": 1 + } + custom-dashboard: + # This is a path to a file inside the dashboards directory inside the chart directory + file: dashboards/custom-dashboard.json + prometheus-stats: + # Ref: https://grafana.com/dashboards/2 + gnetId: 2 + revision: 2 + datasource: Prometheus + local-dashboard: + url: https://raw.githubusercontent.com/user/repository/master/dashboards/dashboard.json +``` + ## BASE64 dashboards Dashboards could be storaged in a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit) diff --git a/stable/grafana/templates/dashboards-json-configmap.yaml b/stable/grafana/templates/dashboards-json-configmap.yaml index a72cde53d719..8e08aef435ea 100644 --- a/stable/grafana/templates/dashboards-json-configmap.yaml +++ b/stable/grafana/templates/dashboards-json-configmap.yaml @@ -14,9 +14,14 @@ metadata: dashboard-provider: {{ $provider }} data: {{- range $key, $value := $dashboards }} -{{- if hasKey $value "json" }} +{{- if (or (hasKey $value "json") (hasKey $value "file")) }} {{ print $key | indent 2 }}.json: -{{ toYaml ( $files.Get $value.json ) | indent 4}} +{{- if hasKey $value "json" }} +{{ $value.json | indent 4 }} +{{- end }} +{{- if hasKey $value "file" }} +{{ toYaml ( $files.Get $value.file ) | indent 4}} +{{- end }} {{- end }} {{- end }} {{- end }} diff --git a/stable/grafana/values.yaml b/stable/grafana/values.yaml index b39f69012fc5..f1dbc0bcd8eb 100644 --- a/stable/grafana/values.yaml +++ b/stable/grafana/values.yaml @@ -210,18 +210,21 @@ dashboardProviders: {} ## dashboards per provider, use provider name as key. ## dashboards: {} -# default: -# some-dashboard: -# json: dashboards/custom-dashboard.json -# prometheus-stats: -# gnetId: 2 -# revision: 2 -# datasource: Prometheus -# local-dashboard: -# url: https://example.com/repository/test.json -# local-dashboard-base64: -# url: https://example.com/repository/test-b64.json -# b64content: true + # default: + # some-dashboard: + # json: | + # $RAW_JSON + # custom-dashboard: + # file: dashboards/custom-dashboard.json + # prometheus-stats: + # gnetId: 2 + # revision: 2 + # datasource: Prometheus + # local-dashboard: + # url: https://example.com/repository/test.json + # local-dashboard-base64: + # url: https://example.com/repository/test-b64.json + # b64content: true ## Reference to external ConfigMap per provider. Use provider name as key and ConfiMap name as value. ## A provider dashboards must be defined either by external ConfigMaps or in values.yaml, not in both. From 8e8282d049b395cd080fd55e82c7b05873112d14 Mon Sep 17 00:00:00 2001 From: Goutham Veeramachaneni Date: Wed, 20 Feb 2019 01:29:12 -0500 Subject: [PATCH 0237/1586] Add ability to drop metrics from cAdvisor (#11173) * Add ability to drop metrics from cAdvisor Tons and tons of them are useless. Signed-off-by: Goutham Veeramachaneni * Add values to files Signed-off-by: Goutham Veeramachaneni --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 1 + stable/prometheus-operator/ci/test-values.yaml | 12 ++++++++++++ .../templates/exporters/kubelet/servicemonitor.yaml | 4 ++++ stable/prometheus-operator/values.yaml | 12 ++++++++++++ 5 files changed, 30 insertions(+), 1 deletion(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 575fcdc215d0..3f1f2687f7aa 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.3.0 +version: 2.3.1 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index fcda20636d5f..643d24e8b6cc 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -264,6 +264,7 @@ The following tables lists the configurable parameters of the prometheus-operato | `kubelet.enabled` | Deploy servicemonitor to scrape the kubelet service. See also `prometheusOperator.kubeletService` | `true` | | `kubelet.namespace` | Namespace where the kubelet is deployed. See also `prometheusOperator.kubeletService.namespace` | `kube-system` | | `kubelet.serviceMonitor.https` | Enable scraping of the kubelet over HTTPS. For more information, see https://github.com/coreos/prometheus-operator/issues/926 | `false` | +| `kubelet.serviceMonitor.cAdvisorMetricRelabelings` | The `metric_relabel_configs` for scraping cAdvisor. | `` | | `kubeControllerManager.enabled` | Deploy a `service` and `serviceMonitor` to scrape the Kubernetes controller-manager | `true` | | `kubeControllerManager.endpoints` | Endpoints where Controller-manager runs. Provide this if running Controller-manager outside the cluster | `[]` | | `kubeControllermanager.service.port` | Controller-manager port for the service runs on | `10252` | diff --git a/stable/prometheus-operator/ci/test-values.yaml b/stable/prometheus-operator/ci/test-values.yaml index 61b1da4547a8..1bbe7c692ee5 100644 --- a/stable/prometheus-operator/ci/test-values.yaml +++ b/stable/prometheus-operator/ci/test-values.yaml @@ -386,6 +386,18 @@ kubelet: ## https://github.com/coreos/prometheus-operator/issues/926 ## https: false + cAdvisorMetricRelabelings: + - sourceLabels: [__name__, image] + separator: ; + regex: container_([a-z_]+); + replacement: $1 + action: drop + - sourceLabels: [__name__] + separator: ; + regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + replacement: $1 + action: drop + ## Component scraping the kube controller manager ## diff --git a/stable/prometheus-operator/templates/exporters/kubelet/servicemonitor.yaml b/stable/prometheus-operator/templates/exporters/kubelet/servicemonitor.yaml index fb3b9a2284ec..d89b092f4b14 100644 --- a/stable/prometheus-operator/templates/exporters/kubelet/servicemonitor.yaml +++ b/stable/prometheus-operator/templates/exporters/kubelet/servicemonitor.yaml @@ -34,6 +34,10 @@ spec: path: /metrics/cadvisor interval: 30s honorLabels: true +{{- if .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings }} + metricRelabelings: +{{ toYaml .Values.kubelet.serviceMonitor.cAdvisorMetricRelabelings | indent 4 }} +{{- end }} {{- end }} jobLabel: k8s-app namespaceSelector: diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index 75ee59770887..8842b147c037 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -398,6 +398,18 @@ kubelet: ## https://github.com/coreos/prometheus-operator/issues/926 ## https: false + # cAdvisorMetricRelabelings: + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop + ## Component scraping the kube controller manager ## From 4daf2d02ed2532572872e8cf6eb4915e5a8af53a Mon Sep 17 00:00:00 2001 From: Alexander Awitin Date: Wed, 20 Feb 2019 16:06:02 +0800 Subject: [PATCH 0238/1586] [stable/redis] Fix "iptables: Permission Denined" error when installing on Istio-enabled cluster. (#11232) * [stable/redis] Fix "Can't initialize iptables table 'nat': Permission denied (you must be root)" error when installed on an Istio-enabled cluster. Only define the `securityContext` on the main container instead of defining it on the top level `spec` which results into injected containers by Istio inheriting this definition (i.e. istio-init). Related topic: https://github.com/istio/old_issues_repo/issues/316 Signed-off-by: Alexander Awitin * [stable/postgresql] Fix "Can't initialize iptables table 'nat': Permission denied (you must be root)" error when installed on an Istio-enabled cluster. (#11226) Only define the `securityContext` on the main container instead of defining it on the top level `spec` which results into injected containers by Istio inheriting this definition (i.e. istio-init). Related topic: https://github.com/istio/old_issues_repo/issues/316 Signed-off-by: Alexander Awitin * Bring `securityContext.fsGroup` back to `spec.template.spec` as where it should be. Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#podsecuritycontext-v1-core Signed-off-by: Alexander Awitin * refactor: Split `runAsUser` and `fsGroup` configuration in container and pod sections respectively. Signed-off-by: Alexander Awitin * Bump chart version. Signed-off-by: Alexander Awitin * refactor: Remove `securityContext.runAsNonRoot` from the main container. Signed-off-by: Alexander Awitin --- stable/redis/Chart.yaml | 2 +- .../templates/redis-master-statefulset.yaml | 5 ++++- .../templates/redis-slave-deployment.yaml | 20 +++++++++++++++++-- 3 files changed, 23 insertions(+), 4 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index dff5aaddc209..b6d925c294bc 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,5 +1,5 @@ name: redis -version: 6.1.0 +version: 6.1.1 appVersion: 4.0.12 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/templates/redis-master-statefulset.yaml b/stable/redis/templates/redis-master-statefulset.yaml index f0558db60829..1f87c0dba272 100644 --- a/stable/redis/templates/redis-master-statefulset.yaml +++ b/stable/redis/templates/redis-master-statefulset.yaml @@ -41,7 +41,6 @@ spec: {{- if .Values.master.securityContext.enabled }} securityContext: fsGroup: {{ .Values.master.securityContext.fsGroup }} - runAsUser: {{ .Values.master.securityContext.runAsUser }} {{- end }} serviceAccountName: "{{ template "redis.serviceAccountName" . }}" {{- if .Values.master.priorityClassName }} @@ -66,6 +65,10 @@ spec: - name: {{ template "redis.fullname" . }} image: "{{ template "redis.image" . }}" imagePullPolicy: {{ default "" .Values.image.pullPolicy | quote }} + {{- if .Values.master.securityContext.enabled }} + securityContext: + runAsUser: {{ .Values.master.securityContext.runAsUser }} + {{- end }} command: - /bin/bash - -c diff --git a/stable/redis/templates/redis-slave-deployment.yaml b/stable/redis/templates/redis-slave-deployment.yaml index 981290a106f4..54bc9d9489cc 100644 --- a/stable/redis/templates/redis-slave-deployment.yaml +++ b/stable/redis/templates/redis-slave-deployment.yaml @@ -45,8 +45,15 @@ spec: - name: {{ . }} {{- end}} {{- end}} - {{- /* Include master securityContext if slave securityContext not defined */ -}} - {{ include "redis.slave.securityContext" . | indent 6 }} + {{- /* Include master securityContext.fsGroup if slave securityContext.fsGroup not defined */ -}} + {{- if (.Values.slave.securityContext | default .Values.master.securityContext) }} + securityContext: + {{- if .Values.slave.securityContext }} + fsGroup: {{ .Values.slave.securityContext.fsGroup }} + {{- else }} + fsGroup: {{ .Values.master.securityContext.fsGroup }} + {{- end }} + {{- end }} serviceAccountName: "{{ template "redis.serviceAccountName" . }}" {{- if .Values.slave.priorityClassName }} priorityClassName: "{{ .Values.slave.priorityClassName }}" @@ -71,6 +78,15 @@ spec: image: {{ template "redis.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | default "" | quote }} {{- $command := default .Values.master.command .Values.slave.command }} + {{- /* Include master securityContext.runAsUser if slave securityContext.runAsUser not defined */ -}} + {{- if (.Values.slave.securityContext | default .Values.master.securityContext) }} + securityContext: + {{- if .Values.slave.securityContext }} + runAsUser: {{ .Values.slave.securityContext.runAsUser }} + {{- else }} + runAsUser: {{ .Values.master.securityContext.runAsUser }} + {{- end }} + {{- end }} command: - /bin/bash - -c From 36cff1218336d1dc43caf135cfa321542941388c Mon Sep 17 00:00:00 2001 From: Viktor Bogdanov Date: Wed, 20 Feb 2019 15:33:02 +0700 Subject: [PATCH 0239/1586] [incubator/haproxy-ingress] Add Priority Class (#11556) * Add Priority Class Signed-off-by: vvbogdanov87 * Bump chart version Signed-off-by: vvbogdanov87 --- incubator/haproxy-ingress/Chart.yaml | 2 +- incubator/haproxy-ingress/README.md | 1 + incubator/haproxy-ingress/templates/controller-daemonset.yaml | 3 +++ .../haproxy-ingress/templates/controller-deployment.yaml | 3 +++ incubator/haproxy-ingress/values.yaml | 4 ++++ 5 files changed, 12 insertions(+), 1 deletion(-) diff --git a/incubator/haproxy-ingress/Chart.yaml b/incubator/haproxy-ingress/Chart.yaml index 14e445c3568e..c9ed5f2a2b26 100644 --- a/incubator/haproxy-ingress/Chart.yaml +++ b/incubator/haproxy-ingress/Chart.yaml @@ -1,5 +1,5 @@ name: haproxy-ingress -version: 0.0.6 +version: 0.0.7 appVersion: 0.7.0 home: https://github.com/jcmoraisjr/haproxy-ingress description: Ingress controller implementation for haproxy loadbalancer. diff --git a/incubator/haproxy-ingress/README.md b/incubator/haproxy-ingress/README.md index 5dfe77deea3a..cd69f98be32e 100644 --- a/incubator/haproxy-ingress/README.md +++ b/incubator/haproxy-ingress/README.md @@ -64,6 +64,7 @@ Parameter | Description | Default `controller.readinessProbe.timeoutSeconds` | The readiness probe timeout (in seconds) | `1` `controller.podAnnotations` | Annotations for the haproxy-ingress-conrtoller pod | `{}` `controller.podLabels` | Labels for the haproxy-ingress-conrtoller pod | `{}` +`controller.priorityClassName` | Priority Class to be used | `` `controller.securityContext` | Security context settings for the haproxy-ingress-conrtoller pod | `{}` `controller.config` | additional haproxy-ingress [ConfigMap entries](https://github.com/jcmoraisjr/haproxy-ingress/blob/v0.6/README.md#configmap) | `{}` `controller.hostNetwork` | Optionally set to true when using CNI based kubernetes installations | `false` diff --git a/incubator/haproxy-ingress/templates/controller-daemonset.yaml b/incubator/haproxy-ingress/templates/controller-daemonset.yaml index f8f7f42eba53..f2e9a6236d74 100644 --- a/incubator/haproxy-ingress/templates/controller-daemonset.yaml +++ b/incubator/haproxy-ingress/templates/controller-daemonset.yaml @@ -181,4 +181,7 @@ spec: affinity: {{ toYaml .Values.controller.affinity | indent 8 }} {{- end }} + {{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} + {{- end }} {{- end }} diff --git a/incubator/haproxy-ingress/templates/controller-deployment.yaml b/incubator/haproxy-ingress/templates/controller-deployment.yaml index 90ee680d4e23..4898c0e5d135 100644 --- a/incubator/haproxy-ingress/templates/controller-deployment.yaml +++ b/incubator/haproxy-ingress/templates/controller-deployment.yaml @@ -174,4 +174,7 @@ spec: securityContext: {{ toYaml .Values.controller.securityContext | indent 8 }} {{- end }} + {{- if .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName }} + {{- end }} {{- end }} diff --git a/incubator/haproxy-ingress/values.yaml b/incubator/haproxy-ingress/values.yaml index d1b287749733..c6df5b73c043 100644 --- a/incubator/haproxy-ingress/values.yaml +++ b/incubator/haproxy-ingress/values.yaml @@ -75,6 +75,10 @@ controller: ## podLabels: {} + ## Priority Class to be used + ## + priorityClassName: "" + ## Security context settings to be added to the controller pods ## securityContext: {} From b84e68bbdead4c95542b02fa95a604205c721db8 Mon Sep 17 00:00:00 2001 From: Yves Vogl <39190668+yves-vogl@users.noreply.github.com> Date: Wed, 20 Feb 2019 10:01:45 +0100 Subject: [PATCH 0240/1586] Support configuration of externalTrafficPolicy for services from type NodePort (#11302) * Adding externalTrafficPolicy to service definition to preserve the client source IP by default Developer Certificate of Origin Version 1.1 Copyright (C) 2004, 2006 The Linux Foundation and its contributors. 1 Letterman Drive Suite D4700 San Francisco, CA, 94129 Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Developer's Certificate of Origin 1.1 By making a contribution to this project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source license and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. Signed-off-by: Yves Vogl * Bumping version Signed-off-by: Yves Vogl * Adding variable to README Signed-off-by: Yves Vogl --- stable/chartmuseum/Chart.yaml | 2 +- stable/chartmuseum/README.md | 1 + stable/chartmuseum/templates/service.yaml | 3 +++ stable/chartmuseum/values.yaml | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/stable/chartmuseum/Chart.yaml b/stable/chartmuseum/Chart.yaml index 373e7fa684e6..7bcd1f78a69d 100644 --- a/stable/chartmuseum/Chart.yaml +++ b/stable/chartmuseum/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Host your own Helm Chart Repository name: chartmuseum -version: 1.9.0 +version: 1.9.1 appVersion: 0.8.1 home: https://github.com/helm/chartmuseum icon: https://raw.githubusercontent.com/helm/chartmuseum/master/logo2.png diff --git a/stable/chartmuseum/README.md b/stable/chartmuseum/README.md index 07b0e048c71b..833cc1dfb7d0 100644 --- a/stable/chartmuseum/README.md +++ b/stable/chartmuseum/README.md @@ -131,6 +131,7 @@ their default values. See values.yaml for all available options. | `gcp.secret.key` | Secret key for te GCP json file | `credentials.json` | | `service.type` | Kubernetes Service type | `ClusterIP` | | `service.clusterIP` | Static clusterIP or None for headless services| `nil` | +| `service.externalTrafficPolicy` | Source IP preservation (only for Service type NodePort) | `Local` | | `service.servicename` | Custom name for service | `` | | `service.labels` | Additional labels for service | `{}` | | `deployment.labels` | Additional labels for deployment | `{}` | diff --git a/stable/chartmuseum/templates/service.yaml b/stable/chartmuseum/templates/service.yaml index 65ce7a288302..7d42601ccbc3 100644 --- a/stable/chartmuseum/templates/service.yaml +++ b/stable/chartmuseum/templates/service.yaml @@ -17,6 +17,9 @@ metadata: {{- end }} spec: type: {{ .Values.service.type }} + {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} + externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }} + {{- end }} {{- if eq .Values.service.type "ClusterIP" }} {{- if .Values.service.clusterIP }} clusterIP: {{ .Values.service.clusterIP }} diff --git a/stable/chartmuseum/values.yaml b/stable/chartmuseum/values.yaml index 28d1a19d852d..355125e07797 100644 --- a/stable/chartmuseum/values.yaml +++ b/stable/chartmuseum/values.yaml @@ -118,6 +118,7 @@ replica: service: servicename: type: ClusterIP + externalTrafficPolicy: Local # clusterIP: None externalPort: 8080 nodePort: From 50f34762dc0f7e36636f85eb48858901ad0727c5 Mon Sep 17 00:00:00 2001 From: Karol Chrapek Date: Wed, 20 Feb 2019 12:07:41 +0100 Subject: [PATCH 0241/1586] [stable/prometheus-operator] Bump node exporter version (#11487) * [stable/prometheus-operator] Bump node exporter version Signed-off-by: Karol Chrapek * Update .lock Signed-off-by: Karol Chrapek * Update chart version Signed-off-by: Karol Chrapek --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/requirements.lock | 6 +++--- stable/prometheus-operator/requirements.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 3f1f2687f7aa..019b46c05707 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.3.1 +version: 2.3.2 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/requirements.lock b/stable/prometheus-operator/requirements.lock index 1a41e263ee4e..e0ccd85c771a 100644 --- a/stable/prometheus-operator/requirements.lock +++ b/stable/prometheus-operator/requirements.lock @@ -4,9 +4,9 @@ dependencies: version: 0.13.1 - name: prometheus-node-exporter repository: https://kubernetes-charts.storage.googleapis.com/ - version: 1.2.0 + version: 1.3.0 - name: grafana repository: https://kubernetes-charts.storage.googleapis.com/ version: 1.25.4 -digest: sha256:411bae69348d77ddf01781cba2d50c663b493cec7f594e189e7cf5f412a4b076 -generated: 2019-02-04T17:42:55.311259105-05:00 +digest: sha256:0f2eeba33f19ea4efa64cd93a405286df055f9fb8b8ad33c609900263180eb7f +generated: 2019-02-18T12:55:58.27784832+01:00 diff --git a/stable/prometheus-operator/requirements.yaml b/stable/prometheus-operator/requirements.yaml index ea77ebe29d40..fc80c6aee892 100644 --- a/stable/prometheus-operator/requirements.yaml +++ b/stable/prometheus-operator/requirements.yaml @@ -6,7 +6,7 @@ dependencies: condition: kubeStateMetrics.enabled - name: prometheus-node-exporter - version: 1.2.* + version: 1.3.* repository: https://kubernetes-charts.storage.googleapis.com/ condition: nodeExporter.enabled From c1ac591fb8c248baf395e9854c43439b1b2eca3a Mon Sep 17 00:00:00 2001 From: theShirbiny Date: Wed, 20 Feb 2019 12:23:03 +0100 Subject: [PATCH 0242/1586] Fix default service port and target port. (#11264) * fix serivce default target port Signed-off-by: OpenSourceZombie * bump chart version Signed-off-by: OpenSourceZombie * bump chart version Signed-off-by: OpenSourceZombie --- stable/prometheus-cloudwatch-exporter/Chart.yaml | 2 +- stable/prometheus-cloudwatch-exporter/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/prometheus-cloudwatch-exporter/Chart.yaml b/stable/prometheus-cloudwatch-exporter/Chart.yaml index b6b377cb2175..325705ec92ec 100644 --- a/stable/prometheus-cloudwatch-exporter/Chart.yaml +++ b/stable/prometheus-cloudwatch-exporter/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.5.0" description: A Helm chart for prometheus cloudwatch-exporter name: prometheus-cloudwatch-exporter -version: 0.4.1 +version: 0.4.2 home: https://github.com/prometheus/cloudwatch_exporter sources: - https://github.com/prometheus/cloudwatch_exporter diff --git a/stable/prometheus-cloudwatch-exporter/values.yaml b/stable/prometheus-cloudwatch-exporter/values.yaml index 6117ea981101..0f1c8be2696c 100644 --- a/stable/prometheus-cloudwatch-exporter/values.yaml +++ b/stable/prometheus-cloudwatch-exporter/values.yaml @@ -11,7 +11,7 @@ image: service: type: ClusterIP - port: 80 + port: 9106 portName: http annotations: {} labels: {} From 76601eac6440ddd4b4e6e0904a4705d36a0a1969 Mon Sep 17 00:00:00 2001 From: Artem Pastukhov Date: Wed, 20 Feb 2019 14:23:13 +0300 Subject: [PATCH 0243/1586] Add ability to control prometheus TSDB locking (#11270) * Add enableTSDBLock var Signed-off-by: Artem Pastukhov * Add --storage.tsdb.no-lockfile flag calculation Signed-off-by: Artem Pastukhov * Revert logic for locking flag Signed-off-by: Artem Pastukhov * Remove extra space Signed-off-by: Artem Pastukhov * Add --storage.tsdb.no-lockfile Signed-off-by: Artem Pastukhov * Bump chart version Signed-off-by: Artem Pastukhov * Update README.md Signed-off-by: Artem Pastukhov * Remove exrtra whitespace Signed-off-by: Artem Pastukhov * Bump chart version Signed-off-by: Artem Pastukhov --- stable/prometheus/Chart.yaml | 2 +- stable/prometheus/README.md | 1 + stable/prometheus/templates/server-deployment.yaml | 3 +++ stable/prometheus/templates/server-statefulset.yaml | 3 +++ stable/prometheus/values.yaml | 3 +++ 5 files changed, 11 insertions(+), 1 deletion(-) diff --git a/stable/prometheus/Chart.yaml b/stable/prometheus/Chart.yaml index 9dac6376cc11..05ab21dc0681 100755 --- a/stable/prometheus/Chart.yaml +++ b/stable/prometheus/Chart.yaml @@ -1,5 +1,5 @@ name: prometheus -version: 8.7.1 +version: 8.8.0 appVersion: 2.7.1 description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ diff --git a/stable/prometheus/README.md b/stable/prometheus/README.md index 40c7752a3316..107045bc4af8 100644 --- a/stable/prometheus/README.md +++ b/stable/prometheus/README.md @@ -238,6 +238,7 @@ Parameter | Description | Default `server.image.tag` | Prometheus server container image tag | `v2.7.1` `server.image.pullPolicy` | Prometheus server container image pull policy | `IfNotPresent` `server.enableAdminApi` | If true, Prometheus administrative HTTP API will be enabled. Please note, that you should take care of administrative API access protection (ingress or some frontend Nginx with auth) before enabling it. | `false` +`server.skipTSDBLock` | If true, Prometheus skip TSDB locking. | `false` `server.configPath` | Path to a prometheus server config file on the container FS | `/etc/config/prometheus.yml` `server.global.scrape_interval` | How frequently to scrape targets by default | `1m` `server.global.scrape_timeout` | How long until a scrape request times out | `10s` diff --git a/stable/prometheus/templates/server-deployment.yaml b/stable/prometheus/templates/server-deployment.yaml index 73f6171457bf..98c74f45d9fc 100644 --- a/stable/prometheus/templates/server-deployment.yaml +++ b/stable/prometheus/templates/server-deployment.yaml @@ -103,6 +103,9 @@ spec: {{- if .Values.server.enableAdminApi }} - --web.enable-admin-api {{- end }} + {{- if .Values.server.skipTSDBLock }} + - --storage.tsdb.no-lockfile + {{- end }} ports: - containerPort: 9090 readinessProbe: diff --git a/stable/prometheus/templates/server-statefulset.yaml b/stable/prometheus/templates/server-statefulset.yaml index 82d85f72c61d..c6340ac47881 100644 --- a/stable/prometheus/templates/server-statefulset.yaml +++ b/stable/prometheus/templates/server-statefulset.yaml @@ -96,6 +96,9 @@ spec: {{- if .Values.server.enableAdminApi }} - --web.enable-admin-api {{- end }} + {{- if .Values.server.skipTSDBLock }} + - --storage.tsdb.no-lockfile + {{- end }} ports: - containerPort: 9090 readinessProbe: diff --git a/stable/prometheus/values.yaml b/stable/prometheus/values.yaml index 3d845e7f43ed..2d57ddcedc67 100644 --- a/stable/prometheus/values.yaml +++ b/stable/prometheus/values.yaml @@ -555,6 +555,9 @@ server: ## series. This is disabled by default. enableAdminApi: false + ## This flag controls BD locking + skipTSDBLock: false + ## Path to a configuration file on prometheus server container FS configPath: /etc/config/prometheus.yml From aab1621af0ddbb51daf35b651e3a9abacd092c7d Mon Sep 17 00:00:00 2001 From: Christian Groschupp Date: Wed, 20 Feb 2019 12:23:23 +0100 Subject: [PATCH 0244/1586] [stable/elasticsearch-curator] add env option (#11533) * Add env option to elasticsearch-curator. Signed-off-by: Christian Groschupp * Allow to overwrite command in elasticsearch-curator. Signed-off-by: Christian Groschupp * Update README.md in elasticsearch-curator. Signed-off-by: Christian Groschupp * Bump elasticsearch-curator version to 1.2.1. Signed-off-by: Christian Groschupp --- stable/elasticsearch-curator/Chart.yaml | 2 +- stable/elasticsearch-curator/README.md | 4 +++- stable/elasticsearch-curator/templates/cronjob.yaml | 12 +++++++++++- stable/elasticsearch-curator/values.yaml | 3 +++ 4 files changed, 18 insertions(+), 3 deletions(-) diff --git a/stable/elasticsearch-curator/Chart.yaml b/stable/elasticsearch-curator/Chart.yaml index 216e93b80e2c..c2be0621a814 100644 --- a/stable/elasticsearch-curator/Chart.yaml +++ b/stable/elasticsearch-curator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "5.5.4" description: A Helm chart for Elasticsearch Curator name: elasticsearch-curator -version: 1.2.0 +version: 1.2.1 home: https://github.com/elastic/curator keywords: - curator diff --git a/stable/elasticsearch-curator/README.md b/stable/elasticsearch-curator/README.md index 4e1ab9d89482..c6e3664fee31 100644 --- a/stable/elasticsearch-curator/README.md +++ b/stable/elasticsearch-curator/README.md @@ -40,7 +40,9 @@ their default values. | `cronjob.failedJobsHistoryLimit` | Specify the number of failed Jobs to keep | `nil` | | `cronjob.successfulJobsHistoryLimit` | Specify the number of completed Jobs to keep | `nil` | | `pod.annotations` | Annotations to add to the pod | {} | -| `dryrun` | Run Curator in dry-run mode | `false` | +| `dryrun` | Run Curator in dry-run mode | `false` | +| `env` | Environment variables to add to the cronjob container | {} | +| `command` | Command to execute | ["curator"] | | `configMaps.action_file_yml` | Contents of the Curator action_file.yml | See values.yaml | | `configMaps.config_yml` | Contents of the Curator config.yml (overrides config) | See values.yaml | | `resources` | Resource requests and limits | {} | diff --git a/stable/elasticsearch-curator/templates/cronjob.yaml b/stable/elasticsearch-curator/templates/cronjob.yaml index 96d4a2957458..9452f481f1cc 100644 --- a/stable/elasticsearch-curator/templates/cronjob.yaml +++ b/stable/elasticsearch-curator/templates/cronjob.yaml @@ -58,12 +58,22 @@ spec: mountPath: /etc/es-curator {{- if .Values.extraVolumeMounts }} {{ toYaml .Values.extraVolumeMounts | indent 16 }} +{{ end }} +{{ if .Values.command }} + command: +{{ toYaml .Values.command | indent 16 }} {{- end }} - command: [ "curator" ] {{- if .Values.dryrun }} args: [ "--dry-run", "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ] {{- else }} args: [ "--config", "/etc/es-curator/config.yml", "/etc/es-curator/action_file.yml" ] +{{- end }} + env: +{{- if .Values.env }} +{{- range $key,$value := .Values.env }} + - name: {{ $key | upper | quote}} + value: {{ $value | quote}} +{{- end }} {{- end }} resources: {{ toYaml .Values.resources | indent 16 }} diff --git a/stable/elasticsearch-curator/values.yaml b/stable/elasticsearch-curator/values.yaml index e9a7e0c22ba5..6ac4f2c924f6 100644 --- a/stable/elasticsearch-curator/values.yaml +++ b/stable/elasticsearch-curator/values.yaml @@ -25,6 +25,9 @@ hooks: # run curator in dry-run mode dryrun: false +command: ["curator"] +env: {} + configMaps: # Delete indices older than 7 days action_file_yml: |- From 61d621c708aa579544a5f5a24455cff27b9616e3 Mon Sep 17 00:00:00 2001 From: Giancarlo Rubio Date: Wed, 20 Feb 2019 12:51:42 +0100 Subject: [PATCH 0245/1586] fix servicemonitors and prometheusrule yaml list (#11563) Signed-off-by: Giancarlo Rubio --- stable/prometheus-operator/Chart.yaml | 4 +- .../alertmanager/prometheusrules.yaml | 11 +++-- .../templates/prometheus/servicemonitors.yaml | 47 ++++++++++--------- 3 files changed, 34 insertions(+), 28 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 019b46c05707..486300faf698 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,8 +9,8 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.3.2 -appVersion: 0.26.0 +version: 2.6.0 +appVersion: 0.27.0 home: https://github.com/coreos/prometheus-operator keywords: - operator diff --git a/stable/prometheus-operator/templates/alertmanager/prometheusrules.yaml b/stable/prometheus-operator/templates/alertmanager/prometheusrules.yaml index 2db8ee1d61ea..bd84a67a2d3a 100644 --- a/stable/prometheus-operator/templates/alertmanager/prometheusrules.yaml +++ b/stable/prometheus-operator/templates/alertmanager/prometheusrules.yaml @@ -1,17 +1,20 @@ {{- if and .Values.alertmanager.enabled .Values.alertmanager.additionalPrometheusRules }} +apiVersion: v1 +kind: List +items: {{- range .Values.alertmanager.additionalPrometheusRules }} -apiVersion: {{ printf "%s/v1" ($.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} +- apiVersion: {{ printf "%s/v1" ($.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule metadata: name: {{ template "prometheus-operator.name" $ }}-{{ .name }} labels: app: {{ template "prometheus-operator.name" $ }} -{{ include "prometheus-operator.labels" $ | indent 4 }} +{{ include "prometheus-operator.labels" $ | indent 8 }} {{- if .additionalLabels }} -{{ toYaml .additionalLabels | indent 4 }} +{{ toYaml .additionalLabels | indent 8 }} {{- end }} spec: groups: -{{ toYaml .groups| indent 4 }} +{{ toYaml .groups| indent 8 }} {{- end }} {{- end }} diff --git a/stable/prometheus-operator/templates/prometheus/servicemonitors.yaml b/stable/prometheus-operator/templates/prometheus/servicemonitors.yaml index d1fc8451574d..954005183529 100644 --- a/stable/prometheus-operator/templates/prometheus/servicemonitors.yaml +++ b/stable/prometheus-operator/templates/prometheus/servicemonitors.yaml @@ -1,26 +1,29 @@ {{- if and .Values.prometheus.enabled .Values.prometheus.additionalServiceMonitors }} +apiVersion: v1 +kind: List +items: {{- range .Values.prometheus.additionalServiceMonitors }} -apiVersion: {{ printf "%s/v1" ($.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} -kind: ServiceMonitor -metadata: - name: {{ template "prometheus-operator.name" $ }}-{{ .name }} - labels: - app: {{ template "prometheus-operator.name" $ }}-prometheus -{{ include "prometheus-operator.labels" $ | indent 4 }} - {{- if .additionalLabels }} -{{ toYaml .additionalLabels | indent 4 }} + - apiVersion: {{ printf "%s/v1" ($.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} + kind: ServiceMonitor + metadata: + name: {{ .name }} + labels: + app: {{ template "prometheus-operator.name" $ }}-prometheus +{{ include "prometheus-operator.labels" $ | indent 8 }} + {{- if .additionalLabels }} +{{ toYaml .additionalLabels | indent 8 }} + {{- end }} + spec: + endpoints: +{{ toYaml .endpoints | indent 8 }} + {{- if .jobLabel }} + jobLabel: {{ .jobLabel }} {{- end }} -spec: - endpoints: -{{ toYaml .endpoints | indent 4 }} -{{- if .jobLabel }} - jobLabel: {{ .jobLabel }} -{{- end }} -{{- if .namespaceSelector }} - namespaceSelector: -{{ toYaml .namespaceSelector | indent 4 }} -{{- end }} - selector: -{{ toYaml .selector | indent 4 }} -{{- end }} + {{- if .namespaceSelector }} + namespaceSelector: +{{ toYaml .namespaceSelector | indent 8 }} + {{- end }} + selector: +{{ toYaml .selector | indent 8 }} {{- end }} +{{- end }} \ No newline at end of file From fd2055e9fcd175468fffb2b695742ba61ca1304c Mon Sep 17 00:00:00 2001 From: Taehyun Kim Date: Wed, 20 Feb 2019 21:01:05 +0900 Subject: [PATCH 0246/1586] resources for kind (#11555) Signed-off-by: Taehyun Kim --- stable/metricbeat/Chart.yaml | 2 +- stable/metricbeat/README.md | 6 +++++- stable/metricbeat/templates/daemonset.yaml | 4 ++++ stable/metricbeat/templates/deployment.yaml | 4 ++++ stable/metricbeat/values.yaml | 2 ++ 5 files changed, 16 insertions(+), 2 deletions(-) diff --git a/stable/metricbeat/Chart.yaml b/stable/metricbeat/Chart.yaml index ab91b9b1ca51..7558fd768a6a 100644 --- a/stable/metricbeat/Chart.yaml +++ b/stable/metricbeat/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: A Helm chart to collect Kubernetes logs with metricbeat icon: https://www.elastic.co/assets/blt47799dcdcf08438d/logo-elastic-beats-lt.svg name: metricbeat -version: 1.0.0 +version: 1.1.0 appVersion: 6.6.0 home: https://www.elastic.co/products/beats/metricbeat sources: diff --git a/stable/metricbeat/README.md b/stable/metricbeat/README.md index fb42f6e1705f..6a1076b0f072 100644 --- a/stable/metricbeat/README.md +++ b/stable/metricbeat/README.md @@ -51,11 +51,15 @@ The following table lists the configurable parameters of the metricbeat chart an | `daemonset.podAnnotations` | Pod annotations for daemonset | | | `daemonset.nodeSelector` | Pod node selector for daemonset | `{}` | | `daemonset.tolerations` | Pod taint tolerations for daemonset | `[{"key": "node-role.kubernetes.io/master", "operator": "Exists", "effect": "NoSchedule"}]` | +| `daemonset.resources.requests.cpu` | CPU resource requests for daemonset | | +| `daemonset.resources.limits.cpu` | CPU resource limits for daemonset | | | `deployment.modules..config` | The content of the modules configuration file consumed by metricbeat deployed as deployment, which is assumed to collect cluster-level metrics. See the [metricbeat.reference.yml](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-reference-yml.html) for full details || | `deployment.modules..enabled` | If true, enable configuration || | `deployment.podAnnotations` | Pod annotations for deployment | | | `deployment.nodeSelector` | Pod node selector for deployment | `{}` | -| `deployment.tolerations` | Pod taint tolerations for deployment | `[]` | +| `deployment.tolerations` | Pod taint tolerations for deployment | `[]` | +| `deployment.resources.requests.cpu` | CPU resource requests for daemonset | | +| `deployment.resources.limits.cpu` | CPU resource limits for daemonset | | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/metricbeat/templates/daemonset.yaml b/stable/metricbeat/templates/daemonset.yaml index 4abcdcb69f7f..4533646c511a 100644 --- a/stable/metricbeat/templates/daemonset.yaml +++ b/stable/metricbeat/templates/daemonset.yaml @@ -61,7 +61,11 @@ spec: securityContext: runAsUser: 0 resources: +{{- if .Values.daemonset.resources }} +{{ toYaml .Values.daemonset.resources | indent 10 }} +{{- else if .Values.resources }} {{ toYaml .Values.resources | indent 10 }} +{{- end }} volumeMounts: - name: config mountPath: /usr/share/metricbeat/metricbeat.yml diff --git a/stable/metricbeat/templates/deployment.yaml b/stable/metricbeat/templates/deployment.yaml index 07fecc24adac..4b9d3b3dc6cc 100644 --- a/stable/metricbeat/templates/deployment.yaml +++ b/stable/metricbeat/templates/deployment.yaml @@ -57,7 +57,11 @@ spec: securityContext: runAsUser: 0 resources: +{{- if .Values.deployment.resources }} +{{ toYaml .Values.deployment.resources | indent 10 }} +{{- else if .Values.resources }} {{ toYaml .Values.resources | indent 10 }} +{{- end }} volumeMounts: - name: metricbeat-config mountPath: /usr/share/metricbeat/metricbeat.yml diff --git a/stable/metricbeat/values.yaml b/stable/metricbeat/values.yaml index 8e73d3191c9f..4e4d92fa755f 100644 --- a/stable/metricbeat/values.yaml +++ b/stable/metricbeat/values.yaml @@ -11,6 +11,7 @@ daemonset: operator: Exists effect: NoSchedule nodeSelector: {} + resources: {} config: metricbeat.config: modules: @@ -75,6 +76,7 @@ deployment: podAnnotations: [] tolerations: [] nodeSelector: {} + resources: {} config: metricbeat.config: modules: From 5823251a820bba10273d2112d04ebaa076ba3c36 Mon Sep 17 00:00:00 2001 From: Sergei Ivanov Date: Wed, 20 Feb 2019 13:47:21 +0000 Subject: [PATCH 0247/1586] [stable/sonatype-nexus] Reorder host names in ingress (#11513) Make `nexusHttpHost` the first in the list of TLS hosts. This is to ensure that the common name (as displayed in the browser) in the generated Let's Encrypt TLS certificate is the `nexusHttpHost`, while `nexusDockerHost` is added to subject alternative names. Signed-off-by: Sergei Ivanov --- stable/sonatype-nexus/Chart.yaml | 2 +- stable/sonatype-nexus/templates/ingress.yaml | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/sonatype-nexus/Chart.yaml b/stable/sonatype-nexus/Chart.yaml index 248b314523d4..362efd9adbc6 100644 --- a/stable/sonatype-nexus/Chart.yaml +++ b/stable/sonatype-nexus/Chart.yaml @@ -1,5 +1,5 @@ name: sonatype-nexus -version: 1.16.1 +version: 1.16.2 appVersion: 3.15.2-01 description: Sonatype Nexus is an open source repository manager keywords: diff --git a/stable/sonatype-nexus/templates/ingress.yaml b/stable/sonatype-nexus/templates/ingress.yaml index 231899a75db8..3ef64aaa5cb9 100644 --- a/stable/sonatype-nexus/templates/ingress.yaml +++ b/stable/sonatype-nexus/templates/ingress.yaml @@ -11,14 +11,14 @@ metadata: {{- end }} spec: rules: - - host: {{ .Values.nexusProxy.env.nexusDockerHost }} + - host: {{ .Values.nexusProxy.env.nexusHttpHost }} http: paths: - backend: serviceName: {{ template "nexus.fullname" . }} servicePort: {{ .Values.nexusProxy.port }} path: {{ .Values.ingress.path }} - - host: {{ .Values.nexusProxy.env.nexusHttpHost }} + - host: {{ .Values.nexusProxy.env.nexusDockerHost }} http: paths: - backend: @@ -28,8 +28,8 @@ spec: {{- if .Values.ingress.tls.enabled }} tls: - hosts: - - {{ .Values.nexusProxy.env.nexusDockerHost }} - {{ .Values.nexusProxy.env.nexusHttpHost }} + - {{ .Values.nexusProxy.env.nexusDockerHost }} {{- if .Values.ingress.tls.secretName }} secretName: {{ .Values.ingress.tls.secretName | quote }} {{- end }} From 0d991102835c400f79ec59cc6eae248b3bdba42e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tomasz=20Noco=C5=84?= Date: Wed, 20 Feb 2019 15:51:17 +0100 Subject: [PATCH 0248/1586] [stable/elasticsearch-exporter] Add scheme to the ServiceMonitor. Cannot fetch metrics from exporter if prometheus has a different default scheme. (#11421) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Tomasz Nocoń --- stable/elasticsearch-exporter/Chart.yaml | 2 +- stable/elasticsearch-exporter/templates/servicemonitor.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/stable/elasticsearch-exporter/Chart.yaml b/stable/elasticsearch-exporter/Chart.yaml index 0dfa8969d309..09a3625388f8 100644 --- a/stable/elasticsearch-exporter/Chart.yaml +++ b/stable/elasticsearch-exporter/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Elasticsearch stats exporter for Prometheus name: elasticsearch-exporter -version: 1.1.1 +version: 1.1.2 appVersion: 1.0.2 home: https://github.com/justwatchcom/elasticsearch_exporter sources: diff --git a/stable/elasticsearch-exporter/templates/servicemonitor.yaml b/stable/elasticsearch-exporter/templates/servicemonitor.yaml index 43a36175f79a..939ea0ea3bd5 100644 --- a/stable/elasticsearch-exporter/templates/servicemonitor.yaml +++ b/stable/elasticsearch-exporter/templates/servicemonitor.yaml @@ -18,6 +18,7 @@ spec: honorLabels: true port: "{{ .Values.service.httpPort }}" path: {{ .Values.web.path }} + scheme: http jobLabel: "{{ .Release.Name }}" selector: matchLabels: From 4d3e771372b815975007c1b2fe32cf2bd10a52d2 Mon Sep 17 00:00:00 2001 From: elieser1101 Date: Wed, 20 Feb 2019 11:34:59 -0400 Subject: [PATCH 0249/1586] add ingress Hostname an ApiVersion to docs (#11576) Signed-off-by: Elieser Pereira --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/README.md | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index aa2d6971bfbc..7574fe3eda8d 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.32.8 +version: 0.32.9 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index d0f6739ad359..d0111d32782d 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -72,6 +72,8 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.JMXPort` | Open a port, for JMX stats | Not set | | `Master.ExtraPorts` | Open extra ports, for other uses | Not set | | `Master.OverwriteConfig` | Replace config w/ ConfigMap on boot | `false` | +| `Master.HostName` | Enables chart ingress, ingress host path | Not set | +| `Master.Ingress.ApiVersion` | Ingress api version | Not set | | `Master.Ingress.Annotations` | Ingress annotations | `{}` | | `Master.Ingress.Labels` | Ingress labels | `{}` | | `Master.Ingress.Path` | Ingress path | Not set | From 205644e0c7fb626851e7d248ba0b8f827e1959ca Mon Sep 17 00:00:00 2001 From: Vasily Sliouniaev Date: Wed, 20 Feb 2019 15:58:50 +0000 Subject: [PATCH 0250/1586] [stable/prometheus-operator] Multiple features / fixes (#11501) * Bump component versions Signed-off-by: Vasily * Fix readme docs for namespaceSelector Signed-off-by: Vasily * Expand on components that come with the chart Signed-off-by: Vasily * Upgrade grafana to fix side-car race condition This is a major version bump due to the requirement of the grafana chart to run a newer version of the dashboard/datasource sidecars Signed-off-by: Vasily * Add migration info for coreos chart to readme Signed-off-by: Vasily * Move additionalPrometheusrules to prometheus - Fix broken indentation - This component is not alertmanager specific - Since this PR has a major version change, so it is appropriate to make this configuration change also Signed-off-by: Vasily --- stable/prometheus-operator/Chart.yaml | 4 +- stable/prometheus-operator/README.md | 110 ++++++++++++++++-- .../prometheus-operator/ci/test-values.yaml | 90 ++++++++------ stable/prometheus-operator/requirements.lock | 6 +- stable/prometheus-operator/requirements.yaml | 2 +- .../alertmanager/prometheusrules.yaml | 20 ---- .../prometheus/additionalPrometheusRules.yaml | 20 ++++ stable/prometheus-operator/values.yaml | 31 ++--- 8 files changed, 201 insertions(+), 82 deletions(-) delete mode 100644 stable/prometheus-operator/templates/alertmanager/prometheusrules.yaml create mode 100644 stable/prometheus-operator/templates/prometheus/additionalPrometheusRules.yaml diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 486300faf698..1f7690bfd1e7 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,8 +9,8 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 2.6.0 -appVersion: 0.27.0 +version: 3.0.0 +appVersion: 0.29.0 home: https://github.com/coreos/prometheus-operator keywords: - operator diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index 643d24e8b6cc..c995d9cd15b2 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -1,6 +1,23 @@ # prometheus-operator -Installs [prometheus-operator](https://github.com/coreos/prometheus-operator) to create/configure/manage Prometheus clusters atop Kubernetes. +Installs [prometheus-operator](https://github.com/coreos/prometheus-operator) to create/configure/manage Prometheus clusters atop Kubernetes. This chart includes multiple components and is suitable for a variety of use-cases. + +The default installation is intended to suit monitoring a kubernetes cluster the chart is deployed onto. It is closely matches the kube-prometheus project. +- [prometheus-operator](https://github.com/coreos/prometheus-operator) +- [prometheus](https://prometheus.io/) +- [alertmanager](https://prometheus.io/) +- [node-exporter](https://github.com/helm/charts/tree/master/stable/prometheus-node-exporter) +- [kube-state-metrics](https://github.com/helm/charts/tree/master/stable/kube-state-metrics) +- [grafana](https://github.com/helm/charts/tree/master/stable/grafana) +- service monitors to scrape internal kubernetes components + - kube-apiserver + - kube-scheduler + - kube-controller-manager + - etcd + - kube-dns/coredns +With the installation, the chart also includes dashboards and alerts. + +The same chart can be used to run multiple prometheus instances in the same cluster if required. To achieve this, the other components need to be disabled - it is necessary to run only one instance of prometheus-operator and a pair of alertmanager pods for an HA configuration. ## TL;DR; @@ -76,6 +93,7 @@ The following tables lists the configurable parameters of the prometheus-operato | `defaultRules.rules.prometheus` | Create Prometheus default rules| `true` | | `defaultRules.labels` | Labels for default rules for monitoring the cluster | `{}` | | `defaultRules.annotations` | Annotations for default rules for monitoring the cluster | `{}` | +| `additionalPrometheusRules` | List of `prometheusRule` objects to create. See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusrulespec. | `[]` | | `global.rbac.create` | Create RBAC resources | `true` | | `global.rbac.pspEnabled` | Create pod security policy resources | `true` | | `global.imagePullSecrets` | Reference to one or more secrets to be used when pulling images | `[]` | @@ -110,12 +128,12 @@ The following tables lists the configurable parameters of the prometheus-operato | `prometheusOperator.tolerations` | Tolerations for use with node taints https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` | | `prometheusOperator.affinity` | Assign the prometheus operator to run on specific nodes https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ | `{}` | | `prometheusOperator.image.repository` | Repository for prometheus operator image | `quay.io/coreos/prometheus-operator` | -| `prometheusOperator.image.tag` | Tag for prometheus operator image | `v0.26.0` | +| `prometheusOperator.image.tag` | Tag for prometheus operator image | `v0.29.0` | | `prometheusOperator.image.pullPolicy` | Pull policy for prometheus operator image | `IfNotPresent` | | `prometheusOperator.configmapReloadImage.repository` | Repository for configmapReload image | `quay.io/coreos/configmap-reload` | | `prometheusOperator.configmapReloadImage.tag` | Tag for configmapReload image | `v0.0.1` | | `prometheusOperator.prometheusConfigReloaderImage.repository` | Repository for config-reloader image | `quay.io/coreos/prometheus-config-reloader` | -| `prometheusOperator.prometheusConfigReloaderImage.tag` | Tag for config-reloader image | `v0.26.0` | +| `prometheusOperator.prometheusConfigReloaderImage.tag` | Tag for config-reloader image | `v0.29.0` | | `prometheusOperator.hyperkubeImage.repository` | Repository for hyperkube image used to perform maintenance tasks | `k8s.gcr.io/hyperkube` | | `prometheusOperator.hyperkubeImage.tag` | Tag for hyperkube image used to perform maintenance tasks | `v1.12.1` | | `prometheusOperator.hyperkubeImage.repository` | Image pull policy for hyperkube image used to perform maintenance tasks | `IfNotPresent` | @@ -149,9 +167,9 @@ The following tables lists the configurable parameters of the prometheus-operato | `prometheus.prometheusSpec.podMetadata` | Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata Metadata Labels and Annotations gets propagated to the prometheus pods. | `{}` | | `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` | If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the prometheus resource to be created with selectors based on values in the helm deployment, which will also match the servicemonitors created | `true` | | `prometheus.prometheusSpec.serviceMonitorSelector` | ServiceMonitors to be selected for target discovery. If {}, select all ServiceMonitors | `{}` | -| `prometheus.prometheusSpec.serviceMonitorNamespaceSelector` | Namespaces to be selected for ServiceMonitor discovery. If nil, select own namespace. If {}, select all namespaces. | `{}` | +| `prometheus.prometheusSpec.serviceMonitorNamespaceSelector` | Namespaces to be selected for ServiceMonitor discovery. See [namespaceSelector](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#namespaceselector) for usage | `{}` | | `prometheus.prometheusSpec.image.repository` | Base image to use for a Prometheus deployment. | `quay.io/prometheus/prometheus` | -| `prometheus.prometheusSpec.image.tag` | Tag of Prometheus container image to be deployed. | `v2.5.0` | +| `prometheus.prometheusSpec.image.tag` | Tag of Prometheus container image to be deployed. | `v2.7.1` | | `prometheus.prometheusSpec.paused` | When a Prometheus deployment is paused, no actions except for deletion will be performed on the underlying objects. | `false` | | `prometheus.prometheusSpec.replicas` | Number of instances to deploy for a Prometheus deployment. | `1` | | `prometheus.prometheusSpec.retention` | Time duration Prometheus shall retain data for. Must match the regular expression `[0-9]+(ms\|s\|m\|h\|d\|w\|y)` (milliseconds seconds minutes hours days weeks years). | `120h` | @@ -164,7 +182,7 @@ The following tables lists the configurable parameters of the prometheus-operato | `prometheus.prometheusSpec.storageSpec` | Storage spec to specify how storage shall be used. | `{}` | | `prometheus.prometheusSpec.ruleSelectorNilUsesHelmValues` | If true, a nil or {} value for prometheus.prometheusSpec.ruleSelector will cause the prometheus resource to be created with selectors based on values in the helm deployment, which will also match the PrometheusRule resources created. | `true` | | `prometheus.prometheusSpec.ruleSelector` | A selector to select which PrometheusRules to mount for loading alerting rules from. Until (excluding) Prometheus Operator v0.24.0 Prometheus Operator will migrate any legacy rule ConfigMaps to PrometheusRule custom resources selected by RuleSelector. Make sure it does not match any config maps that you do not want to be migrated. If {}, select all PrometheusRules | `{}` | -| `prometheus.prometheusSpec.ruleNamespaceSelector` | Namespaces to be selected for PrometheusRules discovery. If nil, select own namespace. If {}, select all namespaces. | `{}` | +| `prometheus.prometheusSpec.ruleNamespaceSelector` | Namespaces to be selected for PrometheusRules discovery. If nil, select own namespace. See [namespaceSelector](https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#namespaceselector) for usage | `{}` | | `prometheus.prometheusSpec.alertingEndpoints` | Alertmanagers to which alerts will be sent https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#alertmanagerendpoints Default configuration will connect to the alertmanager deployed as part of this release | `[]` | | `prometheus.prometheusSpec.resources` | Define resources requests and limits for single Pods. | `{}` | | `prometheus.prometheusSpec.nodeSelector` | Define which Nodes the Pods are scheduled on. | `{}` | @@ -208,10 +226,9 @@ The following tables lists the configurable parameters of the prometheus-operato | `alertmanager.service.externalIPs` | List of IP addresses at which the Alertmanager server service is available | `[]` | | `alertmanager.service.loadBalancerIP` | Alertmanager Loadbalancer IP | `""` | | `alertmanager.service.loadBalancerSourceRanges` | Alertmanager Load Balancer Source Ranges | `[]` | -| `alertmanager.additionalPrometheusRules` | List of `prometheusRule` objects to create. See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#prometheusrulespec | `[]` | | `alertmanager.config` | Provide YAML to configure Alertmanager. See https://prometheus.io/docs/alerting/configuration/#configuration-file. The default provided works to suppress the DeadMansSwitch alert from `defaultRules.create` | `{"global":{"resolve_timeout":"5m"},"route":{"group_by":["job"],"group_wait":"30s","group_interval":"5m","repeat_interval":"12h","receiver":"null","routes":[{"match":{"alertname":"DeadMansSwitch"},"receiver":"null"}]},"receivers":[{"name":"null"}]}` | | `alertmanager.alertmanagerSpec.podMetadata` | Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata Metadata Labels and Annotations gets propagated to the prometheus pods. | `{}` | -| `alertmanager.alertmanagerSpec.image.tag` | Tag of Alertmanager container image to be deployed. | `v0.15.3` | +| `alertmanager.alertmanagerSpec.image.tag` | Tag of Alertmanager container image to be deployed. | `v0.16.1` | | `alertmanager.alertmanagerSpec.image.repository` | Base image that is used to deploy pods, without tag. | `quay.io/prometheus/alertmanager` | | `alertmanager.alertmanagerSpec.secrets` | Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. | `[]` | | `alertmanager.alertmanagerSpec.configMaps` | ConfigMaps is a list of ConfigMaps in the same namespace as the Alertmanager object, which shall be mounted into the Alertmanager Pods. The ConfigMaps are mounted into /etc/alertmanager/configmaps/ | `[]` | @@ -331,3 +348,80 @@ For more in-depth documentation of configuration options meanings, please see The `crd-install` hook is required to deploy the prometheus operator CRDs before they are used. If you are forced to use an earlier version of Helm you can work around this requirement as follows: 1. Install prometheus-operator by itself, disabling everything but the prometheus-operator component, and also setting `prometheusOperator.serviceMonitor.selfMonitor=false` 2. Install all the other components, and configure `prometheus.additionalServiceMonitors` to scrape the prometheus-operator service. + +# Migrating from coreos/prometheus-operator chart + +The multiple charts have been combined into a single chart that installs prometheus operator, prometheus, alertmanager, grafana as well as the multitude of exporters necessary to monitor a cluster. + +There is no simple and direct migration path between the charts as the changes are extensive and intended to make the chart easier to support. + +The capabilities of the old chart are all available in the new chart, including the ability to run multiple prometheus instances on a single cluster - you will need to disable the parts of the chart you do not wish to deploy. + +You can check out the tickets for this change [here](https://github.com/coreos/prometheus-operator/issues/592) and [here](https://github.com/helm/charts/pull/6765) + +## High-level overview of Changes +The chart has 3 dependencies, that can be seen in the chart's requirements file: +https://github.com/helm/charts/blob/master/stable/prometheus-operator/requirements.yaml + +### Node-Exporter, Kube-State-Metrics +These components are loaded as dependencies into the chart. The source for both charts is found in the same repository. They are relatively simple components. + +### Grafana +The Grafana chart is more feature-rich than this chart - it contains a sidecard that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentatin for the chart](https://github.com/helm/charts/tree/master/stable/grafana) + +### Coreos CRDs +The CRDs are provisioned using crd-install hooks, rather than relying on a separate chart installation. If you already have these CRDs provisioned and don't want to remove them, you can disable the CRD creation by these hooks by passing `prometheusOperator.createCustomResource=false` + +### Kubelet Service +Because the kubelet service has a new name in the chart, make sure to clean up the old kubelet service in the `kube-system` namespace to prevent counting container metrics twice + +### Persistent Volumes +If you would like to keep the data of the current persistent volumes, it should be possible to attach existing volumes to new PVCs and PVs that are created using the conventions in the new chart. For example, in order to use an existing Azure disk for a helm release called `prometheus-migration` the following resources can be created: +``` +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pvc-prometheus-migration-prometheus-0 +spec: + accessModes: + - ReadWriteOnce + azureDisk: + cachingMode: None + diskName: pvc-prometheus-migration-prometheus-0 + diskURI: /subscriptions/f5125d82-2622-4c50-8d25-3f7ba3e9ac4b/resourceGroups/sample-migration-resource-group/providers/Microsoft.Compute/disks/pvc-prometheus-migration-prometheus-0 + fsType: "" + kind: Managed + readOnly: false + capacity: + storage: 1Gi + persistentVolumeReclaimPolicy: Delete + storageClassName: prometheus + volumeMode: Filesystem +``` +``` +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: prometheus + prometheus: prometheus-migration-prometheus + name: prometheus-prometheus-migration-prometheus-db-prometheus-prometheus-migration-prometheus-0 + namespace: monitoring +spec: + accessModes: + - ReadWriteOnce + dataSource: null + resources: + requests: + storage: 1Gi + storageClassName: prometheus + volumeMode: Filesystem + volumeName: pvc-prometheus-migration-prometheus-0 +status: + accessModes: + - ReadWriteOnce + capacity: + storage: 1Gi +``` + +The PVC will take ownership of the PV and when you create a release using a persistent volume claim template it will use the existing PVCs as they match the naming convention used by the chart. For other cloud providers similar approaches can be used. diff --git a/stable/prometheus-operator/ci/test-values.yaml b/stable/prometheus-operator/ci/test-values.yaml index 1bbe7c692ee5..ae2ee1e9d53b 100644 --- a/stable/prometheus-operator/ci/test-values.yaml +++ b/stable/prometheus-operator/ci/test-values.yaml @@ -42,6 +42,16 @@ defaultRules: ## Annotations for default rules annotations: {} +## Provide custom recording or alerting rules to be deployed into the cluster. +## +additionalPrometheusRules: [] +# - name: my-rule-file +# groups: +# - name: my_group +# rules: +# - record: my_record +# expr: 100 * my_record + ## global: rbac: @@ -181,7 +191,7 @@ alertmanager: ## image: repository: quay.io/prometheus/alertmanager - tag: v0.15.3 + tag: v0.16.1 ## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the ## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. @@ -292,14 +302,6 @@ alertmanager: ## additionalPeers: [] - additionalPrometheusRules: [] - # - name: my_rule_file - # groups: - # - name: my_group - # rules: - # - record: my_record - # expr: 100 * my_record - ## Using default values from https://github.com/helm/charts/blob/master/stable/grafana/values.yaml ## grafana: @@ -368,6 +370,18 @@ kubeApiServer: serverName: kubernetes insecureSkipVerify: false + ## If your API endpoint address is not reachable (as in AKS) you can replace it with the kubernetes service + ## + relabelings: [] + # - sourceLabels: + # - __meta_kubernetes_namespace + # - __meta_kubernetes_service_name + # - __meta_kubernetes_endpoint_port_name + # action: keep + # regex: default;kubernetes;https + # - targetLabel: __address__ + # replacement: kubernetes.default.svc:443 + serviceMonitor: jobLabel: component selector: @@ -386,17 +400,17 @@ kubelet: ## https://github.com/coreos/prometheus-operator/issues/926 ## https: false - cAdvisorMetricRelabelings: - - sourceLabels: [__name__, image] - separator: ; - regex: container_([a-z_]+); - replacement: $1 - action: drop - - sourceLabels: [__name__] - separator: ; - regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) - replacement: $1 - action: drop + # cAdvisorMetricRelabelings: + # - sourceLabels: [__name__, image] + # separator: ; + # regex: container_([a-z_]+); + # replacement: $1 + # action: drop + # - sourceLabels: [__name__] + # separator: ; + # regex: container_(network_tcp_usage_total|network_udp_usage_total|tasks_state|cpu_load_average_10s) + # replacement: $1 + # action: drop ## Component scraping the kube controller manager @@ -587,6 +601,13 @@ prometheusOperator: ## Assign a PriorityClassName to pods if set # priorityClassName: "" + ## Define Log Format + # Use logfmt (default) or json-formatted logging + # logFormat: logfmt + + ## Decrease log verbosity to errors only + # logLevel: error + ## If true, the operator will create and maintain a service for scraping kubelets ## ref: https://github.com/coreos/prometheus-operator/blob/master/helm/prometheus-operator/README.md ## @@ -644,7 +665,7 @@ prometheusOperator: ## image: repository: quay.io/coreos/prometheus-operator - tag: v0.27.0 + tag: v0.29.0 pullPolicy: IfNotPresent ## Configmap-reload image to use for reloading configmaps @@ -657,7 +678,7 @@ prometheusOperator: ## prometheusConfigReloaderImage: repository: quay.io/coreos/prometheus-config-reloader - tag: v0.27.0 + tag: v0.29.0 ## Hyperkube image to use when cleaning up ## @@ -704,6 +725,8 @@ prometheus: ## type: ClusterIP + sessionAffinity: "" + rbac: ## Create role bindings in the specified namespaces, to allow Prometheus monitoring ## a role binding in the release namespace will always be created. @@ -765,7 +788,7 @@ prometheus: ## image: repository: quay.io/prometheus/prometheus - tag: v2.6.1 + tag: v2.7.1 ## Tolerations for use with node taints ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ @@ -813,7 +836,8 @@ prometheus: configMaps: [] ## Namespaces to be selected for PrometheusRules discovery. - ## If unspecified, only the same namespace as the Prometheus object is in is used. + ## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery. + ## See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage ## ruleNamespaceSelector: {} @@ -823,10 +847,8 @@ prometheus: ## ruleSelectorNilUsesHelmValues: true - ## Rules CRD selector - ## ref: https://github.com/coreos/prometheus-operator/blob/master/Documentation/design.md - ## If unspecified the release `app` and `release` will be used as the label selector - ## to load rules + ## PrometheusRules to be selected for target discovery. + ## If {}, select all ServiceMonitors ## ruleSelector: {} ## Example which select all prometheusrules resources @@ -850,17 +872,17 @@ prometheus: ## serviceMonitorSelectorNilUsesHelmValues: true - ## serviceMonitorSelector will limit which servicemonitors are used to create scrape - ## configs in Prometheus. See serviceMonitorSelectorUseHelmLabels + ## ServiceMonitors to be selected for target discovery. + ## If {}, select all ServiceMonitors ## serviceMonitorSelector: {} - - # serviceMonitorSelector: {} + ## Example which selects ServiceMonitors with label "prometheus" set to "somelabel" + # serviceMonitorSelector: # matchLabels: # prometheus: somelabel - ## serviceMonitorNamespaceSelector will limit namespaces from which serviceMonitors are used to create scrape - ## configs in Prometheus. By default all namespaces will be used + ## Namespaces to be selected for ServiceMonitor discovery. + ## See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage ## serviceMonitorNamespaceSelector: {} diff --git a/stable/prometheus-operator/requirements.lock b/stable/prometheus-operator/requirements.lock index e0ccd85c771a..fe579ef9eb0f 100644 --- a/stable/prometheus-operator/requirements.lock +++ b/stable/prometheus-operator/requirements.lock @@ -7,6 +7,6 @@ dependencies: version: 1.3.0 - name: grafana repository: https://kubernetes-charts.storage.googleapis.com/ - version: 1.25.4 -digest: sha256:0f2eeba33f19ea4efa64cd93a405286df055f9fb8b8ad33c609900263180eb7f -generated: 2019-02-18T12:55:58.27784832+01:00 + version: 2.0.2 +digest: sha256:99c0169cd6f694747c8fc2ce0e0da08513b6f760280b5f7eea9e0221c0780c17 +generated: 2019-02-20T11:56:24.9372718Z diff --git a/stable/prometheus-operator/requirements.yaml b/stable/prometheus-operator/requirements.yaml index fc80c6aee892..24f5e47a2de7 100644 --- a/stable/prometheus-operator/requirements.yaml +++ b/stable/prometheus-operator/requirements.yaml @@ -11,6 +11,6 @@ dependencies: condition: nodeExporter.enabled - name: grafana - version: 1.25.* + version: 2.0.* repository: https://kubernetes-charts.storage.googleapis.com/ condition: grafana.enabled diff --git a/stable/prometheus-operator/templates/alertmanager/prometheusrules.yaml b/stable/prometheus-operator/templates/alertmanager/prometheusrules.yaml deleted file mode 100644 index bd84a67a2d3a..000000000000 --- a/stable/prometheus-operator/templates/alertmanager/prometheusrules.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if and .Values.alertmanager.enabled .Values.alertmanager.additionalPrometheusRules }} -apiVersion: v1 -kind: List -items: -{{- range .Values.alertmanager.additionalPrometheusRules }} -- apiVersion: {{ printf "%s/v1" ($.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} -kind: PrometheusRule -metadata: - name: {{ template "prometheus-operator.name" $ }}-{{ .name }} - labels: - app: {{ template "prometheus-operator.name" $ }} -{{ include "prometheus-operator.labels" $ | indent 8 }} - {{- if .additionalLabels }} -{{ toYaml .additionalLabels | indent 8 }} - {{- end }} -spec: - groups: -{{ toYaml .groups| indent 8 }} -{{- end }} -{{- end }} diff --git a/stable/prometheus-operator/templates/prometheus/additionalPrometheusRules.yaml b/stable/prometheus-operator/templates/prometheus/additionalPrometheusRules.yaml new file mode 100644 index 000000000000..0d85c9bd00e1 --- /dev/null +++ b/stable/prometheus-operator/templates/prometheus/additionalPrometheusRules.yaml @@ -0,0 +1,20 @@ +{{- if .Values.additionalPrometheusRules }} +apiVersion: v1 +kind: List +items: +{{- range .Values.additionalPrometheusRules }} + - apiVersion: {{ printf "%s/v1" ($.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} + kind: PrometheusRule + metadata: + name: {{ template "prometheus-operator.name" $ }}-{{ .name }} + labels: + app: {{ template "prometheus-operator.name" $ }} +{{ include "prometheus-operator.labels" $ | indent 8 }} + {{- if .additionalLabels }} +{{ toYaml .additionalLabels | indent 8 }} + {{- end }} + spec: + groups: +{{ toYaml .groups| indent 8 }} +{{- end }} +{{- end }} diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index 8842b147c037..742b698a1626 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -42,6 +42,16 @@ defaultRules: ## Annotations for default rules annotations: {} +## Provide custom recording or alerting rules to be deployed into the cluster. +## +additionalPrometheusRules: [] +# - name: my-rule-file +# groups: +# - name: my_group +# rules: +# - record: my_record +# expr: 100 * my_record + ## global: rbac: @@ -181,7 +191,7 @@ alertmanager: ## image: repository: quay.io/prometheus/alertmanager - tag: v0.15.3 + tag: v0.16.1 ## Secrets is a list of Secrets in the same namespace as the Alertmanager object, which shall be mounted into the ## Alertmanager Pods. The Secrets are mounted into /etc/alertmanager/secrets/. @@ -292,14 +302,6 @@ alertmanager: ## additionalPeers: [] - additionalPrometheusRules: [] - # - name: my_rule_file - # groups: - # - name: my_group - # rules: - # - record: my_record - # expr: 100 * my_record - ## Using default values from https://github.com/helm/charts/blob/master/stable/grafana/values.yaml ## grafana: @@ -663,7 +665,7 @@ prometheusOperator: ## image: repository: quay.io/coreos/prometheus-operator - tag: v0.27.0 + tag: v0.29.0 pullPolicy: IfNotPresent ## Configmap-reload image to use for reloading configmaps @@ -676,7 +678,7 @@ prometheusOperator: ## prometheusConfigReloaderImage: repository: quay.io/coreos/prometheus-config-reloader - tag: v0.27.0 + tag: v0.29.0 ## Hyperkube image to use when cleaning up ## @@ -786,7 +788,7 @@ prometheus: ## image: repository: quay.io/prometheus/prometheus - tag: v2.6.1 + tag: v2.7.1 ## Tolerations for use with node taints ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ @@ -834,7 +836,8 @@ prometheus: configMaps: [] ## Namespaces to be selected for PrometheusRules discovery. - ## If nil, select own namespace. If {}, select all namespaces. + ## If nil, select own namespace. Namespaces to be selected for ServiceMonitor discovery. + ## See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage ## ruleNamespaceSelector: {} @@ -879,7 +882,7 @@ prometheus: # prometheus: somelabel ## Namespaces to be selected for ServiceMonitor discovery. - ## If nil, select own namespace. If {}, select all namespaces. + ## See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#namespaceselector for usage ## serviceMonitorNamespaceSelector: {} From b9d61bda41bc08a5ac85b2087d542d2224f48231 Mon Sep 17 00:00:00 2001 From: Don Bowman Date: Wed, 20 Feb 2019 11:18:47 -0500 Subject: [PATCH 0251/1586] [stable/elasticsearch] Add user/password option for basic auth on client ingress (#11311) * Add user/password option for basic auth on client ingress If `client.ingress.user` and `client.ingress.password` are set, and client ingress is enabled, HTTP basic authentication will be enabled on the client ingress. This allows for (modest) securing of external access to the system. Signed-off-by: Don Bowman * Set basic authentication only if both user & password are set Only create secret and annotation if both client.ingress.user and client.ingress.password are set. Add commented-out config in values.yaml for client.ingress.user and client.ingress.password. Signed-off-by: Don Bowman --- stable/elasticsearch/Chart.yaml | 2 +- stable/elasticsearch/README.md | 2 ++ stable/elasticsearch/templates/client-auth.yaml | 11 +++++++++++ stable/elasticsearch/templates/client-ingress.yaml | 5 +++++ stable/elasticsearch/values.yaml | 2 ++ 5 files changed, 21 insertions(+), 1 deletion(-) create mode 100644 stable/elasticsearch/templates/client-auth.yaml diff --git a/stable/elasticsearch/Chart.yaml b/stable/elasticsearch/Chart.yaml index 4a9595133d01..0267f55cf8e5 100755 --- a/stable/elasticsearch/Chart.yaml +++ b/stable/elasticsearch/Chart.yaml @@ -1,6 +1,6 @@ name: elasticsearch home: https://www.elastic.co/products/elasticsearch -version: 1.19.1 +version: 1.20.0 appVersion: 6.6.0 description: Flexible and powerful open source, distributed real-time search and analytics engine. diff --git a/stable/elasticsearch/README.md b/stable/elasticsearch/README.md index 40d093dfafc6..4fe373007f45 100644 --- a/stable/elasticsearch/README.md +++ b/stable/elasticsearch/README.md @@ -92,6 +92,8 @@ The following table lists the configurable parameters of the elasticsearch chart | `client.initResources` | Client initContainer resources requests & limits | `{}` | | `client.additionalJavaOpts` | Parameters to be added to `ES_JAVA_OPTS` environment variable for client | `""` | | `client.ingress.enabled` | Enable Client Ingress | `false` | +| `client.ingress.user` | If this & password are set, enable basic-auth on ingress | `nil` | +| `client.ingress.password` | If this & user are set, enable basic-auth on ingress | `nil` | | `client.ingress.annotations` | Client Ingress annotations | `{}` | | `client.ingress.hosts` | Client Ingress Hostnames | `[]` | | `client.ingress.tls` | Client Ingress TLS configuration | `[]` | diff --git a/stable/elasticsearch/templates/client-auth.yaml b/stable/elasticsearch/templates/client-auth.yaml new file mode 100644 index 000000000000..08e90c71fbe5 --- /dev/null +++ b/stable/elasticsearch/templates/client-auth.yaml @@ -0,0 +1,11 @@ +{{- if and ( .Values.client.ingress.user ) ( .Values.client.ingress.password ) }} +--- +apiVersion: v1 +kind: Secret +metadata: + name: '{{ include "elasticsearch.client.fullname" . }}-auth' +type: Opaque +data: + auth: {{ printf "%s:{PLAIN}%s\n" .Values.client.ingress.user .Values.client.ingress.password | b64enc | quote }} +{{- end }} + diff --git a/stable/elasticsearch/templates/client-ingress.yaml b/stable/elasticsearch/templates/client-ingress.yaml index 0564589fd6e0..9070cddf81b2 100644 --- a/stable/elasticsearch/templates/client-ingress.yaml +++ b/stable/elasticsearch/templates/client-ingress.yaml @@ -15,6 +15,11 @@ metadata: annotations: {{ toYaml . | indent 4 }} {{- end }} +{{- if and ( .Values.client.ingress.user ) ( .Values.client.ingress.password ) }} + nginx.ingress.kubernetes.io/auth-type: basic + nginx.ingress.kubernetes.io/auth-secret: '{{ include "elasticsearch.client.fullname" . }}-auth' + nginx.ingress.kubernetes.io/auth-realm: "Authentication-Required" +{{- end }} spec: {{- if .Values.client.ingress.tls }} tls: diff --git a/stable/elasticsearch/values.yaml b/stable/elasticsearch/values.yaml index 8c8f12ed337e..df3b4c34a1d1 100644 --- a/stable/elasticsearch/values.yaml +++ b/stable/elasticsearch/values.yaml @@ -102,6 +102,8 @@ client: # maxUnavailable: 1 ingress: enabled: false + # user: NAME + # password: PASSWORD annotations: {} # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" From 76071209a8014e0abaa54482bd11fdfa708a6056 Mon Sep 17 00:00:00 2001 From: mateuszrapacz <47779884+mateuszrapacz@users.noreply.github.com> Date: Wed, 20 Feb 2019 17:44:44 +0100 Subject: [PATCH 0252/1586] [incubator/kafka] Add separate configuration of tolerations, affinity and nodeSelector for kafka-exporter (#11571) Signed-off-by: Mateusz Rapacz --- incubator/kafka/Chart.yaml | 2 +- incubator/kafka/README.md | 2 ++ .../templates/deployment-kafka-exporter.yaml | 12 +++---- incubator/kafka/values.yaml | 33 +++++++++++++++++++ 4 files changed, 42 insertions(+), 7 deletions(-) diff --git a/incubator/kafka/Chart.yaml b/incubator/kafka/Chart.yaml index 1bd4036d3aa5..f04e5124ac61 100755 --- a/incubator/kafka/Chart.yaml +++ b/incubator/kafka/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: Apache Kafka is publish-subscribe messaging rethought as a distributed commit log. name: kafka -version: 0.13.8 +version: 0.13.9 appVersion: 5.0.1 keywords: - kafka diff --git a/incubator/kafka/README.md b/incubator/kafka/README.md index a982cccef19f..8fda916d5c10 100644 --- a/incubator/kafka/README.md +++ b/incubator/kafka/README.md @@ -118,6 +118,8 @@ following configurable parameters: | `prometheus.kafka.scrapeTimeout` | Timeout that Prometheus scrapes Kafka metrics when using Prometheus Operator | `10s` | | `prometheus.kafka.port` | Kafka Exporter Port which exposes metrics in Prometheus format for scraping | `9308` | | `prometheus.kafka.resources` | Allows setting resource limits for kafka-exporter pod | `{}` | +| `prometheus.kafka.affinity` | Defines affinities and anti-affinities for pods as defined in: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity preferences | `{}` | +| `prometheus.kafka.tolerations` | List of node tolerations for the pods. https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ | `[]` | | `prometheus.operator.enabled` | True if using the Prometheus Operator, False if not | `false` | | `prometheus.operator.serviceMonitor.namespace` | Namespace which Prometheus is running in. Default to kube-prometheus install. | `monitoring` | | `prometheus.operator.serviceMonitor.selector` | Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install | `{ prometheus: kube-prometheus }` | diff --git a/incubator/kafka/templates/deployment-kafka-exporter.yaml b/incubator/kafka/templates/deployment-kafka-exporter.yaml index e73947749445..709ea0c743e6 100644 --- a/incubator/kafka/templates/deployment-kafka-exporter.yaml +++ b/incubator/kafka/templates/deployment-kafka-exporter.yaml @@ -35,16 +35,16 @@ spec: - containerPort: {{ .Values.prometheus.kafka.port }} resources: {{ toYaml .Values.prometheus.kafka.resources | indent 10 }} -{{- if .Values.tolerations }} +{{- if .Values.prometheus.kafka.tolerations }} tolerations: -{{ toYaml .Values.tolerations | indent 8 }} +{{ toYaml .Values.prometheus.kafka.tolerations | indent 8 }} {{- end }} -{{- if .Values.affinity }} +{{- if .Values.prometheus.kafka.affinity }} affinity: -{{ toYaml .Values.affinity | indent 8 }} +{{ toYaml .Values.prometheus.kafka.affinity | indent 8 }} {{- end }} -{{- if .Values.nodeSelector }} +{{- if .Values.prometheus.kafka.nodeSelector }} nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} +{{ toYaml .Values.prometheus.kafka.nodeSelector | indent 8 }} {{- end }} {{- end }} diff --git a/incubator/kafka/values.yaml b/incubator/kafka/values.yaml index 24c0bc098a0f..b3300efd714e 100644 --- a/incubator/kafka/values.yaml +++ b/incubator/kafka/values.yaml @@ -306,6 +306,39 @@ prometheus: # cpu: 100m # memory: 100Mi + # Tolerations for nodes that have taints on them. + # Useful if you want to dedicate nodes to just run kafka-exporter + # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + tolerations: [] + # tolerations: + # - key: "key" + # operator: "Equal" + # value: "value" + # effect: "NoSchedule" + + ## Pod scheduling preferences (by default keep pods within a release on separate nodes). + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + ## By default we don't set affinity + affinity: {} + ## Alternatively, this typical example defines: + ## affinity (to encourage Kafka Exporter pods to be collocated with Kafka pods) + # affinity: + # podAffinity: + # preferredDuringSchedulingIgnoredDuringExecution: + # - weight: 50 + # podAffinityTerm: + # labelSelector: + # matchExpressions: + # - key: app + # operator: In + # values: + # - kafka + # topologyKey: "kubernetes.io/hostname" + + ## Node labels for pod assignment + ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector + nodeSelector: {} + operator: ## Are you using Prometheus Operator? enabled: false From e62284c1e5db576530f6ea74dc1705449acc0176 Mon Sep 17 00:00:00 2001 From: Pavel Dmytrenko Date: Thu, 21 Feb 2019 15:07:58 +0200 Subject: [PATCH 0253/1586] [stable/elasticsearch] implement init container for installing plugins (#11388) * [stable/elasticsearch] Implement init container for installing plugins Signed-off-by: Pavel Dmytrenko * [stable/elasticsearch] Add testcase for plugin-installer Signed-off-by: Pavel Dmytrenko * [stable/elasticsearch] Update README Signed-off-by: Pavel Dmytrenko * [stable/elasticsearch] Bump version Signed-off-by: Pavel Dmytrenko * [stable/elasticsearch] Bump version Signed-off-by: Pavel Dmytrenko --- stable/elasticsearch/Chart.yaml | 2 +- stable/elasticsearch/README.md | 1 + .../ci/plugin-initcontainer-values.yaml | 7 +++++ stable/elasticsearch/templates/_helpers.tpl | 27 +++++++++++++++++++ .../templates/client-deployment.yaml | 13 ++++++++- .../templates/data-statefulset.yaml | 11 ++++++++ .../templates/master-statefulset.yaml | 11 ++++++++ stable/elasticsearch/values.yaml | 4 +++ 8 files changed, 74 insertions(+), 2 deletions(-) create mode 100644 stable/elasticsearch/ci/plugin-initcontainer-values.yaml diff --git a/stable/elasticsearch/Chart.yaml b/stable/elasticsearch/Chart.yaml index 0267f55cf8e5..8c77f0356b42 100755 --- a/stable/elasticsearch/Chart.yaml +++ b/stable/elasticsearch/Chart.yaml @@ -1,6 +1,6 @@ name: elasticsearch home: https://www.elastic.co/products/elasticsearch -version: 1.20.0 +version: 1.21.0 appVersion: 6.6.0 description: Flexible and powerful open source, distributed real-time search and analytics engine. diff --git a/stable/elasticsearch/README.md b/stable/elasticsearch/README.md index 4fe373007f45..23eb3149ab79 100644 --- a/stable/elasticsearch/README.md +++ b/stable/elasticsearch/README.md @@ -75,6 +75,7 @@ The following table lists the configurable parameters of the elasticsearch chart | `cluster.env` | Cluster environment variables | `{MINIMUM_MASTER_NODES: "2"}` | | `cluster.bootstrapShellCommand` | Post-init command to run in separate Job | `""` | | `cluster.additionalJavaOpts` | Cluster parameters to be added to `ES_JAVA_OPTS` environment variable | `""` | +| `cluster.plugins` | List of Elasticsearch plugins to install | `[]` | | `client.name` | Client component name | `client` | | `client.replicas` | Client node replicas (deployment) | `2` | | `client.resources` | Client node resources requests & limits | `{} - cpu limit must be an integer` | diff --git a/stable/elasticsearch/ci/plugin-initcontainer-values.yaml b/stable/elasticsearch/ci/plugin-initcontainer-values.yaml new file mode 100644 index 000000000000..96aa1ac989f0 --- /dev/null +++ b/stable/elasticsearch/ci/plugin-initcontainer-values.yaml @@ -0,0 +1,7 @@ +--- +# Enable init container for installing plugins + +cluster: + plugins: + - ingest-attachment + - mapper-size diff --git a/stable/elasticsearch/templates/_helpers.tpl b/stable/elasticsearch/templates/_helpers.tpl index dbafe006213d..c13762271812 100644 --- a/stable/elasticsearch/templates/_helpers.tpl +++ b/stable/elasticsearch/templates/_helpers.tpl @@ -79,3 +79,30 @@ Create the name of the service account to use for the master component {{ default "default" .Values.serviceAccounts.master.name }} {{- end -}} {{- end -}} + +{{/* +plugin installer template +*/}} +{{- define "plugin-installer" -}} +- name: es-plugin-install + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + securityContext: + capabilities: + add: + - IPC_LOCK + - SYS_RESOURCE + command: + - "sh" + - "-c" + - | + {{- range .Values.cluster.plugins }} + /usr/share/elasticsearch/bin/elasticsearch-plugin install -b {{ . }} + {{- end }} + volumeMounts: + - mountPath: /usr/share/elasticsearch/plugins/ + name: plugindir + - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml + name: config + subPath: elasticsearch.yml +{{- end -}} diff --git a/stable/elasticsearch/templates/client-deployment.yaml b/stable/elasticsearch/templates/client-deployment.yaml index 1ba652f82d93..047e3c8f3e9a 100644 --- a/stable/elasticsearch/templates/client-deployment.yaml +++ b/stable/elasticsearch/templates/client-deployment.yaml @@ -63,7 +63,7 @@ spec: tolerations: {{ toYaml .Values.client.tolerations | indent 8 }} {{- end }} -{{- if or .Values.extraInitContainers .Values.sysctlInitContainer.enabled }} +{{- if or .Values.extraInitContainers .Values.sysctlInitContainer.enabled .Values.cluster.plugins }} initContainers: {{- if .Values.sysctlInitContainer.enabled }} # see https://www.elastic.co/guide/en/elasticsearch/reference/current/vm-max-map-count.html @@ -80,6 +80,9 @@ spec: {{- if .Values.extraInitContainers }} {{ tpl .Values.extraInitContainers . | indent 6 }} {{- end }} +{{- if .Values.cluster.plugins }} +{{ include "plugin-installer" . | indent 6 }} +{{- end }} {{- end }} containers: - name: elasticsearch @@ -127,6 +130,10 @@ spec: - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml name: config subPath: elasticsearch.yml +{{- if .Values.cluster.plugins }} + - mountPath: /usr/share/elasticsearch/plugins/ + name: plugindir +{{- end }} {{- if hasPrefix "2." .Values.appVersion }} - mountPath: /usr/share/elasticsearch/config/logging.yml name: config @@ -153,6 +160,10 @@ spec: - name: config configMap: name: {{ template "elasticsearch.fullname" . }} +{{- if .Values.cluster.plugins }} + - name: plugindir + emptyDir: {} +{{- end }} {{- if .Values.cluster.keystoreSecret }} - name: keystore secret: diff --git a/stable/elasticsearch/templates/data-statefulset.yaml b/stable/elasticsearch/templates/data-statefulset.yaml index c8ad366f5426..2829c9580eab 100644 --- a/stable/elasticsearch/templates/data-statefulset.yaml +++ b/stable/elasticsearch/templates/data-statefulset.yaml @@ -104,6 +104,9 @@ spec: name: data {{- if .Values.extraInitContainers }} {{ tpl .Values.extraInitContainers . | indent 6 }} +{{- end }} +{{- if .Values.cluster.plugins }} +{{ include "plugin-installer" . | indent 6 }} {{- end }} containers: - name: elasticsearch @@ -141,6 +144,10 @@ spec: - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml name: config subPath: elasticsearch.yml +{{- if .Values.cluster.plugins }} + - mountPath: /usr/share/elasticsearch/plugins/ + name: plugindir +{{- end }} {{- if hasPrefix "2." .Values.appVersion }} - mountPath: /usr/share/elasticsearch/config/logging.yml name: config @@ -183,6 +190,10 @@ spec: - name: config configMap: name: {{ template "elasticsearch.fullname" . }} +{{- if .Values.cluster.plugins }} + - name: plugindir + emptyDir: {} +{{- end }} {{- if .Values.cluster.keystoreSecret }} - name: keystore secret: diff --git a/stable/elasticsearch/templates/master-statefulset.yaml b/stable/elasticsearch/templates/master-statefulset.yaml index 1d43adad8958..348c6c603e52 100644 --- a/stable/elasticsearch/templates/master-statefulset.yaml +++ b/stable/elasticsearch/templates/master-statefulset.yaml @@ -104,6 +104,9 @@ spec: name: data {{- if .Values.extraInitContainers }} {{ tpl .Values.extraInitContainers . | indent 6 }} +{{- end }} +{{- if .Values.cluster.plugins }} +{{ include "plugin-installer" . | indent 6 }} {{- end }} containers: - name: elasticsearch @@ -145,6 +148,10 @@ spec: - mountPath: /usr/share/elasticsearch/config/elasticsearch.yml name: config subPath: elasticsearch.yml +{{- if .Values.cluster.plugins }} + - mountPath: /usr/share/elasticsearch/plugins/ + name: plugindir +{{- end }} {{- if hasPrefix "2." .Values.appVersion }} - mountPath: /usr/share/elasticsearch/config/logging.yml name: config @@ -171,6 +178,10 @@ spec: - name: config configMap: name: {{ template "elasticsearch.fullname" . }} +{{- if .Values.cluster.plugins }} + - name: plugindir + emptyDir: {} +{{- end }} {{- if .Values.cluster.keystoreSecret }} - name: keystore secret: diff --git a/stable/elasticsearch/values.yaml b/stable/elasticsearch/values.yaml index df3b4c34a1d1..e7289057fa81 100644 --- a/stable/elasticsearch/values.yaml +++ b/stable/elasticsearch/values.yaml @@ -62,6 +62,10 @@ cluster: # To prevent data loss, it is vital to configure the discovery.zen.minimum_master_nodes setting so that each master-eligible # node knows the minimum number of master-eligible nodes that must be visible in order to form a cluster. MINIMUM_MASTER_NODES: "2" + # List of plugins to install via dedicated init container + plugins: [] + # - ingest-attachment + # - mapper-size client: name: client From 616074266dc9766327a666f41be32f8d3fc46766 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 22 Feb 2019 09:44:07 +0100 Subject: [PATCH 0254/1586] stable/drupal: update to 8.6.10 (#11590) Signed-off-by: Bitnami Containers --- stable/drupal/Chart.yaml | 4 ++-- stable/drupal/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/drupal/Chart.yaml b/stable/drupal/Chart.yaml index 179dd52898a6..79cd1eb5914d 100644 --- a/stable/drupal/Chart.yaml +++ b/stable/drupal/Chart.yaml @@ -1,6 +1,6 @@ name: drupal -version: 3.0.6 -appVersion: 8.6.9 +version: 3.0.7 +appVersion: 8.6.10 description: One of the most versatile open source content management systems. keywords: - drupal diff --git a/stable/drupal/values.yaml b/stable/drupal/values.yaml index 1e953f6b2254..4ca85f14649d 100644 --- a/stable/drupal/values.yaml +++ b/stable/drupal/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/drupal - tag: 8.6.9 + tag: 8.6.10 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 8ba65e65a72c0e35bfdc719d723c0b0ed9b7bc52 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 22 Feb 2019 09:54:46 +0100 Subject: [PATCH 0255/1586] stable/redmine: update to 4.0.2 (#11627) Signed-off-by: Bitnami Containers --- stable/redmine/Chart.yaml | 4 ++-- stable/redmine/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/redmine/Chart.yaml b/stable/redmine/Chart.yaml index 76c7c528f939..abaa52a335f7 100644 --- a/stable/redmine/Chart.yaml +++ b/stable/redmine/Chart.yaml @@ -1,6 +1,6 @@ name: redmine -version: 8.0.3 -appVersion: 4.0.1 +version: 8.0.4 +appVersion: 4.0.2 description: A flexible project management web application. keywords: - redmine diff --git a/stable/redmine/values.yaml b/stable/redmine/values.yaml index 4b3e8a22ea09..f2728eb16d89 100644 --- a/stable/redmine/values.yaml +++ b/stable/redmine/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/redmine - tag: 4.0.1 + tag: 4.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From f9d9522f3b9c3552360c5493282af4472fdf38be Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 22 Feb 2019 10:07:22 +0100 Subject: [PATCH 0256/1586] stable/prestashop: update to 1.7.5-1 (#11566) Signed-off-by: Bitnami Containers --- stable/prestashop/Chart.yaml | 4 ++-- stable/prestashop/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/prestashop/Chart.yaml b/stable/prestashop/Chart.yaml index 213d1d41f22b..752557b34552 100644 --- a/stable/prestashop/Chart.yaml +++ b/stable/prestashop/Chart.yaml @@ -1,6 +1,6 @@ name: prestashop -version: 6.1.2 -appVersion: 1.7.5-0 +version: 6.1.3 +appVersion: 1.7.5-1 description: A popular open source ecommerce solution. Professional tools are easily accessible to increase online sales including instant guest checkout, abandoned cart reminders and automated Email marketing. keywords: - prestashop diff --git a/stable/prestashop/values.yaml b/stable/prestashop/values.yaml index e4d04a8e17fc..498f5215f028 100644 --- a/stable/prestashop/values.yaml +++ b/stable/prestashop/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/prestashop - tag: 1.7.5-0 + tag: 1.7.5-1 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 81eb6dcc53f38d69f8d21640781670fda1b90368 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 22 Feb 2019 10:25:09 +0100 Subject: [PATCH 0257/1586] stable/odoo: update to 11.0.20190215 (#11583) Signed-off-by: Bitnami Containers --- stable/odoo/Chart.yaml | 4 ++-- stable/odoo/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/odoo/Chart.yaml b/stable/odoo/Chart.yaml index bff7b702b4d3..ff77f9592923 100644 --- a/stable/odoo/Chart.yaml +++ b/stable/odoo/Chart.yaml @@ -1,6 +1,6 @@ name: odoo -version: 5.0.4 -appVersion: 11.0.20190115 +version: 5.0.5 +appVersion: 11.0.20190215 description: A suite of web based open source business apps. home: https://www.odoo.com/ icon: https://bitnami.com/assets/stacks/odoo/img/odoo-stack-110x117.png diff --git a/stable/odoo/values.yaml b/stable/odoo/values.yaml index f1b3fb39d4c9..ea16beff215e 100644 --- a/stable/odoo/values.yaml +++ b/stable/odoo/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/odoo - tag: 11.0.20190115 + tag: 11.0.20190215 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 04f00371f73ce66a044387b72cdd500c15d69640 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 22 Feb 2019 10:25:19 +0100 Subject: [PATCH 0258/1586] stable/suitecrm: update to 7.11.2 (#11586) Signed-off-by: Bitnami Containers --- stable/suitecrm/Chart.yaml | 4 ++-- stable/suitecrm/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/suitecrm/Chart.yaml b/stable/suitecrm/Chart.yaml index 470e8f1819aa..f4c339ce458c 100644 --- a/stable/suitecrm/Chart.yaml +++ b/stable/suitecrm/Chart.yaml @@ -1,6 +1,6 @@ name: suitecrm -version: 5.0.5 -appVersion: 7.11.1 +version: 5.0.6 +appVersion: 7.11.2 description: SuiteCRM is a completely open source enterprise-grade Customer Relationship Management (CRM) application. SuiteCRM is a software fork of the popular customer relationship management (CRM) system SugarCRM. keywords: - suitecrm diff --git a/stable/suitecrm/values.yaml b/stable/suitecrm/values.yaml index 8c00c629a9fe..14f633e2e6a3 100644 --- a/stable/suitecrm/values.yaml +++ b/stable/suitecrm/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/suitecrm - tag: 7.11.1 + tag: 7.11.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 57d3030941ad2ec2d6f97c86afdf36666658a884 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 22 Feb 2019 10:53:16 +0100 Subject: [PATCH 0259/1586] stable/redis: update to 4.0.13 (#11584) Signed-off-by: Bitnami Containers --- stable/redis/Chart.yaml | 4 ++-- stable/redis/values-production.yaml | 2 +- stable/redis/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index b6d925c294bc..016f242181f5 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,6 +1,6 @@ name: redis -version: 6.1.1 -appVersion: 4.0.12 +version: 6.1.2 +appVersion: 4.0.13 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: - redis diff --git a/stable/redis/values-production.yaml b/stable/redis/values-production.yaml index f9a532d1f098..75258f846726 100644 --- a/stable/redis/values-production.yaml +++ b/stable/redis/values-production.yaml @@ -13,7 +13,7 @@ image: ## Bitnami Redis image tag ## ref: https://github.com/bitnami/bitnami-docker-redis#supported-tags-and-respective-dockerfile-links ## - tag: 4.0.12 + tag: 4.0.13 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images diff --git a/stable/redis/values.yaml b/stable/redis/values.yaml index 9261e300d089..33175865e388 100644 --- a/stable/redis/values.yaml +++ b/stable/redis/values.yaml @@ -13,7 +13,7 @@ image: ## Bitnami Redis image tag ## ref: https://github.com/bitnami/bitnami-docker-redis#supported-tags-and-respective-dockerfile-links ## - tag: 4.0.12 + tag: 4.0.13 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 5d5694c813de31e82efda406b387d7fbce655846 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 22 Feb 2019 11:01:58 +0100 Subject: [PATCH 0260/1586] stable/ghost: update to 2.15.0 (#11612) Signed-off-by: Bitnami Containers --- stable/ghost/Chart.yaml | 4 ++-- stable/ghost/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index 30c2e9c5b057..9b54debbf908 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,6 +1,6 @@ name: ghost -version: 6.3.11 -appVersion: 2.14.3 +version: 6.3.12 +appVersion: 2.15.0 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: - ghost diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index 724fad114fd3..65421e8a1575 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/ghost - tag: 2.14.3 + tag: 2.15.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From c3c95395f6e822b63369e2c749b100d7f8bddcda Mon Sep 17 00:00:00 2001 From: Greg Hill Date: Fri, 22 Feb 2019 10:10:40 +0000 Subject: [PATCH 0261/1586] upgrade hoard to latest & add better conf (#11604) Signed-off-by: Gregory Hill --- stable/hoard/Chart.yaml | 6 ++- stable/hoard/README.md | 56 +++++++++++++++++--------- stable/hoard/templates/configmap.yaml | 23 +++++++---- stable/hoard/templates/deployment.yaml | 41 ++++++++++++------- stable/hoard/templates/pvc.yaml | 2 +- stable/hoard/values.yaml | 38 ++++++++++------- 6 files changed, 107 insertions(+), 59 deletions(-) diff --git a/stable/hoard/Chart.yaml b/stable/hoard/Chart.yaml index 4da72545a4ab..86ae54f405d9 100644 --- a/stable/hoard/Chart.yaml +++ b/stable/hoard/Chart.yaml @@ -1,6 +1,6 @@ name: hoard -version: 0.6.1 -appVersion: 1.1.5 +version: 0.6.2 +appVersion: 2.0.0 description: Hoard is a stateless, deterministically encrypted, content-addressed object store home: https://github.com/monax/hoard icon: https://pbs.twimg.com/profile_images/781959787856687105/76s1CJER_400x400.jpg @@ -8,6 +8,8 @@ keywords: - s3 - aws - gcp +- azure +- ipfs - envelope encryption - content addressable - distributed file storage diff --git a/stable/hoard/README.md b/stable/hoard/README.md index c5d9cb4a411b..6de4a2eea215 100644 --- a/stable/hoard/README.md +++ b/stable/hoard/README.md @@ -1,6 +1,6 @@ # Hoard -[Hoard](https://github.com/monax/hoard) is a stateless, deterministically encrypted, content-addressed object store. It currently supports local persistent storage, [S3](https://aws.amazon.com/s3/) and [GCS](https://cloud.google.com/storage/) backends, though [IPFS](https://ipfs.io) integration is currently under development. Files that are sent to Hoard are symmetrically encrypted, where the secret is the hash of the plaintext file, and then stored in the configured backend - this enables any party with knowledge of the hash or original file to retrieve it from the store. +[Hoard](https://github.com/monax/hoard) is a stateless, deterministically encrypted, content-addressed object store. It currently supports local persistent storage, [S3](https://aws.amazon.com/s3/), [GCS](https://cloud.google.com/storage/), [Azure](https://azure.microsoft.com/en-gb/services/storage/) and [IPFS](https://ipfs.io) backends. Files that are sent to Hoard are symmetrically encrypted, where the secret is the hash of the plaintext file, and then stored in the configured backend - this enables any party with knowledge of the hash or original file to retrieve it from the store. ## Introduction @@ -11,26 +11,17 @@ This chart bootstraps a hoard daemon on a [Kubernetes](http://kubernetes.io) clu To install the chart with the release name `my-release`, run: ```bash -$ helm install --name my-release stable/hoard +helm install --name my-release stable/hoard ``` -The [configuration](#configuration) section below lists all possible parameters that can be configured during installation. - - -### S3 Example - -To deploy with an S3 backend, use the following command. Please first create appropriate [AWS Credentials](https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) and apply them to the Kubernetes secret `s3-credentials`. - -```bash -$ helm install --name my-release stable/hoard --set storage.type=s3,storage.prefix="folder",storage.region="eu-central-1",storage.bucket="my-bucket",storage.credentialsSecret="s3-credentials" -``` +This installation defaults to persistent volume storage. The [configuration](#configuration) section below lists all possible parameters that can be configured. ## Uninstall To uninstall/delete the `my-release` deployment: ```bash -$ helm delete my-release +helm delete my-release ``` ## Configuration @@ -41,13 +32,14 @@ The following table lists the configurable parameters of the Hoard chart and its | --------- | ----------- | ------- | | `replicaCount` | number of daemons | `1` | | `image.repository` | docker image | `"quay.io/monax/hoard"` | -| `image.tag` | version | `"1.1.5"` | +| `image.tag` | version | `"2.0.0"` | | `image.pullPolicy` | pull policy | `"IfNotPresent"` | -| `storage.type` | backend object store (local, s3 or gcp)| `"local"` | -| `storage.region` | object store location (non-local) | `""` | -| `storage.bucket` | object storage container (non-local) | `""` | -| `storage.prefix` | bucket folder (non-local) | `"hoard"` | -| `storage.credentialsSecret` | required secret for gcs or s3 | `""` | +| `storage.type` | backend object store (aws, azure, filesystem, gcp, ipfs)| `"filesystem"` | +| `storage.remote` | remote api location (ipfs only) | `""` | +| `storage.region` | object store location (cloud only) | `""` | +| `storage.bucket` | object storage container (cloud only) | `""` | +| `storage.prefix` | bucket folder (cloud only) | `""` | +| `storage.credentialsSecret` | required secret for cloud providers | `""` | | `persistence.size` | size of local store | `"10Gi"` | | `persistence.storageClass` | pvc type | `"standard"` | | `persistence.accessMode` | pvc access | `"ReadWriteOnce"` | @@ -73,3 +65,29 @@ Alternatively, a YAML file that specifies the values for the parameters can be p ```bash $ helm install --name my-release -f values.yaml stable/hoard ``` + +## Cloud Examples + +For each of the supported cloud back-ends, please ensure you have the appropriate credentials as identified by the corresponding environment variables. + +### [AWS](https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) + +```bash +kubectl create secret generic cloud-credentials --from-literal access-key-id=${AWS_ACCESS_KEY_ID} --from-literal secret-access-key=${AWS_SECRET_ACCESS_KEY} +helm install --name my-release stable/hoard --set storage.type=aws,storage.region="eu-central-1",storage.bucket="my-bucket",storage.prefix="folder",storage.credentialsSecret="cloud-credentials" +``` + +### [Azure](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-manage) + +```bash +kubectl create secret generic cloud-credentials --from-literal storage-account-name=${AZURE_STORAGE_ACCOUNT_NAME} --from-literal storage-account-key=${AZURE_STORAGE_ACCOUNT_KEY} +helm install --name my-release stable/hoard --set storage.type=azure,storage.bucket="my-bucket",storage.prefix="folder",storage.credentialsSecret="cloud-credentials" +``` + +### [GCP](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) + +```bash +kubectl create secret generic cloud-credentials --from-literal service-key=${GCLOUD_SERVICE_KEY} +helm install --name my-release stable/hoard --set storage.type=gcp,storage.bucket="my-bucket",storage.prefix="folder",storage.credentialsSecret="cloud-credentials" +``` + diff --git a/stable/hoard/templates/configmap.yaml b/stable/hoard/templates/configmap.yaml index 7f64d9904cd8..75616546f103 100644 --- a/stable/hoard/templates/configmap.yaml +++ b/stable/hoard/templates/configmap.yaml @@ -8,11 +8,18 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} helm.sh/chart: {{ include "hoard.chart" . }} data: - config.json: | -{{- if eq .Values.storage.type "s3" }} - {"ListenAddress":"tcp://0.0.0.0:{{ .Values.service.port }}","Storage":{"StorageType":"s3","AddressEncoding":"base64","Region":"{{ .Values.storage.region }}","S3Bucket":"{{ .Values.storage.bucket }}","S3Prefix":"{{ .Values.storage.prefix }}","CredentialsProviderChain":[{"Provider":"remote"},{"Provider":"env"}]},"Logging":{"LoggingType":"json","Channels":["info","trace"]}} -{{- else if eq .Values.storage.type "gcs" }} - {"ListenAddress":"tcp://0.0.0.0:{{ .Values.service.port }}","Storage":{"StorageType":"gcs","AddressEncoding":"base64","GCSBucket":"{{ .Values.storage.bucket }}","GCSPrefix":"{{ .Values.storage.prefix }}"},"Logging":{"LoggingType":"json","Channels":["info","trace"]}} -{{- else }} - {"ListenAddress":"tcp://0.0.0.0:{{ .Values.service.port }}","Storage":{"StorageType":"filesystem","AddressEncoding":"base64","RootDirectory":"/data"},"Logging":{"LoggingType":"json","Channels":["info","trace"]}} -{{- end }} + hoard.toml: | + ListenAddress = "tcp://0.0.0.0:{{ .Values.service.port }}" + + [Storage] + StorageType = "{{ .Values.storage.type }}" + AddressEncoding = "{{ .Values.storage.encoding }}" + RootDirectory = "/data" + RemoteAPI = "{{ .Values.storage.remote }}" + Bucket = "{{ .Values.storage.bucket }}" + Prefix = "{{ .Values.storage.prefix }}" + Region = "{{ .Values.storage.region }}" + + [Logging] + LoggingType = "{{ .Values.logging.type }}" + Channels = [{{- range .Values.logging.channels }}{{ . | quote }},{{- end }}] \ No newline at end of file diff --git a/stable/hoard/templates/deployment.yaml b/stable/hoard/templates/deployment.yaml index 8c7f5f8c3e43..87ae79e4cc96 100644 --- a/stable/hoard/templates/deployment.yaml +++ b/stable/hoard/templates/deployment.yaml @@ -23,11 +23,19 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + command: ["hoard", "--config", "/conf/hoard.toml"] + volumeMounts: + - name: config-toml + mountPath: /conf +{{- if eq .Values.storage.type "filesystem" }} + - mountPath: /data + name: data-dir +{{- end }} ports: - containerPort: {{ .Values.service.port }} name: http env: -{{- if eq .Values.storage.type "s3" }} +{{- if eq .Values.storage.type "aws" }} - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: @@ -39,18 +47,25 @@ spec: name: {{ required "A valid storage credential is required." .Values.storage.credentialsSecret }} key: secret-access-key {{- end }} -{{- if eq .Values.storage.type "gcs" }} - - name: GCLOUD_SERVICE_KEY +{{- if eq .Values.storage.type "azure" }} + - name: AZURE_STORAGE_ACCOUNT_NAME valueFrom: secretKeyRef: name: {{ required "A valid storage credential is required." .Values.storage.credentialsSecret }} - key: secret-access-key + key: storage-account-name + - name: AZURE_STORAGE_ACCOUNT_KEY + valueFrom: + secretKeyRef: + name: {{ required "A valid storage credential is required." .Values.storage.credentialsSecret }} + key: storage-account-key {{- end }} - - name: HOARD_JSON_CONFIG +{{- if eq .Values.storage.type "gcp" }} + - name: GCLOUD_SERVICE_KEY valueFrom: - configMapKeyRef: - name: {{ template "hoard.fullname" . }} - key: config.json + secretKeyRef: + name: {{ required "A valid storage credential is required." .Values.storage.credentialsSecret }} + key: service-key +{{- end }} livenessProbe: exec: command: @@ -59,15 +74,13 @@ spec: - '[ $(echo "marmottes" | hoarctl put | hoarctl get) = "marmottes" ]' initialDelaySeconds: 5 periodSeconds: 45 -{{- if eq .Values.storage.type "local" }} - volumeMounts: - - mountPath: /data - name: data-dir -{{- end }} resources: {{ toYaml .Values.resources | indent 12 }} -{{- if eq .Values.storage.type "local" }} volumes: + - name: config-toml + configMap: + name: {{ template "hoard.fullname" . }} +{{- if eq .Values.storage.type "filesystem" }} - name: data-dir persistentVolumeClaim: claimName: {{ template "hoard.fullname" $ }} diff --git a/stable/hoard/templates/pvc.yaml b/stable/hoard/templates/pvc.yaml index 5129117044c1..8e26dc5093c4 100644 --- a/stable/hoard/templates/pvc.yaml +++ b/stable/hoard/templates/pvc.yaml @@ -1,4 +1,4 @@ -{{- if eq .Values.storage.type "local" }} +{{- if eq .Values.storage.type "filesystem" }} --- kind: PersistentVolumeClaim apiVersion: v1 diff --git a/stable/hoard/values.yaml b/stable/hoard/values.yaml index 8146e48af825..48f131ac6012 100644 --- a/stable/hoard/values.yaml +++ b/stable/hoard/values.yaml @@ -2,17 +2,26 @@ replicaCount: 1 image: repository: quay.io/monax/hoard - tag: 1.1.5 + tag: 2.0.0 pullPolicy: IfNotPresent storage: - type: local # s3 | gcs | local - region: "" + # aws | azure | filesystem | gcp | ipfs + type: filesystem + remote: "" bucket: "" - prefix: hoard + prefix: "" + region: "" credentialsSecret: "" + encoding: base64 + +logging: + type: json + channels: + - info + - trace -# only local +# only filesystem persistence: size: 10Gi storageClass: standard @@ -28,22 +37,21 @@ service: ingress: enabled: false annotations: {} - # kubernetes.io/ingress.class: nginx - # kubernetes.io/tls-acme: "true" path: / hosts: - - chart-example.local + - hoard.local tls: [] - # - secretName: chart-example-tls + # - secretName: hoard-tls # hosts: - # - chart-example.local + # - hoard.local resources: {} - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi +# limits: +# cpu: 500m +# memory: 1Gi +# requests: +# cpu: 100m +# memory: 256Mi nodeSelector: {} From 39c8704ee25a855b365c94ccfc2545ceb72ea395 Mon Sep 17 00:00:00 2001 From: Chanho Kim <7chanho@gmail.com> Date: Fri, 22 Feb 2019 19:24:33 +0900 Subject: [PATCH 0262/1586] [stable/mariadb] Fix 'MARIADB_MASTER_PORT_NUMBER' in templates/slave-statefulset.yaml (#11562) Signed-off-by: Chanho Kim <7chanho@gmail.com> --- stable/mariadb/Chart.yaml | 2 +- stable/mariadb/templates/slave-statefulset.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/mariadb/Chart.yaml b/stable/mariadb/Chart.yaml index fe4a5c30431e..1ece7bbd8c54 100644 --- a/stable/mariadb/Chart.yaml +++ b/stable/mariadb/Chart.yaml @@ -1,5 +1,5 @@ name: mariadb -version: 5.5.2 +version: 5.5.3 appVersion: 10.1.38 description: Fast, reliable, scalable, and easy to use open-source relational database system. MariaDB Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. Highly available MariaDB cluster. keywords: diff --git a/stable/mariadb/templates/slave-statefulset.yaml b/stable/mariadb/templates/slave-statefulset.yaml index f2cab6162eef..bc8786acded8 100644 --- a/stable/mariadb/templates/slave-statefulset.yaml +++ b/stable/mariadb/templates/slave-statefulset.yaml @@ -99,7 +99,7 @@ spec: - name: MARIADB_MASTER_HOST value: {{ template "mariadb.fullname" . }} - name: MARIADB_MASTER_PORT_NUMBER - value: "3306" + value: "{{ .Values.service.port }}" - name: MARIADB_MASTER_ROOT_USER value: "root" - name: MARIADB_MASTER_ROOT_PASSWORD From 4127562d09a093f936b1f09610a979b98e37147a Mon Sep 17 00:00:00 2001 From: Lucas Martins Date: Fri, 22 Feb 2019 12:52:22 +0100 Subject: [PATCH 0263/1586] Bookstack persistent volume patch (#11641) * persistent volume issue Signed-off-by: Lucas Martins * update - persistent volume patch Signed-off-by: Lucas Martins --- stable/bookstack/Chart.yaml | 2 +- stable/bookstack/templates/deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/bookstack/Chart.yaml b/stable/bookstack/Chart.yaml index c315f4dc3861..2c47a46bcac8 100644 --- a/stable/bookstack/Chart.yaml +++ b/stable/bookstack/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.24.3 description: BookStack is a simple, self-hosted, easy-to-use platform for organising and storing information. name: bookstack -version: 1.0.1 +version: 1.0.2 home: https://www.bookstackapp.com/ icon: https://github.com/BookStackApp/website/blob/master/static/images/logo.png sources: diff --git a/stable/bookstack/templates/deployment.yaml b/stable/bookstack/templates/deployment.yaml index bc12ddd5028d..c80da6edf522 100644 --- a/stable/bookstack/templates/deployment.yaml +++ b/stable/bookstack/templates/deployment.yaml @@ -96,7 +96,7 @@ spec: - name: uploads {{- if .Values.persistence.uploads.enabled }} persistentVolumeClaim: - claimName: {{ .Values.persistence.storage.existingClaim | default (printf "%s-%s" (include "bookstack.fullname" .) "uploads") }} + claimName: {{ .Values.persistence.uploads.existingClaim | default (printf "%s-%s" (include "bookstack.fullname" .) "uploads") }} {{- else }} emptyDir: {} {{- end }} From 42bfb48ea21d284761bba3591f705dd9c5fc716c Mon Sep 17 00:00:00 2001 From: Johnny You Date: Fri, 22 Feb 2019 21:16:45 +0900 Subject: [PATCH 0264/1586] [stable/postgesql] fix bug in statefulset-slaves, slavePod.xxx -> slave.podxxx (#11485) Signed-off-by: LittleWhiteYA --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/templates/statefulset-slaves.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index e41fe8c35db5..9f061410e7bc 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.11.5 +version: 3.11.6 appVersion: 10.7.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml index 7c1d7d98cdd2..3b3648665305 100644 --- a/stable/postgresql/templates/statefulset-slaves.yaml +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -25,10 +25,10 @@ spec: release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} role: slave -{{- with .Values.slavePod.labels }} +{{- with .Values.slave.podLabels }} {{ toYaml . | indent 8 }} {{- end }} -{{- with .Values.slavePod.annotations }} +{{- with .Values.slave.podAnnotations }} annotations: {{ toYaml . | indent 8 }} {{- end }} From 5058299a824b2b8903bc826eb4034f1b16ff4e71 Mon Sep 17 00:00:00 2001 From: Patrick Date: Fri, 22 Feb 2019 13:32:34 +0100 Subject: [PATCH 0265/1586] avoid the secret changed performing upgrade (#11601) * avoid password change when update fix #11600 Signed-off-by: patrick * Bump chart version Signed-off-by: patrick --- stable/prestashop/Chart.yaml | 2 +- stable/prestashop/templates/secrets.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/prestashop/Chart.yaml b/stable/prestashop/Chart.yaml index 752557b34552..ce49fa32e042 100644 --- a/stable/prestashop/Chart.yaml +++ b/stable/prestashop/Chart.yaml @@ -1,5 +1,5 @@ name: prestashop -version: 6.1.3 +version: 6.2.0 appVersion: 1.7.5-1 description: A popular open source ecommerce solution. Professional tools are easily accessible to increase online sales including instant guest checkout, abandoned cart reminders and automated Email marketing. keywords: diff --git a/stable/prestashop/templates/secrets.yaml b/stable/prestashop/templates/secrets.yaml index ed231f3c7ff1..6cbf304522ff 100644 --- a/stable/prestashop/templates/secrets.yaml +++ b/stable/prestashop/templates/secrets.yaml @@ -7,6 +7,8 @@ metadata: chart: "{{ template "prestashop.chart" . }}" release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} + annotations: + "helm.sh/hook": pre-install type: Opaque data: {{- if .Values.prestashopPassword }} From 58ec0e80482130309fc5e2f09c34c3d9b5ca058a Mon Sep 17 00:00:00 2001 From: Arief Rahmansyah Date: Fri, 22 Feb 2019 23:37:04 +0900 Subject: [PATCH 0266/1586] Jaeger operator role resources (#11596) * Add jobs and cronjobs resources to jaeger operator role Signed-off-by: Arief Rahmansyah * Bump jaeger-operator version Signed-off-by: Arief Rahmansyah * Add new api groups for jobs and cron jobs role Signed-off-by: Arief Rahmansyah --- stable/jaeger-operator/Chart.yaml | 2 +- stable/jaeger-operator/README.md | 15 ++++++++------- stable/jaeger-operator/templates/role.yaml | 6 ++++++ 3 files changed, 15 insertions(+), 8 deletions(-) diff --git a/stable/jaeger-operator/Chart.yaml b/stable/jaeger-operator/Chart.yaml index ccfbe56ed407..dc18dd4ee775 100644 --- a/stable/jaeger-operator/Chart.yaml +++ b/stable/jaeger-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: jaeger-operator Helm chart for Kubernetes name: jaeger-operator -version: 2.2.0 +version: 2.2.1 appVersion: 1.9.0 home: https://www.jaegertracing.io/ icon: https://www.jaegertracing.io/img/jaeger-icon-reverse-color.svg diff --git a/stable/jaeger-operator/README.md b/stable/jaeger-operator/README.md index 49f8a370ca2e..527afe2541c8 100644 --- a/stable/jaeger-operator/README.md +++ b/stable/jaeger-operator/README.md @@ -43,17 +43,18 @@ The following table lists the configurable parameters of the jaeger-operator cha Parameter | Description | Default --- | --- | --- -`image.repository` | controller container image repository | `jaegertracing/jaeger-operator` -`image.tag` | controller container image tag | `1.9.0` -`image.pullPolicy` | controller container image pull policy | `IfNotPresent` -`rbac.create` | all required roles and SA will be created | `true` -`resources` | k8s pod resorces | `None` +`image.repository` | Controller container image repository | `jaegertracing/jaeger-operator` +`image.tag` | Controller container image tag | `1.9.0` +`image.pullPolicy` | Controller container image pull policy | `IfNotPresent` +`rbac.create` | All required roles and rolebindings will be created | `true` +`serviceAccount.create` | Service account to use | `true` +`serviceAccount.name` | Service account name to use. If not set and create is true, a name is generated using the fullname template | `` +`resources` | K8s pod resorces | `None` `nodeSelector` | Node labels for pod assignment | `{}` `tolerations` | Toleration labels for pod assignment | `[]` `affinity` | Affinity settings for pod assignment | `{}` - -Specify each parameter you'd like to override using a YAML file as described above in the [installation](#Installing the Chart) section. +Specify each parameter you'd like to override using a YAML file as described above in the [installation](#installing-the-chart) section. You can also specify any non-array parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/jaeger-operator/templates/role.yaml b/stable/jaeger-operator/templates/role.yaml index 67e7b665a6c3..264512e859b4 100644 --- a/stable/jaeger-operator/templates/role.yaml +++ b/stable/jaeger-operator/templates/role.yaml @@ -43,4 +43,10 @@ rules: - ingresses verbs: - "*" +- apiGroups: + - batch + resources: + - jobs + - cronjobs + verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] {{- end }} From 321bb3202dbd504ecc92f12065c27c17369fb97c Mon Sep 17 00:00:00 2001 From: Jonas Grau Date: Fri, 22 Feb 2019 16:12:15 +0100 Subject: [PATCH 0267/1586] [stable/redis] Fix service name when cluster is disabled (#11553) If cluster is not enabled the name of the master service still contains `-master`. This changes updates the helper so that is apparent when looking at the helm status. Signed-off-by: Jonas Grau --- stable/redis/Chart.yaml | 2 +- stable/redis/templates/NOTES.txt | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index 016f242181f5..9199ae89d881 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,5 +1,5 @@ name: redis -version: 6.1.2 +version: 6.1.3 appVersion: 4.0.13 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/templates/NOTES.txt b/stable/redis/templates/NOTES.txt index d6aafb5136e5..625363e2c7e7 100644 --- a/stable/redis/templates/NOTES.txt +++ b/stable/redis/templates/NOTES.txt @@ -29,7 +29,7 @@ Redis can be accessed via port {{ .Values.master.port }} on the following DNS na {{- else }} Redis can be accessed via port {{ .Values.master.port }} on the following DNS name from within your cluster: -{{ template "redis.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local +{{ template "redis.fullname" . }}-master.{{ .Release.Namespace }}.svc.cluster.local {{- end }} @@ -54,7 +54,7 @@ To connect to your Redis server: redis-cli -h {{ template "redis.fullname" . }}-master{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }} redis-cli -h {{ template "redis.fullname" . }}-slave{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }} {{- else }} - redis-cli -h {{ template "redis.fullname" . }}{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }} + redis-cli -h {{ template "redis.fullname" . }}-master{{ if .Values.usePassword }} -a $REDIS_PASSWORD{{ end }} {{- end }} {{ if and (.Values.networkPolicy.enabled) (not .Values.networkPolicy.allowExternal) }} From 2070ee8004a86d38bbbd1c7f96819a3dfc9faede Mon Sep 17 00:00:00 2001 From: James Munnelly Date: Fri, 22 Feb 2019 15:21:06 +0000 Subject: [PATCH 0268/1586] cert-manager: fast-forward to upstream f5e1477b (#11611) * Bump for v0.6.2 (jetstack/cert-manager#1382) Signed-off-by: James Munnelly --- stable/cert-manager/Chart.yaml | 4 ++-- stable/cert-manager/README.md | 4 ++-- stable/cert-manager/requirements.lock | 6 +++--- stable/cert-manager/requirements.yaml | 2 +- stable/cert-manager/values.yaml | 2 +- stable/cert-manager/webhook/Chart.yaml | 4 ++-- stable/cert-manager/webhook/values.yaml | 2 +- 7 files changed, 12 insertions(+), 12 deletions(-) diff --git a/stable/cert-manager/Chart.yaml b/stable/cert-manager/Chart.yaml index e5c6b644149b..06663f615f6e 100644 --- a/stable/cert-manager/Chart.yaml +++ b/stable/cert-manager/Chart.yaml @@ -1,6 +1,6 @@ name: cert-manager -version: v0.6.5 -appVersion: v0.6.1 +version: v0.6.6 +appVersion: v0.6.2 description: A Helm chart for cert-manager home: https://github.com/jetstack/cert-manager keywords: diff --git a/stable/cert-manager/README.md b/stable/cert-manager/README.md index 31cae589c651..be51eb04fb98 100644 --- a/stable/cert-manager/README.md +++ b/stable/cert-manager/README.md @@ -72,7 +72,7 @@ The following table lists the configurable parameters of the cert-manager chart | --------- | ----------- | ------- | | `global.imagePullSecrets` | Reference to one or more secrets to be used when pulling images | `[]` | | `image.repository` | Image repository | `quay.io/jetstack/cert-manager-controller` | -| `image.tag` | Image tag | `v0.6.1` | +| `image.tag` | Image tag | `v0.6.2` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `replicaCount` | Number of cert-manager replicas | `1` | | `clusterResourceNamespace` | Override the namespace used to store DNS provider credentials etc. for ClusterIssuer resources | Same namespace as cert-manager pod @@ -107,7 +107,7 @@ The following table lists the configurable parameters of the cert-manager chart | `webhook.extraArgs` | Optional flags for cert-manager webhook component | `[]` | | `webhook.resources` | CPU/memory resource requests/limits for the webhook pods | | | `webhook.image.repository` | Webhook image repository | `quay.io/jetstack/cert-manager-webhook` | -| `webhook.image.tag` | Webhook image tag | `v0.6.1` | +| `webhook.image.tag` | Webhook image tag | `v0.6.2` | | `webhook.image.pullPolicy` | Webhook image pull policy | `IfNotPresent` | | `webhook.caSyncImage.repository` | CA sync image repository | `quay.io/munnerz/apiextensions-ca-helper` | | `webhook.caSyncImage.tag` | CA sync image tag | `v0.1.0` | diff --git a/stable/cert-manager/requirements.lock b/stable/cert-manager/requirements.lock index a0e31312bc53..2a883ee63dcd 100644 --- a/stable/cert-manager/requirements.lock +++ b/stable/cert-manager/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: webhook repository: file://webhook - version: v0.6.3 -digest: sha256:77dcd917e3112dfc7ddb3f1cca72bb337f067706b1020dec0fda4a2d41a945bf -generated: 2019-02-05T13:43:12.838251554Z + version: v0.6.4 +digest: sha256:a0af88ca014f7195e521457f22c31d8bf28c7c90b0c9a088bfc5cb8ab188b769 +generated: 2019-02-19T11:13:47.831977937Z diff --git a/stable/cert-manager/requirements.yaml b/stable/cert-manager/requirements.yaml index a1f7bc5f18f0..c6d8928e239f 100644 --- a/stable/cert-manager/requirements.yaml +++ b/stable/cert-manager/requirements.yaml @@ -1,6 +1,6 @@ # requirements.yaml dependencies: - name: webhook - version: "v0.6.3" + version: "v0.6.4" repository: "file://webhook" condition: webhook.enabled diff --git a/stable/cert-manager/values.yaml b/stable/cert-manager/values.yaml index f78af7b3265c..f4b5e55e94f8 100644 --- a/stable/cert-manager/values.yaml +++ b/stable/cert-manager/values.yaml @@ -21,7 +21,7 @@ strategy: {} image: repository: quay.io/jetstack/cert-manager-controller - tag: v0.6.1 + tag: v0.6.2 pullPolicy: IfNotPresent # Override the namespace used to store DNS provider credentials etc. for ClusterIssuer diff --git a/stable/cert-manager/webhook/Chart.yaml b/stable/cert-manager/webhook/Chart.yaml index 56cf1dae7e15..3bb4934ab040 100644 --- a/stable/cert-manager/webhook/Chart.yaml +++ b/stable/cert-manager/webhook/Chart.yaml @@ -1,7 +1,7 @@ name: webhook apiVersion: v1 -version: "v0.6.3" -appVersion: "v0.6.1" +version: "v0.6.4" +appVersion: "v0.6.2" description: A Helm chart for deploying the cert-manager webhook component home: https://github.com/jetstack/cert-manager sources: diff --git a/stable/cert-manager/webhook/values.yaml b/stable/cert-manager/webhook/values.yaml index 142b1f199163..a094349d5e7c 100644 --- a/stable/cert-manager/webhook/values.yaml +++ b/stable/cert-manager/webhook/values.yaml @@ -28,7 +28,7 @@ resources: {} image: repository: quay.io/jetstack/cert-manager-webhook - tag: v0.6.1 + tag: v0.6.2 pullPolicy: IfNotPresent caSyncImage: From b1e6434763db4e10588586732f14a5c95913d3af Mon Sep 17 00:00:00 2001 From: Ken Wronkiewicz Date: Fri, 22 Feb 2019 08:29:30 -0800 Subject: [PATCH 0269/1586] Adding optional additional airflow ConfigMaps (#11632) * Adding optional additional airflow ConfigMaps - Cribbed off of how the Grafana chart works - I needed a way to deploy a set of config files to the DAGs but separate. Signed-off-by: Ken Wronkiewicz * Accidentally a mistake. Signed-off-by: Ken Wronkiewicz * Upgrade to 1.0 Signed-off-by: Wirehead --- stable/airflow/Chart.yaml | 2 +- stable/airflow/README.md | 2 ++ stable/airflow/templates/deployments-scheduler.yaml | 10 ++++++++++ stable/airflow/templates/deployments-web.yaml | 10 ++++++++++ stable/airflow/templates/statefulsets-workers.yaml | 10 ++++++++++ stable/airflow/values.yaml | 6 +++++- 6 files changed, 38 insertions(+), 2 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index 889ac4e61d6d..f436d2c5fe21 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,6 +1,6 @@ description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 0.17.4 +version: 1.0.0 appVersion: 1.10.0 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/README.md b/stable/airflow/README.md index eb111ac9853d..680e8ab54882 100644 --- a/stable/airflow/README.md +++ b/stable/airflow/README.md @@ -275,6 +275,7 @@ The following table lists the configurable parameters of the Airflow chart and t | `airflow.config` | custom airflow configuration env variables | `{}` | | `airflow.podDisruptionBudget` | control pod disruption budget | `{'maxUnavailable': 1}` | | `airflow.secretsMapping` | override any environment variable with a secret | | +| `airflow.extraConfigmapMounts` | Additional configMap volume mounts on the airflow pods. | `[]` | | `workers.enabled` | enable workers | `true` | | `workers.replicas` | number of workers pods to launch | `1` | | `workers.resources` | custom resource configuration for worker pod | `{}` | @@ -333,4 +334,5 @@ The following table lists the configurable parameters of the Airflow chart and t | `redis.master.persistence.enabled` | Enable Redis PVC | `false` | | `redis.cluster.enabled` | enable master-slave cluster | `false` | + Full and up-to-date documentation can be found in the comments of the `values.yaml` file. diff --git a/stable/airflow/templates/deployments-scheduler.yaml b/stable/airflow/templates/deployments-scheduler.yaml index 3c90e3fa0b0c..044131eb13ea 100755 --- a/stable/airflow/templates/deployments-scheduler.yaml +++ b/stable/airflow/templates/deployments-scheduler.yaml @@ -86,6 +86,11 @@ spec: - name: connections mountPath: /usr/local/connections {{- end}} + {{- range .Values.airflow.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} args: - "bash" - "-c" @@ -155,3 +160,8 @@ spec: secretName: {{ template "airflow.fullname" . }}-connections defaultMode: 0755 {{- end }} + {{- range .Values.airflow.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} diff --git a/stable/airflow/templates/deployments-web.yaml b/stable/airflow/templates/deployments-web.yaml index a7addabe72bc..a9e10cf94e68 100644 --- a/stable/airflow/templates/deployments-web.yaml +++ b/stable/airflow/templates/deployments-web.yaml @@ -85,6 +85,11 @@ spec: - name: logs-data mountPath: {{ .Values.logs.path }} {{- end }} + {{- range .Values.airflow.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} args: - "bash" - "-c" @@ -146,3 +151,8 @@ spec: defaultMode: 0700 {{- end }} {{- end }} + {{- range .Values.airflow.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} \ No newline at end of file diff --git a/stable/airflow/templates/statefulsets-workers.yaml b/stable/airflow/templates/statefulsets-workers.yaml index 6cd9f5ab4540..6ad8a6ebb5a0 100644 --- a/stable/airflow/templates/statefulsets-workers.yaml +++ b/stable/airflow/templates/statefulsets-workers.yaml @@ -93,6 +93,11 @@ spec: - name: dags-data mountPath: {{ .Values.dags.path }} {{- end }} + {{- range .Values.airflow.extraConfigmapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: {{ .readOnly }} + {{- end }} args: - "bash" - "-c" @@ -150,4 +155,9 @@ spec: defaultMode: 0700 {{- end }} {{- end }} + {{- range .Values.airflow.extraConfigmapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} + {{- end }} {{- end }} diff --git a/stable/airflow/values.yaml b/stable/airflow/values.yaml index 9a75e9c49baf..ba31b64c6a8c 100644 --- a/stable/airflow/values.yaml +++ b/stable/airflow/values.yaml @@ -1,9 +1,13 @@ # Duplicate this file and put your customization here - ## ## common settings and setting for the webserver airflow: + extraConfigmapMounts: [] + # - name: extra-metadata + # mountPath: /opt/metadata + # configMap: airflow-metadata + # readOnly: true ## When existingAirflowSecret is defined, secretsMapping can be ## overridden. When no secretName is given then the value of From c60823c62360de139f3b055ec637f243b6c182c7 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Fri, 22 Feb 2019 18:04:27 +0100 Subject: [PATCH 0270/1586] stable/wordpress: update to 5.1.0 (#11654) Signed-off-by: Bitnami Containers --- stable/wordpress/Chart.yaml | 4 ++-- stable/wordpress/values-production.yaml | 2 +- stable/wordpress/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/wordpress/Chart.yaml b/stable/wordpress/Chart.yaml index daf5359bdd40..a5b7c42827aa 100644 --- a/stable/wordpress/Chart.yaml +++ b/stable/wordpress/Chart.yaml @@ -1,6 +1,6 @@ name: wordpress -version: 5.2.2 -appVersion: 5.0.3 +version: 5.2.3 +appVersion: 5.1.0 description: Web publishing platform for building blogs and websites. icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png keywords: diff --git a/stable/wordpress/values-production.yaml b/stable/wordpress/values-production.yaml index ff4709ddaeb8..ad429cb0b054 100644 --- a/stable/wordpress/values-production.yaml +++ b/stable/wordpress/values-production.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/wordpress - tag: 5.0.3 + tag: 5.1.0 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/wordpress/values.yaml b/stable/wordpress/values.yaml index 46e4c66f04a9..768f4a610b11 100644 --- a/stable/wordpress/values.yaml +++ b/stable/wordpress/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/wordpress - tag: 5.0.3 + tag: 5.1.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 4e1a78293490193740e0243df670a50f6eb08f3f Mon Sep 17 00:00:00 2001 From: anthony Date: Fri, 22 Feb 2019 12:18:24 -0500 Subject: [PATCH 0271/1586] [stable/ambassador] support targetPort specification (#11574) Signed-off-by: Anthony Jones --- stable/ambassador/Chart.yaml | 2 +- stable/ambassador/templates/service.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/ambassador/Chart.yaml b/stable/ambassador/Chart.yaml index 7ac6156e1808..6a3c489f0be8 100644 --- a/stable/ambassador/Chart.yaml +++ b/stable/ambassador/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.50.2 description: A Helm chart for Datawire Ambassador name: ambassador -version: 1.1.3 +version: 1.1.4 icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ sources: diff --git a/stable/ambassador/templates/service.yaml b/stable/ambassador/templates/service.yaml index 33dd3b41bc27..38a6b5b24275 100644 --- a/stable/ambassador/templates/service.yaml +++ b/stable/ambassador/templates/service.yaml @@ -23,7 +23,7 @@ spec: ports: {{- if .Values.service.http.enabled }} - port: {{ .Values.service.http.port }} - targetPort: http + targetPort: {{ .Values.service.http.targetPort }} protocol: TCP name: http {{- with .Values.service.http.nodePort }} @@ -32,7 +32,7 @@ spec: {{- end }} {{- if .Values.service.https.enabled }} - port: {{ .Values.service.https.port }} - targetPort: https + targetPort: {{ .Values.service.https.targetPort }} protocol: TCP name: https {{- with .Values.service.https.nodePort }} From bf10057800344c2415f398b43f13597677e8a058 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Fri, 22 Feb 2019 18:55:00 +0100 Subject: [PATCH 0272/1586] bump mm-te to 5.8.0 (#11460) Signed-off-by: Carlos Panato --- stable/mattermost-team-edition/Chart.yaml | 4 ++-- stable/mattermost-team-edition/README.md | 2 +- stable/mattermost-team-edition/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/mattermost-team-edition/Chart.yaml b/stable/mattermost-team-edition/Chart.yaml index bdf6a6d919ee..345829cb537a 100644 --- a/stable/mattermost-team-edition/Chart.yaml +++ b/stable/mattermost-team-edition/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: Mattermost Team Edition server. name: mattermost-team-edition -version: 2.2.2 -appVersion: 5.7.1 +version: 2.3.0 +appVersion: 5.8.0 keywords: - mattermost - communication diff --git a/stable/mattermost-team-edition/README.md b/stable/mattermost-team-edition/README.md index 1fe1d7538e80..82d40ce727c9 100644 --- a/stable/mattermost-team-edition/README.md +++ b/stable/mattermost-team-edition/README.md @@ -46,7 +46,7 @@ The following table lists the configurable parameters of the Mattermost Team Edi Parameter | Description | Default --- | --- | --- `image.repository` | container image repository | `mattermost/mattermost-team-edition` -`image.tag` | container image tag | `5.7.1` +`image.tag` | container image tag | `5.8.0` `image.imagePullPolicy` | container image pull policy | `IfNotPresent` `initContainerImage.repository` | init container image repository | `appropriate/curl` `initContainerImage.tag` | init container image tag | `latest` diff --git a/stable/mattermost-team-edition/values.yaml b/stable/mattermost-team-edition/values.yaml index df5b55cd7097..ffcc274299fd 100644 --- a/stable/mattermost-team-edition/values.yaml +++ b/stable/mattermost-team-edition/values.yaml @@ -3,7 +3,7 @@ # Declare variables to be passed into your templates. image: repository: mattermost/mattermost-team-edition - tag: 5.7.1 + tag: 5.8.0 imagePullPolicy: IfNotPresent initContainerImage: From f63198f2142c0bb4be83e85bedc806e0601d3202 Mon Sep 17 00:00:00 2001 From: Pablo Castellano Date: Fri, 22 Feb 2019 15:04:09 -0300 Subject: [PATCH 0273/1586] [stable/ark] Several improvements on naming, decoupling and metrics (#11068) * [stable/ark] Several improvements on naming, decoupling and metrics * Use new naming: * Rename backupStorageProvider to backupStorageLocation * Rename persistentVolumeProvider to volumeSnapshotLocation * Add configuration.provider so that backupStorageLocation is decoupled from the cloud provider where ark it deployed to * Fixed typo in metricsAddress (now renamed to configuration.metrics.address) * Expose metrics port with configuration.metrics.enabled Signed-off-by: Pablo Castellano * Allow setting new prefix parameter Signed-off-by: Pablo Castellano * Fix and document prefix parameter Signed-off-by: Pablo Castellano * Major version bump Signed-off-by: Pablo Castellano * Add prometheus monitoring Originally by JoschaLaubach (https://github.com/helm/charts/pull/9496) Adapted by PabloCastellano to latest chart available Signed-off-by: Pablo Castellano --- stable/ark/Chart.yaml | 2 +- stable/ark/README.md | 29 ++++++++++++------- .../ark/templates/backupstoragelocation.yaml | 5 +++- stable/ark/templates/deployment.yaml | 23 ++++++++++----- stable/ark/templates/restic-daemonset.yaml | 2 +- stable/ark/templates/service.yaml | 20 +++++++++++++ stable/ark/templates/servicemonitor.yaml | 22 ++++++++++++++ .../ark/templates/volumesnapshotlocation.yaml | 2 +- stable/ark/values.yaml | 26 ++++++++++++++--- 9 files changed, 104 insertions(+), 27 deletions(-) create mode 100644 stable/ark/templates/service.yaml create mode 100644 stable/ark/templates/servicemonitor.yaml diff --git a/stable/ark/Chart.yaml b/stable/ark/Chart.yaml index 07de839da149..c82735cff689 100644 --- a/stable/ark/Chart.yaml +++ b/stable/ark/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.10.1 description: A Helm chart for ark name: ark -version: 3.0.1 +version: 4.0.0 home: https://github.com/heptio/ark icon: https://cdn-images-1.medium.com/max/1600/1*-9mb3AKnKdcL_QD3CMnthQ.png sources: diff --git a/stable/ark/README.md b/stable/ark/README.md index f6731ee91a7a..251d9f085982 100644 --- a/stable/ark/README.md +++ b/stable/ark/README.md @@ -16,7 +16,8 @@ kubectl scale -n heptio-ark deploy/ark --replicas 0 ``` 3. Migrate file structure of your backup storage according to [guide](https://github.com/heptio/ark/blob/master/docs/storage-layout-reorg-v0.10.md) -4. Upgrade your deployment +4. Adjust your `values.yaml` to the new structure and naming +5. Upgrade your deployment ```sh helm upgrade --force --namespace heptio-ark ark ./ark @@ -61,23 +62,29 @@ Parameter | Description | Default `resources` | Resource requests and limits | `{}` `tolerations` | List of node taints to tolerate | `[]` `nodeSelector` | Node labels for pod assignment | `{}` -`configuration.persistentVolumeProvider.name` | The name of the cloud provider the cluster is using for persistent volumes, if any | `{}` -`configuration.persistentVolumeProvider.config.region` | The cloud provider region (AWS only) | `` -`configuration.persistentVolumeProvider.config.apiTimeout` | The API timeout (Azure only) | -`configuration.backupStorageProvider.name` | The name of the cloud provider that will be used to actually store the backups (`aws`, `azure`, `gcp`) | `` -`configuration.backupStorageProvider.bucket` | The storage bucket where backups are to be uploaded | `` -`configuration.backupStorageProvider.config.region` | The cloud provider region (AWS only) | `` -`configuration.backupStorageProvider.config.s3ForcePathStyle` | Set to `true` for a local storage service like Minio | `` -`configuration.backupStorageProvider.config.s3Url` | S3 url (primarily used for local storage services like Minio) | `` -`configuration.backupStorageProvider.config.kmsKeyId` | KMS key for encryption (AWS only) | `` +`configuration.backupStorageLocation.name` | The name of the cloud provider that will be used to actually store the backups (`aws`, `azure`, `gcp`) | `` +`configuration.backupStorageLocation.bucket` | The storage bucket where backups are to be uploaded | `` +`configuration.backupStorageLocation.config.region` | The cloud provider region (AWS only) | `` +`configuration.backupStorageLocation.config.s3ForcePathStyle` | Set to `true` for a local storage service like Minio | `` +`configuration.backupStorageLocation.config.s3Url` | S3 url (primarily used for local storage services like Minio) | `` +`configuration.backupStorageLocation.config.kmsKeyId` | KMS key for encryption (AWS only) | `` +`configuration.backupStorageLocation.prefix` | The directory inside a storage bucket where backups are to be uploaded | `` `configuration.backupSyncPeriod` | How frequently Ark queries the object storage to make sure that the appropriate Backup resources have been created for existing backup files | `60m` `configuration.extraEnvVars` | Key/values for extra environment variables such as AWS_CLUSTER_NAME, etc | `{}` -`configuration.metricsAddress` | Address to expose metrics | `:8085` +`configuration.provider` | The name of the cloud provider where you are deploying ark to (`aws`, `azure`, `gcp`) | `configuration.restoreResourcePriorities` | An ordered list that describes the order in which Kubernetes resource objects should be restored | `namespaces,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods` `configuration.restoreOnlyMode` | When RestoreOnly mode is on, functionality for backups, schedules, and expired backup deletion is turned off. Restores are made from existing backup files in object storage | `false` +`configuration.volumeSnapshotLocation.name` | The name of the cloud provider the cluster is using for persistent volumes, if any | `{}` +`configuration.volumeSnapshotLocation.config.region` | The cloud provider region (AWS only) | `` +`configuration.volumeSnapshotLocation.config.apiTimeout` | The API timeout (`azure` only) | `credentials.existingSecret` | If specified and `useSecret` is `true`, uses an existing secret with this name instead of creating one | `` `credentials.useSecret` | Whether a secret should be used. Set this to `false` when using `kube2iam` | `true` `credentials.secretContents` | Contents for the credentials secret | `{}` +`deployRestic` | If `true`, enable restic deployment | `false` +`metrics.enabled` | Set this to `true` to enable exporting Prometheus monitoring metrics | `false` +`metrics.scrapeInterval` | Scrape interval for the Prometheus ServiceMonitor | `30s` +`metrics.serviceMonitor.enabled` | Set this to `true` to create ServiceMonitor for Prometheus operator | `false` +`metrics.serviceMonitor.additionalLabels` | Additional labels that can be used so ServiceMonitor will be discovered by Prometheus | `{}` `schedules` | A dict of schedules | `{}` diff --git a/stable/ark/templates/backupstoragelocation.yaml b/stable/ark/templates/backupstoragelocation.yaml index 63c066568eaf..9dd03722666b 100644 --- a/stable/ark/templates/backupstoragelocation.yaml +++ b/stable/ark/templates/backupstoragelocation.yaml @@ -1,6 +1,6 @@ {{- $root := . }} {{- with .Values.configuration }} -{{- with .backupStorageProvider }} +{{- with .backupStorageLocation }} apiVersion: ark.heptio.com/v1 kind: BackupStorageLocation metadata: @@ -14,6 +14,9 @@ spec: provider: {{ .name }} objectStorage: bucket: {{ .bucket }} + {{- with .prefix }} + prefix: {{ . }} + {{- end }} {{- with .config }} config: {{- with .region }} diff --git a/stable/ark/templates/deployment.yaml b/stable/ark/templates/deployment.yaml index 9ee640bff97b..38c0e13b7182 100644 --- a/stable/ark/templates/deployment.yaml +++ b/stable/ark/templates/deployment.yaml @@ -1,5 +1,5 @@ -{{- if and .Values.configuration.backupStorageProvider.name .Values.configuration.backupStorageProvider.bucket -}} -{{- $provider := .Values.configuration.backupStorageProvider.name -}} +{{- if .Values.configuration.provider -}} +{{- $provider := .Values.configuration.provider -}} apiVersion: apps/v1beta2 kind: Deployment metadata: @@ -20,10 +20,15 @@ spec: labels: release: {{ .Release.Name }} app: {{ template "ark.name" . }} - {{- with .Values.podAnnotations }} + {{- if or .Values.podAnnotations .Values.metrics.enabled }} annotations: -{{ toYaml . | indent 8 }} - {{- end }} +{{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} +{{- if .Values.metrics.enabled }} +{{ toYaml .Values.metrics.podAnnotations | indent 8 }} +{{- end }} + {{- end }} spec: restartPolicy: Always serviceAccountName: {{ template "ark.serverServiceAccount" . }} @@ -31,14 +36,16 @@ spec: - name: ark image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.metrics.enabled }} + ports: + - name: monitoring + containerPort: 8085 + {{- end }} command: - /ark args: - server {{- with .Values.configuration }} - {{- with .metricAddress }} - - --metrics-address={{ . }} - {{- end }} {{- with .backupSyncPeriod }} - --backup-sync-period={{ . }} {{- end }} diff --git a/stable/ark/templates/restic-daemonset.yaml b/stable/ark/templates/restic-daemonset.yaml index 801a667c3c7f..564847f73706 100644 --- a/stable/ark/templates/restic-daemonset.yaml +++ b/stable/ark/templates/restic-daemonset.yaml @@ -1,5 +1,5 @@ {{- if .Values.deployRestic }} -{{- $provider := .Values.configuration.backupStorageProvider.name -}} +{{- $provider := .Values.configuration.provider -}} apiVersion: apps/v1 kind: DaemonSet metadata: diff --git a/stable/ark/templates/service.yaml b/stable/ark/templates/service.yaml new file mode 100644 index 000000000000..234db5e8afe6 --- /dev/null +++ b/stable/ark/templates/service.yaml @@ -0,0 +1,20 @@ +{{- if .Values.metrics.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "ark.fullname" . }} + labels: + release: {{ .Release.Name }} + app: {{ template "ark.name" . }} + chart: {{ template "ark.chart" . }} + heritage: {{ .Release.Service }} +spec: + type: ClusterIP + ports: + - name: monitoring + port: 8085 + targetPort: monitoring + selector: + release: {{ .Release.Name }} + app: {{ template "ark.name" . }} +{{- end }} diff --git a/stable/ark/templates/servicemonitor.yaml b/stable/ark/templates/servicemonitor.yaml new file mode 100644 index 000000000000..3bb964deb990 --- /dev/null +++ b/stable/ark/templates/servicemonitor.yaml @@ -0,0 +1,22 @@ +{{- if and .Values.metrics.enabled .Values.metrics.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ template "ark.fullname" . }} + labels: + release: {{ .Release.Name }} + app: {{ template "ark.name" . }} + chart: {{ template "ark.chart" . }} + heritage: {{ .Release.Service }} + {{- if .Values.metrics.serviceMonitor.additionalLabels }} +{{ toYaml .Values.metrics.serviceMonitor.additionalLabels | indent 4 }} + {{- end }} +spec: + selector: + matchLabels: + release: {{ .Release.Name }} + app: {{ template "ark.name" . }} + endpoints: + - port: monitoring + interval: {{ .Values.metrics.scrapeInterval }} +{{- end }} diff --git a/stable/ark/templates/volumesnapshotlocation.yaml b/stable/ark/templates/volumesnapshotlocation.yaml index afa287c0fd8b..d6cf91d6e356 100644 --- a/stable/ark/templates/volumesnapshotlocation.yaml +++ b/stable/ark/templates/volumesnapshotlocation.yaml @@ -1,6 +1,6 @@ {{- $root := . }} {{- with .Values.configuration }} -{{- with .persistentVolumeProvider }} +{{- with .volumeSnapshotLocation }} apiVersion: ark.heptio.com/v1 kind: VolumeSnapshotLocation metadata: diff --git a/stable/ark/values.yaml b/stable/ark/values.yaml index 1eac4e73900e..24ac00245022 100644 --- a/stable/ark/values.yaml +++ b/stable/ark/values.yaml @@ -3,9 +3,12 @@ image: tag: v0.10.1 pullPolicy: IfNotPresent -# Only kube2iam: change the AWS_ACCOUNT_ID and HEPTIO_ARK_ROLE_NAME +# Only kube2iam/kiam: change the AWS_ACCOUNT_ID and HEPTIO_ARK_ROLE_NAME podAnnotations: {} # iam.amazonaws.com/role: arn:aws:iam:::role/ +# prometheus.io/scrape: "true" +# prometheus.io/port: "8085" +# prometheus.io/path: "/metrics" rbac: create: true @@ -24,17 +27,20 @@ nodeSelector: {} ## Parameters for the ' default' Config resource ## See https://heptio.github.io/ark/v0.9.0/config-definition configuration: - persistentVolumeProvider: {} + provider: + + volumeSnapshotLocation: {} # name: # config: # region: # apiTimeout: - backupStorageProvider: + backupStorageLocation: name: bucket: config: {} # region: + # prefix: # s3ForcePathStyle: # s3Url: # kmsKeyId: @@ -42,7 +48,6 @@ configuration: # storageAccount: backupSyncPeriod: 60m - metricsAddress: ":8085" resticTimeout: 1h restoreResourcePriorities: namespaces,persistentvolumes,persistentvolumeclaims,secrets,configmaps,serviceaccounts,limitranges,pods restoreOnlyMode: false @@ -65,3 +70,16 @@ credentials: secretContents: {} deployRestic: false + +metrics: + enabled: false + scrapeInterval: 30s + + # Pod annotations for Prometheus + podAnnotations: + prometheus.io/scrape: "true" + prometheus.io/port: "8085" + + serviceMonitor: + enabled: false + additionalLabels: {} From 28250ead2088bb36831864f43648d94dfee4f618 Mon Sep 17 00:00:00 2001 From: Dmitry Verkhoturov Date: Fri, 22 Feb 2019 21:27:28 +0300 Subject: [PATCH 0274/1586] [stable/prometheus-operator] Improve rules sync rules and description (#11617) * [stable/prometheus-operator] bump kube-state-metrics Signed-off-by: Dmitry Verkhoturov * [stable/prometheus-operator] sync rules and dashboards Signed-off-by: Dmitry Verkhoturov * [stable/prometheus-operator] move rules to prometheus folder Signed-off-by: Dmitry Verkhoturov * [stable/prometheus-operator] clarify instructions for prometheus rules and grafana dashboards changes Signed-off-by: Dmitry Verkhoturov * [stable/prometheus-operator] add prometheus rules namespace replacement Signed-off-by: Dmitry Verkhoturov * [stable/prometheus-operator] add alertmanager-$1 replacement rule Signed-off-by: Dmitry Verkhoturov * [stable/prometheus-operator] major version bump, rename DeadMansSwitch alert to Watchdog Signed-off-by: Dmitry Verkhoturov --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 2 +- .../prometheus-operator/ci/test-values.yaml | 2 +- stable/prometheus-operator/hack/README.md | 35 +++++++++++++++++-- .../hack/sync_grafana_dashboards.py | 2 ++ .../hack/sync_prometheus_rules.py | 19 +++++++--- stable/prometheus-operator/requirements.lock | 6 ++-- stable/prometheus-operator/requirements.yaml | 2 +- .../templates/grafana/dashboards/etcd.yaml | 2 ++ .../dashboards/k8s-cluster-rsrc-use.yaml | 28 ++++++++------- ...fana-coredns-k8s.yaml => k8s-coredns.yaml} | 6 ++-- .../grafana/dashboards/k8s-node-rsrc-use.yaml | 24 +++++++------ .../dashboards/k8s-resources-cluster.yaml | 26 +++++++------- .../dashboards/k8s-resources-namespace.yaml | 14 ++++---- .../grafana/dashboards/k8s-resources-pod.yaml | 14 ++++---- .../templates/grafana/dashboards/nodes.yaml | 6 ++-- .../dashboards/persistentvolumesusage.yaml | 6 ++-- .../templates/grafana/dashboards/pods.yaml | 6 ++-- .../grafana/dashboards/statefulset.yaml | 6 ++-- .../rules/alertmanager.rules.yaml | 11 +++--- .../rules/etcd.yaml | 2 ++ .../rules/general.rules.yaml | 16 +++++++-- .../rules/k8s.rules.yaml | 2 ++ .../rules/kube-apiserver.rules.yaml | 2 ++ .../kube-prometheus-node-alerting.rules.yaml | 2 ++ .../kube-prometheus-node-recording.rules.yaml | 2 ++ .../rules/kube-scheduler.rules.yaml | 2 ++ .../rules/kubernetes-absent.yaml | 9 +++-- .../rules/kubernetes-apps.yaml | 2 ++ .../rules/kubernetes-resources.yaml | 2 ++ .../rules/kubernetes-storage.yaml | 2 ++ .../rules/kubernetes-system.yaml | 6 ++-- .../rules/node.rules.yaml | 32 ++++++++++++----- .../rules/prometheus-operator.yaml | 7 ++-- .../rules/prometheus.rules.yaml | 23 ++++++------ stable/prometheus-operator/values.yaml | 2 +- 36 files changed, 226 insertions(+), 106 deletions(-) rename stable/prometheus-operator/templates/grafana/dashboards/{grafana-coredns-k8s.yaml => k8s-coredns.yaml} (99%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/alertmanager.rules.yaml (77%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/etcd.yaml (97%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/general.rules.yaml (66%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/k8s.rules.yaml (95%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/kube-apiserver.rules.yaml (91%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/kube-prometheus-node-alerting.rules.yaml (91%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/kube-prometheus-node-recording.rules.yaml (92%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/kube-scheduler.rules.yaml (95%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/kubernetes-absent.yaml (91%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/kubernetes-apps.yaml (98%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/kubernetes-resources.yaml (96%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/kubernetes-storage.yaml (94%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/kubernetes-system.yaml (93%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/node.rules.yaml (91%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/prometheus-operator.yaml (82%) rename stable/prometheus-operator/templates/{alertmanager => prometheus}/rules/prometheus.rules.yaml (81%) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 1f7690bfd1e7..047bedc4b8f8 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 3.0.0 +version: 4.0.0 appVersion: 0.29.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index c995d9cd15b2..5bea1dee3159 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -226,7 +226,7 @@ The following tables lists the configurable parameters of the prometheus-operato | `alertmanager.service.externalIPs` | List of IP addresses at which the Alertmanager server service is available | `[]` | | `alertmanager.service.loadBalancerIP` | Alertmanager Loadbalancer IP | `""` | | `alertmanager.service.loadBalancerSourceRanges` | Alertmanager Load Balancer Source Ranges | `[]` | -| `alertmanager.config` | Provide YAML to configure Alertmanager. See https://prometheus.io/docs/alerting/configuration/#configuration-file. The default provided works to suppress the DeadMansSwitch alert from `defaultRules.create` | `{"global":{"resolve_timeout":"5m"},"route":{"group_by":["job"],"group_wait":"30s","group_interval":"5m","repeat_interval":"12h","receiver":"null","routes":[{"match":{"alertname":"DeadMansSwitch"},"receiver":"null"}]},"receivers":[{"name":"null"}]}` | +| `alertmanager.config` | Provide YAML to configure Alertmanager. See https://prometheus.io/docs/alerting/configuration/#configuration-file. The default provided works to suppress the Watchdog alert from `defaultRules.create` | `{"global":{"resolve_timeout":"5m"},"route":{"group_by":["job"],"group_wait":"30s","group_interval":"5m","repeat_interval":"12h","receiver":"null","routes":[{"match":{"alertname":"Watchdog"},"receiver":"null"}]},"receivers":[{"name":"null"}]}` | | `alertmanager.alertmanagerSpec.podMetadata` | Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata Metadata Labels and Annotations gets propagated to the prometheus pods. | `{}` | | `alertmanager.alertmanagerSpec.image.tag` | Tag of Alertmanager container image to be deployed. | `v0.16.1` | | `alertmanager.alertmanagerSpec.image.repository` | Base image that is used to deploy pods, without tag. | `quay.io/prometheus/alertmanager` | diff --git a/stable/prometheus-operator/ci/test-values.yaml b/stable/prometheus-operator/ci/test-values.yaml index ae2ee1e9d53b..56b93992e7e8 100644 --- a/stable/prometheus-operator/ci/test-values.yaml +++ b/stable/prometheus-operator/ci/test-values.yaml @@ -105,7 +105,7 @@ alertmanager: receiver: 'null' routes: - match: - alertname: DeadMansSwitch + alertname: Watchdog receiver: 'null' receivers: - name: 'null' diff --git a/stable/prometheus-operator/hack/README.md b/stable/prometheus-operator/hack/README.md index 4fc7e6a90fb7..4d4e4b55b73e 100644 --- a/stable/prometheus-operator/hack/README.md +++ b/stable/prometheus-operator/hack/README.md @@ -6,7 +6,22 @@ This script generates prometheus rules set for alertmanager from any properly fo Currently following imported: - [coreos/prometheus-operator rules set](https://github.com/coreos/prometheus-operator/blob/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml) - - [etcd-io/etc rules set](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/etcd3_alert.rules.yml) (temporary disabled) + - In order to modify these rules: + - prepare and merge PR into [kubernetes-mixin](https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/rules) + - run import inside your fork of [coreos/prometheus-operator](https://github.com/coreos/prometheus-operator/tree/master/contrib/kube-prometheus) + ```bash + # run following in contrib/kube-prometheus/ folder + jb update + make generate-in-docker + ``` + - prepare and merge PR with imported changes into coreos/prometheus-operator + - run sync_prometheus_rules.py inside your fork of this repo + - send PR with changes to this repo + - [etcd-io/etc rules set](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/etcd3_alert.rules.yml) + - In order to modify these rules: + - prepare and merge PR into [etcd-io/etcd](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/grafana.json) repo + - run sync_prometheus_rules.py inside your fork of this repo + - send PR with changes to this repo ## [sync_grafana_dashboards.py](sync_grafana_dashboards.py) @@ -14,5 +29,21 @@ This script generates grafana dashboards from json files, splitting them to sepa Currently following imported: - [coreos/prometheus-operator dashboards](https://github.com/coreos/prometheus-operator/blob/master/contrib/kube-prometheus/manifests/grafana-deployment.yaml) + - In order to modify these dashboards: + - prepare and merge PR into [kubernetes-mixin](https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/dashboards) + - run import inside your fork of [coreos/prometheus-operator](https://github.com/coreos/prometheus-operator/tree/master/contrib/kube-prometheus) + ```bash + # run following in contrib/kube-prometheus/ folder + jb update + make generate-in-docker + ``` + - prepare and merge PR with imported changes into coreos/prometheus-operator + - run sync_grafana_dashboards.py inside your fork of this repo + - send PR with changes to this repo - [etcd-io/etc dashboard](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/grafana.json) - - [coreos/prometheus-operator CoreDNS dashboard](https://github.com/helm/charts/blob/master/stable/prometheus-operator/dashboards/grafana-coredns-k8s.json) (not maintained in this location) \ No newline at end of file + - In order to modify this dashboard: + - prepare and merge PR into [etcd-io/etcd](https://github.com/etcd-io/etcd/blob/master/Documentation/op-guide/grafana.json) repo + - run sync_grafana_dashboards.py inside your fork of this repo + - send PR with changes to this repo + +[CoreDNS dashboard](https://github.com/helm/charts/blob/master/stable/prometheus-operator/templates/grafana/dashboards/k8s-coredns.yaml) is the only dashboard which is maintained in this repo and can be changed without import. diff --git a/stable/prometheus-operator/hack/sync_grafana_dashboards.py b/stable/prometheus-operator/hack/sync_grafana_dashboards.py index 2a43c15df2bf..39ee7a8d7fb4 100755 --- a/stable/prometheus-operator/hack/sync_grafana_dashboards.py +++ b/stable/prometheus-operator/hack/sync_grafana_dashboards.py @@ -45,6 +45,8 @@ def new_representer(dumper, data): # standard header header = '''# Generated from '%(name)s' from %(url)s +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled%(condition)s }} apiVersion: v1 kind: ConfigMap diff --git a/stable/prometheus-operator/hack/sync_prometheus_rules.py b/stable/prometheus-operator/hack/sync_prometheus_rules.py index 89d1c2073551..5db2202f6794 100755 --- a/stable/prometheus-operator/hack/sync_prometheus_rules.py +++ b/stable/prometheus-operator/hack/sync_prometheus_rules.py @@ -26,11 +26,11 @@ def new_representer(dumper, data): charts = [ { 'source': 'https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml', - 'destination': '../templates/alertmanager/rules' + 'destination': '../templates/prometheus/rules' }, { 'source': 'https://raw.githubusercontent.com/etcd-io/etcd/master/Documentation/op-guide/etcd3_alert.rules.yml', - 'destination': '../templates/alertmanager/rules' + 'destination': '../templates/prometheus/rules' }, ] @@ -75,10 +75,18 @@ def new_representer(dumper, data): 'job="alertmanager-main"': { 'replacement': 'job="{{ $alertmanagerJob }}"', 'init': '{{- $alertmanagerJob := printf "%s-%s" (include "prometheus-operator.fullname" .) "alertmanager" }}'}, + 'namespace="monitoring"': { + 'replacement': 'namespace="{{ $namespace }}"', + 'init': '{{- $namespace := .Release.Namespace }}'}, + 'alertmanager-$1': { + 'replacement': '$1', + 'init': ''}, } # standard header header = '''# Generated from '%(name)s' group from %(url)s +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create%(condition)s }}%(init_line)s apiVersion: {{ printf "%%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule @@ -151,11 +159,11 @@ def add_rules_conditions(rules, indent=4): found_block_end = False last_line_index = next_index while not found_block_end: - last_line_index = rules.rindex('\n', index, last_line_index - 1) # find the starting position of the last line + last_line_index = rules.rindex('\n', index, last_line_index - 1) # find the starting position of the last line last_line = rules[last_line_index + 1:next_index] if last_line.startswith('{{- if'): - next_index = last_line_index + 1 # move next_index back if the current block ends in an if statement + next_index = last_line_index + 1 # move next_index back if the current block ends in an if statement continue found_block_end = True @@ -174,7 +182,8 @@ def write_group_to_file(group, url, destination): for line in replacement_map: if line in rules: rules = rules.replace(line, replacement_map[line]['replacement']) - init_line += '\n' + replacement_map[line]['init'] + if replacement_map[line]['init']: + init_line += '\n' + replacement_map[line]['init'] # append per-alert rules rules = add_rules_conditions(rules) # initialize header diff --git a/stable/prometheus-operator/requirements.lock b/stable/prometheus-operator/requirements.lock index fe579ef9eb0f..e95322e3e92e 100644 --- a/stable/prometheus-operator/requirements.lock +++ b/stable/prometheus-operator/requirements.lock @@ -1,12 +1,12 @@ dependencies: - name: kube-state-metrics repository: https://kubernetes-charts.storage.googleapis.com/ - version: 0.13.1 + version: 0.14.1 - name: prometheus-node-exporter repository: https://kubernetes-charts.storage.googleapis.com/ version: 1.3.0 - name: grafana repository: https://kubernetes-charts.storage.googleapis.com/ version: 2.0.2 -digest: sha256:99c0169cd6f694747c8fc2ce0e0da08513b6f760280b5f7eea9e0221c0780c17 -generated: 2019-02-20T11:56:24.9372718Z +digest: sha256:c3746232f84904ce907eaf0f886e2a076e75d766e81a7c12140c41890d9985f5 +generated: 2019-02-21T22:20:40.7283+03:00 diff --git a/stable/prometheus-operator/requirements.yaml b/stable/prometheus-operator/requirements.yaml index 24f5e47a2de7..076e5513b096 100644 --- a/stable/prometheus-operator/requirements.yaml +++ b/stable/prometheus-operator/requirements.yaml @@ -1,7 +1,7 @@ dependencies: - name: kube-state-metrics - version: 0.13.* + version: 0.14.* repository: https://kubernetes-charts.storage.googleapis.com/ condition: kubeStateMetrics.enabled diff --git a/stable/prometheus-operator/templates/grafana/dashboards/etcd.yaml b/stable/prometheus-operator/templates/grafana/dashboards/etcd.yaml index f10fbf106115..161b1907edb2 100644 --- a/stable/prometheus-operator/templates/grafana/dashboards/etcd.yaml +++ b/stable/prometheus-operator/templates/grafana/dashboards/etcd.yaml @@ -1,4 +1,6 @@ # Generated from 'etcd' from https://raw.githubusercontent.com/etcd-io/etcd/master/Documentation/op-guide/grafana.json +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.kubeEtcd.enabled }} apiVersion: v1 kind: ConfigMap diff --git a/stable/prometheus-operator/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml b/stable/prometheus-operator/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml index f62f74a6fa15..5792140e44bf 100644 --- a/stable/prometheus-operator/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml +++ b/stable/prometheus-operator/templates/grafana/dashboards/k8s-cluster-rsrc-use.yaml @@ -1,4 +1,6 @@ # Generated from 'k8s-cluster-rsrc-use' from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/grafana-dashboardDefinitions.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} apiVersion: v1 kind: ConfigMap @@ -40,7 +42,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 0, + "id": 1, "legend": { "avg": false, "current": false, @@ -69,7 +71,7 @@ data: "steppedLine": false, "targets": [ { - "expr": "node:node_cpu_utilisation:avg1m * node:node_num_cpu:sum / scalar(sum(node:node_num_cpu:sum))", + "expr": "node:cluster_cpu_utilisation:ratio", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{`{{node}}`}}", @@ -126,7 +128,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 1, + "id": 2, "legend": { "avg": false, "current": false, @@ -224,7 +226,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 2, + "id": 3, "legend": { "avg": false, "current": false, @@ -253,7 +255,7 @@ data: "steppedLine": false, "targets": [ { - "expr": "node:node_memory_utilisation:ratio", + "expr": "node:cluster_memory_utilisation:ratio", "format": "time_series", "intervalFactor": 2, "legendFormat": "{{`{{node}}`}}", @@ -310,7 +312,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 3, + "id": 4, "legend": { "avg": false, "current": false, @@ -408,7 +410,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 4, + "id": 5, "legend": { "avg": false, "current": false, @@ -494,7 +496,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 5, + "id": 6, "legend": { "avg": false, "current": false, @@ -592,7 +594,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 6, + "id": 7, "legend": { "avg": false, "current": false, @@ -678,7 +680,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 7, + "id": 8, "legend": { "avg": false, "current": false, @@ -776,7 +778,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 8, + "id": 9, "legend": { "avg": false, "current": false, @@ -865,7 +867,7 @@ data: "schemaVersion": 14, "style": "dark", "tags": [ - + "kubernetes-mixin" ], "templating": { "list": [ @@ -917,7 +919,7 @@ data: ] }, "timezone": "", - "title": "K8s / USE Method / Cluster", + "title": "Kubernetes / USE Method / Cluster", "uid": "a6e7d1362e1ddbb79db21d5bb40d7137", "version": 0 } diff --git a/stable/prometheus-operator/templates/grafana/dashboards/grafana-coredns-k8s.yaml b/stable/prometheus-operator/templates/grafana/dashboards/k8s-coredns.yaml similarity index 99% rename from stable/prometheus-operator/templates/grafana/dashboards/grafana-coredns-k8s.yaml rename to stable/prometheus-operator/templates/grafana/dashboards/k8s-coredns.yaml index bd6306d94a55..b638913e8561 100644 --- a/stable/prometheus-operator/templates/grafana/dashboards/grafana-coredns-k8s.yaml +++ b/stable/prometheus-operator/templates/grafana/dashboards/k8s-coredns.yaml @@ -1,9 +1,9 @@ -# Added manually, should be changed in-place. +# Added manually, can be changed in-place. {{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled .Values.coreDns.enabled }} apiVersion: v1 kind: ConfigMap metadata: - name: {{ printf "%s-%s" (include "prometheus-operator.fullname" $) "grafana-coredns-k8s" | trunc 63 | trimSuffix "-" }} + name: {{ printf "%s-%s" (include "prometheus-operator.fullname" $) "k8s-coredns" | trunc 63 | trimSuffix "-" }} labels: {{- if $.Values.grafana.sidecar.dashboards.label }} {{ $.Values.grafana.sidecar.dashboards.label }}: "1" @@ -11,7 +11,7 @@ metadata: app: {{ template "prometheus-operator.name" $ }}-grafana {{ include "prometheus-operator.labels" $ | indent 4 }} data: - grafana-coredns-k8s.json: |- + k8s-coredns.json: |- { "annotations": { "list": [ diff --git a/stable/prometheus-operator/templates/grafana/dashboards/k8s-node-rsrc-use.yaml b/stable/prometheus-operator/templates/grafana/dashboards/k8s-node-rsrc-use.yaml index cd68fe26da0e..19394efe1b7e 100644 --- a/stable/prometheus-operator/templates/grafana/dashboards/k8s-node-rsrc-use.yaml +++ b/stable/prometheus-operator/templates/grafana/dashboards/k8s-node-rsrc-use.yaml @@ -1,4 +1,6 @@ # Generated from 'k8s-node-rsrc-use' from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/grafana-dashboardDefinitions.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} apiVersion: v1 kind: ConfigMap @@ -40,7 +42,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 0, + "id": 1, "legend": { "avg": false, "current": false, @@ -126,7 +128,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 1, + "id": 2, "legend": { "avg": false, "current": false, @@ -224,7 +226,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 2, + "id": 3, "legend": { "avg": false, "current": false, @@ -310,7 +312,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 3, + "id": 4, "legend": { "avg": false, "current": false, @@ -408,7 +410,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 4, + "id": 5, "legend": { "avg": false, "current": false, @@ -494,7 +496,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 5, + "id": 6, "legend": { "avg": false, "current": false, @@ -592,7 +594,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 6, + "id": 7, "legend": { "avg": false, "current": false, @@ -678,7 +680,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 7, + "id": 8, "legend": { "avg": false, "current": false, @@ -776,7 +778,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 8, + "id": 9, "legend": { "avg": false, "current": false, @@ -865,7 +867,7 @@ data: "schemaVersion": 14, "style": "dark", "tags": [ - + "kubernetes-mixin" ], "templating": { "list": [ @@ -944,7 +946,7 @@ data: ] }, "timezone": "", - "title": "K8s / USE Method / Node", + "title": "Kubernetes / USE Method / Node", "uid": "4ac4f123aae0ff6dbaf4f4f66120033b", "version": 0 } diff --git a/stable/prometheus-operator/templates/grafana/dashboards/k8s-resources-cluster.yaml b/stable/prometheus-operator/templates/grafana/dashboards/k8s-resources-cluster.yaml index c5bb0f753899..2f61ac420ce8 100644 --- a/stable/prometheus-operator/templates/grafana/dashboards/k8s-resources-cluster.yaml +++ b/stable/prometheus-operator/templates/grafana/dashboards/k8s-resources-cluster.yaml @@ -1,4 +1,6 @@ # Generated from 'k8s-resources-cluster' from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/grafana-dashboardDefinitions.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} apiVersion: v1 kind: ConfigMap @@ -41,7 +43,7 @@ data: "datasource": "$datasource", "fill": 1, "format": "percentunit", - "id": 0, + "id": 1, "legend": { "avg": false, "current": false, @@ -125,7 +127,7 @@ data: "datasource": "$datasource", "fill": 1, "format": "percentunit", - "id": 1, + "id": 2, "legend": { "avg": false, "current": false, @@ -209,7 +211,7 @@ data: "datasource": "$datasource", "fill": 1, "format": "percentunit", - "id": 2, + "id": 3, "legend": { "avg": false, "current": false, @@ -293,7 +295,7 @@ data: "datasource": "$datasource", "fill": 1, "format": "percentunit", - "id": 3, + "id": 4, "legend": { "avg": false, "current": false, @@ -377,7 +379,7 @@ data: "datasource": "$datasource", "fill": 1, "format": "percentunit", - "id": 4, + "id": 5, "legend": { "avg": false, "current": false, @@ -461,7 +463,7 @@ data: "datasource": "$datasource", "fill": 1, "format": "percentunit", - "id": 5, + "id": 6, "legend": { "avg": false, "current": false, @@ -556,7 +558,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 6, + "id": 7, "legend": { "avg": false, "current": false, @@ -654,7 +656,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 7, + "id": 8, "legend": { "avg": false, "current": false, @@ -921,7 +923,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 8, + "id": 9, "legend": { "avg": false, "current": false, @@ -1019,7 +1021,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 9, + "id": 10, "legend": { "avg": false, "current": false, @@ -1277,7 +1279,7 @@ data: "schemaVersion": 14, "style": "dark", "tags": [ - + "kubernetes-mixin" ], "templating": { "list": [ @@ -1329,7 +1331,7 @@ data: ] }, "timezone": "", - "title": "K8s / Compute Resources / Cluster", + "title": "Kubernetes / Compute Resources / Cluster", "uid": "efa86fd1d0c121a26444b636a3f509a8", "version": 0 } diff --git a/stable/prometheus-operator/templates/grafana/dashboards/k8s-resources-namespace.yaml b/stable/prometheus-operator/templates/grafana/dashboards/k8s-resources-namespace.yaml index fc3c2e3feb68..fae35be88bda 100644 --- a/stable/prometheus-operator/templates/grafana/dashboards/k8s-resources-namespace.yaml +++ b/stable/prometheus-operator/templates/grafana/dashboards/k8s-resources-namespace.yaml @@ -1,4 +1,6 @@ # Generated from 'k8s-resources-namespace' from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/grafana-dashboardDefinitions.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} apiVersion: v1 kind: ConfigMap @@ -40,7 +42,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 0, + "id": 1, "legend": { "avg": false, "current": false, @@ -138,7 +140,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 1, + "id": 2, "legend": { "avg": false, "current": false, @@ -405,7 +407,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 2, + "id": 3, "legend": { "avg": false, "current": false, @@ -503,7 +505,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 3, + "id": 4, "legend": { "avg": false, "current": false, @@ -761,7 +763,7 @@ data: "schemaVersion": 14, "style": "dark", "tags": [ - + "kubernetes-mixin" ], "templating": { "list": [ @@ -840,7 +842,7 @@ data: ] }, "timezone": "", - "title": "K8s / Compute Resources / Namespace", + "title": "Kubernetes / Compute Resources / Namespace", "uid": "85a562078cdf77779eaa1add43ccec1e", "version": 0 } diff --git a/stable/prometheus-operator/templates/grafana/dashboards/k8s-resources-pod.yaml b/stable/prometheus-operator/templates/grafana/dashboards/k8s-resources-pod.yaml index 246c6115f13c..1678a051459b 100644 --- a/stable/prometheus-operator/templates/grafana/dashboards/k8s-resources-pod.yaml +++ b/stable/prometheus-operator/templates/grafana/dashboards/k8s-resources-pod.yaml @@ -1,4 +1,6 @@ # Generated from 'k8s-resources-pod' from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/grafana-dashboardDefinitions.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} apiVersion: v1 kind: ConfigMap @@ -40,7 +42,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 0, + "id": 1, "legend": { "avg": false, "current": false, @@ -138,7 +140,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 1, + "id": 2, "legend": { "avg": false, "current": false, @@ -405,7 +407,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 10, - "id": 2, + "id": 3, "legend": { "avg": false, "current": false, @@ -503,7 +505,7 @@ data: "dashes": false, "datasource": "$datasource", "fill": 1, - "id": 3, + "id": 4, "legend": { "avg": false, "current": false, @@ -761,7 +763,7 @@ data: "schemaVersion": 14, "style": "dark", "tags": [ - + "kubernetes-mixin" ], "templating": { "list": [ @@ -867,7 +869,7 @@ data: ] }, "timezone": "", - "title": "K8s / Compute Resources / Pod", + "title": "Kubernetes / Compute Resources / Pod", "uid": "6581e46e4e5c7ba40a07646395ef7b23", "version": 0 } diff --git a/stable/prometheus-operator/templates/grafana/dashboards/nodes.yaml b/stable/prometheus-operator/templates/grafana/dashboards/nodes.yaml index 62f0e170b2a0..ebc112c0a395 100644 --- a/stable/prometheus-operator/templates/grafana/dashboards/nodes.yaml +++ b/stable/prometheus-operator/templates/grafana/dashboards/nodes.yaml @@ -1,4 +1,6 @@ # Generated from 'nodes' from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/grafana-dashboardDefinitions.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} apiVersion: v1 kind: ConfigMap @@ -1241,7 +1243,7 @@ data: "schemaVersion": 14, "style": "dark", "tags": [ - + "kubernetes-mixin" ], "templating": { "list": [ @@ -1319,7 +1321,7 @@ data: ] }, "timezone": "", - "title": "Nodes", + "title": "Kubernetes / Nodes", "uid": "fa49a4706d07a042595b664c87fb33ea", "version": 0 } diff --git a/stable/prometheus-operator/templates/grafana/dashboards/persistentvolumesusage.yaml b/stable/prometheus-operator/templates/grafana/dashboards/persistentvolumesusage.yaml index e3225d3ce708..fe32a0137325 100644 --- a/stable/prometheus-operator/templates/grafana/dashboards/persistentvolumesusage.yaml +++ b/stable/prometheus-operator/templates/grafana/dashboards/persistentvolumesusage.yaml @@ -1,4 +1,6 @@ # Generated from 'persistentvolumesusage' from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/grafana-dashboardDefinitions.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} apiVersion: v1 kind: ConfigMap @@ -246,7 +248,7 @@ data: "schemaVersion": 14, "style": "dark", "tags": [ - + "kubernetes-mixin" ], "templating": { "list": [ @@ -350,7 +352,7 @@ data: ] }, "timezone": "", - "title": "Persistent Volumes", + "title": "Kubernetes / Persistent Volumes", "uid": "919b92a8e8041bd567af9edab12c840c", "version": 0 } diff --git a/stable/prometheus-operator/templates/grafana/dashboards/pods.yaml b/stable/prometheus-operator/templates/grafana/dashboards/pods.yaml index a0af807cc2e7..f2bc6c407605 100644 --- a/stable/prometheus-operator/templates/grafana/dashboards/pods.yaml +++ b/stable/prometheus-operator/templates/grafana/dashboards/pods.yaml @@ -1,4 +1,6 @@ # Generated from 'pods' from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/grafana-dashboardDefinitions.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} apiVersion: v1 kind: ConfigMap @@ -361,7 +363,7 @@ data: "schemaVersion": 14, "style": "dark", "tags": [ - + "kubernetes-mixin" ], "templating": { "list": [ @@ -491,7 +493,7 @@ data: ] }, "timezone": "", - "title": "Pods", + "title": "Kubernetes / Pods", "uid": "ab4f13a9892a76a4d21ce8c2445bf4ea", "version": 0 } diff --git a/stable/prometheus-operator/templates/grafana/dashboards/statefulset.yaml b/stable/prometheus-operator/templates/grafana/dashboards/statefulset.yaml index f73865f8e7da..6195833d87dd 100644 --- a/stable/prometheus-operator/templates/grafana/dashboards/statefulset.yaml +++ b/stable/prometheus-operator/templates/grafana/dashboards/statefulset.yaml @@ -1,4 +1,6 @@ # Generated from 'statefulset' from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/grafana-dashboardDefinitions.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.grafana.enabled .Values.grafana.defaultDashboardsEnabled }} apiVersion: v1 kind: ConfigMap @@ -760,7 +762,7 @@ data: "schemaVersion": 14, "style": "dark", "tags": [ - + "kubernetes-mixin" ], "templating": { "list": [ @@ -864,7 +866,7 @@ data: ] }, "timezone": "", - "title": "StatefulSets", + "title": "Kubernetes / StatefulSets", "uid": "a31c1f46e6f727cb37c0d731a7245005", "version": 0 } diff --git a/stable/prometheus-operator/templates/alertmanager/rules/alertmanager.rules.yaml b/stable/prometheus-operator/templates/prometheus/rules/alertmanager.rules.yaml similarity index 77% rename from stable/prometheus-operator/templates/alertmanager/rules/alertmanager.rules.yaml rename to stable/prometheus-operator/templates/prometheus/rules/alertmanager.rules.yaml index ed4df1aaaaa4..c1762fd1a4ca 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/alertmanager.rules.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/alertmanager.rules.yaml @@ -1,7 +1,10 @@ # Generated from 'alertmanager.rules' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.defaultRules.rules.alertmanager }} {{- $operatorJob := printf "%s-%s" (include "prometheus-operator.fullname" .) "operator" }} {{- $alertmanagerJob := printf "%s-%s" (include "prometheus-operator.fullname" .) "alertmanager" }} +{{- $namespace := .Release.Namespace }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule metadata: @@ -23,14 +26,14 @@ spec: - alert: AlertmanagerConfigInconsistent annotations: message: The configuration of the instances of the Alertmanager cluster `{{`{{$labels.service}}`}}` are out of sync. - expr: count_values("config_hash", alertmanager_config_hash{job="{{ $alertmanagerJob }}"}) BY (service) / ON(service) GROUP_LEFT() label_replace(prometheus_operator_spec_replicas{job="{{ $operatorJob }}",controller="alertmanager"}, "service", "alertmanager-$1", "name", "(.*)") != 1 + expr: count_values("config_hash", alertmanager_config_hash{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}) BY (service) / ON(service) GROUP_LEFT() label_replace(prometheus_operator_spec_replicas{job="{{ $operatorJob }}",namespace="{{ $namespace }}",controller="alertmanager"}, "service", "$1", "name", "(.*)") != 1 for: 5m labels: severity: critical - alert: AlertmanagerFailedReload annotations: message: Reloading Alertmanager's configuration has failed for {{`{{ $labels.namespace }}`}}/{{`{{ $labels.pod}}`}}. - expr: alertmanager_config_last_reload_successful{job="{{ $alertmanagerJob }}"} == 0 + expr: alertmanager_config_last_reload_successful{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} == 0 for: 10m labels: severity: warning @@ -38,9 +41,9 @@ spec: annotations: message: Alertmanager has not found all other members of the cluster. expr: |- - alertmanager_cluster_members{job="{{ $alertmanagerJob }}"} + alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} != on (service) GROUP_LEFT() - count by (service) (alertmanager_cluster_members{job="{{ $alertmanagerJob }}"}) + count by (service) (alertmanager_cluster_members{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"}) for: 5m labels: severity: critical diff --git a/stable/prometheus-operator/templates/alertmanager/rules/etcd.yaml b/stable/prometheus-operator/templates/prometheus/rules/etcd.yaml similarity index 97% rename from stable/prometheus-operator/templates/alertmanager/rules/etcd.yaml rename to stable/prometheus-operator/templates/prometheus/rules/etcd.yaml index 7370bb99f179..a68eeff2a5e5 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/etcd.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/etcd.yaml @@ -1,4 +1,6 @@ # Generated from 'etcd' group from https://raw.githubusercontent.com/etcd-io/etcd/master/Documentation/op-guide/etcd3_alert.rules.yml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.kubeEtcd.enabled .Values.defaultRules.rules.etcd }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule diff --git a/stable/prometheus-operator/templates/alertmanager/rules/general.rules.yaml b/stable/prometheus-operator/templates/prometheus/rules/general.rules.yaml similarity index 66% rename from stable/prometheus-operator/templates/alertmanager/rules/general.rules.yaml rename to stable/prometheus-operator/templates/prometheus/rules/general.rules.yaml index 93ff5a7ce666..9f8349f9a32b 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/general.rules.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/general.rules.yaml @@ -1,4 +1,6 @@ # Generated from 'general.rules' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.defaultRules.rules.general }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule @@ -25,9 +27,19 @@ spec: for: 10m labels: severity: warning - - alert: DeadMansSwitch + - alert: Watchdog annotations: - message: This is a DeadMansSwitch meant to ensure that the entire alerting pipeline is functional. + message: 'This is an alert meant to ensure that the entire alerting pipeline is functional. + + This alert is always firing, therefore it should always be firing in Alertmanager + + and always fire against a receiver. There are integrations with various notification + + mechanisms that send a notification when this alert is not firing. For example the + + "DeadMansSnitch" integration in PagerDuty. + + ' expr: vector(1) labels: severity: none diff --git a/stable/prometheus-operator/templates/alertmanager/rules/k8s.rules.yaml b/stable/prometheus-operator/templates/prometheus/rules/k8s.rules.yaml similarity index 95% rename from stable/prometheus-operator/templates/alertmanager/rules/k8s.rules.yaml rename to stable/prometheus-operator/templates/prometheus/rules/k8s.rules.yaml index 9c3fed5750ec..678df00825db 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/k8s.rules.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/k8s.rules.yaml @@ -1,4 +1,6 @@ # Generated from 'k8s.rules' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.defaultRules.rules.k8s }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule diff --git a/stable/prometheus-operator/templates/alertmanager/rules/kube-apiserver.rules.yaml b/stable/prometheus-operator/templates/prometheus/rules/kube-apiserver.rules.yaml similarity index 91% rename from stable/prometheus-operator/templates/alertmanager/rules/kube-apiserver.rules.yaml rename to stable/prometheus-operator/templates/prometheus/rules/kube-apiserver.rules.yaml index a2afeb1807d6..cbb19cb713ca 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/kube-apiserver.rules.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/kube-apiserver.rules.yaml @@ -1,4 +1,6 @@ # Generated from 'kube-apiserver.rules' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.kubeApiServer.enabled .Values.defaultRules.rules.kubeApiserver }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule diff --git a/stable/prometheus-operator/templates/alertmanager/rules/kube-prometheus-node-alerting.rules.yaml b/stable/prometheus-operator/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml similarity index 91% rename from stable/prometheus-operator/templates/alertmanager/rules/kube-prometheus-node-alerting.rules.yaml rename to stable/prometheus-operator/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml index 3a99e2752038..2df9a09666d7 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/kube-prometheus-node-alerting.rules.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/kube-prometheus-node-alerting.rules.yaml @@ -1,4 +1,6 @@ # Generated from 'kube-prometheus-node-alerting.rules' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusNodeAlerting }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule diff --git a/stable/prometheus-operator/templates/alertmanager/rules/kube-prometheus-node-recording.rules.yaml b/stable/prometheus-operator/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml similarity index 92% rename from stable/prometheus-operator/templates/alertmanager/rules/kube-prometheus-node-recording.rules.yaml rename to stable/prometheus-operator/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml index 208644cebcb8..0d2ff510ec21 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/kube-prometheus-node-recording.rules.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/kube-prometheus-node-recording.rules.yaml @@ -1,4 +1,6 @@ # Generated from 'kube-prometheus-node-recording.rules' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.defaultRules.rules.kubePrometheusNodeRecording }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule diff --git a/stable/prometheus-operator/templates/alertmanager/rules/kube-scheduler.rules.yaml b/stable/prometheus-operator/templates/prometheus/rules/kube-scheduler.rules.yaml similarity index 95% rename from stable/prometheus-operator/templates/alertmanager/rules/kube-scheduler.rules.yaml rename to stable/prometheus-operator/templates/prometheus/rules/kube-scheduler.rules.yaml index a2f2fef0d866..e51b01816f8d 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/kube-scheduler.rules.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/kube-scheduler.rules.yaml @@ -1,4 +1,6 @@ # Generated from 'kube-scheduler.rules' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.kubeScheduler.enabled .Values.defaultRules.rules.kubeScheduler }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule diff --git a/stable/prometheus-operator/templates/alertmanager/rules/kubernetes-absent.yaml b/stable/prometheus-operator/templates/prometheus/rules/kubernetes-absent.yaml similarity index 91% rename from stable/prometheus-operator/templates/alertmanager/rules/kubernetes-absent.yaml rename to stable/prometheus-operator/templates/prometheus/rules/kubernetes-absent.yaml index e40332df0d36..19b094913c21 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/kubernetes-absent.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/kubernetes-absent.yaml @@ -1,8 +1,11 @@ # Generated from 'kubernetes-absent' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.defaultRules.rules.kubernetesAbsent }} {{- $operatorJob := printf "%s-%s" (include "prometheus-operator.fullname" .) "operator" }} {{- $prometheusJob := printf "%s-%s" (include "prometheus-operator.fullname" .) "prometheus" }} {{- $alertmanagerJob := printf "%s-%s" (include "prometheus-operator.fullname" .) "alertmanager" }} +{{- $namespace := .Release.Namespace }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule metadata: @@ -25,7 +28,7 @@ spec: annotations: message: Alertmanager has disappeared from Prometheus target discovery. runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-alertmanagerdown - expr: absent(up{job="{{ $alertmanagerJob }}"} == 1) + expr: absent(up{job="{{ $alertmanagerJob }}",namespace="{{ $namespace }}"} == 1) for: 15m labels: severity: critical @@ -103,7 +106,7 @@ spec: annotations: message: Prometheus has disappeared from Prometheus target discovery. runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-prometheusdown - expr: absent(up{job="{{ $prometheusJob }}"} == 1) + expr: absent(up{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} == 1) for: 15m labels: severity: critical @@ -112,7 +115,7 @@ spec: annotations: message: PrometheusOperator has disappeared from Prometheus target discovery. runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-prometheusoperatordown - expr: absent(up{job="{{ $operatorJob }}"} == 1) + expr: absent(up{job="{{ $operatorJob }}",namespace="{{ $namespace }}"} == 1) for: 15m labels: severity: critical diff --git a/stable/prometheus-operator/templates/alertmanager/rules/kubernetes-apps.yaml b/stable/prometheus-operator/templates/prometheus/rules/kubernetes-apps.yaml similarity index 98% rename from stable/prometheus-operator/templates/alertmanager/rules/kubernetes-apps.yaml rename to stable/prometheus-operator/templates/prometheus/rules/kubernetes-apps.yaml index 11ed563637bd..d3d2c498405a 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/kubernetes-apps.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/kubernetes-apps.yaml @@ -1,4 +1,6 @@ # Generated from 'kubernetes-apps' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.kubeStateMetrics.enabled .Values.defaultRules.rules.kubernetesApps }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule diff --git a/stable/prometheus-operator/templates/alertmanager/rules/kubernetes-resources.yaml b/stable/prometheus-operator/templates/prometheus/rules/kubernetes-resources.yaml similarity index 96% rename from stable/prometheus-operator/templates/alertmanager/rules/kubernetes-resources.yaml rename to stable/prometheus-operator/templates/prometheus/rules/kubernetes-resources.yaml index 26f3b17b4e28..ed4a83c61960 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/kubernetes-resources.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/kubernetes-resources.yaml @@ -1,4 +1,6 @@ # Generated from 'kubernetes-resources' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.defaultRules.rules.kubernetesResources }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule diff --git a/stable/prometheus-operator/templates/alertmanager/rules/kubernetes-storage.yaml b/stable/prometheus-operator/templates/prometheus/rules/kubernetes-storage.yaml similarity index 94% rename from stable/prometheus-operator/templates/alertmanager/rules/kubernetes-storage.yaml rename to stable/prometheus-operator/templates/prometheus/rules/kubernetes-storage.yaml index 60ab6812aff0..edd8f5fc3904 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/kubernetes-storage.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/kubernetes-storage.yaml @@ -1,4 +1,6 @@ # Generated from 'kubernetes-storage' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.defaultRules.rules.kubernetesStorage }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule diff --git a/stable/prometheus-operator/templates/alertmanager/rules/kubernetes-system.yaml b/stable/prometheus-operator/templates/prometheus/rules/kubernetes-system.yaml similarity index 93% rename from stable/prometheus-operator/templates/alertmanager/rules/kubernetes-system.yaml rename to stable/prometheus-operator/templates/prometheus/rules/kubernetes-system.yaml index 653bb047fea6..8ccfa5bfbb0a 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/kubernetes-system.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/kubernetes-system.yaml @@ -1,4 +1,6 @@ # Generated from 'kubernetes-system' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.defaultRules.rules.kubernetesSystem }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule @@ -28,9 +30,9 @@ spec: severity: warning - alert: KubeVersionMismatch annotations: - message: There are {{`{{ $value }}`}} different versions of Kubernetes components running. + message: There are {{`{{ $value }}`}} different semantic versions of Kubernetes components running. runbook_url: https://github.com/kubernetes-monitoring/kubernetes-mixin/tree/master/runbook.md#alert-name-kubeversionmismatch - expr: count(count(kubernetes_build_info{job!="kube-dns"}) by (gitVersion)) > 1 + expr: count(count by (gitVersion) (label_replace(kubernetes_build_info{job!="kube-dns"},"gitVersion","$1","gitVersion","(v[0-9]*.[0-9]*.[0-9]*).*"))) > 1 for: 1h labels: severity: warning diff --git a/stable/prometheus-operator/templates/alertmanager/rules/node.rules.yaml b/stable/prometheus-operator/templates/prometheus/rules/node.rules.yaml similarity index 91% rename from stable/prometheus-operator/templates/alertmanager/rules/node.rules.yaml rename to stable/prometheus-operator/templates/prometheus/rules/node.rules.yaml index 6c92e79c588c..3524543784a3 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/node.rules.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/node.rules.yaml @@ -1,4 +1,6 @@ # Generated from 'node.rules' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.nodeExporter.enabled .Values.defaultRules.rules.node }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule @@ -37,6 +39,13 @@ spec: * on (namespace, pod) group_left(node) node_namespace_pod:kube_pod_info:) record: node:node_cpu_utilisation:avg1m + - expr: |- + node:node_cpu_utilisation:avg1m + * + node:node_num_cpu:sum + / + scalar(sum(node:node_num_cpu:sum)) + record: node:cluster_cpu_utilisation:ratio - expr: |- sum(node_load1{job="node-exporter"}) / @@ -78,8 +87,13 @@ spec: - expr: |- (node:node_memory_bytes_total:sum - node:node_memory_bytes_available:sum) / - scalar(sum(node:node_memory_bytes_total:sum)) + node:node_memory_bytes_total:sum record: node:node_memory_utilisation:ratio + - expr: |- + (node:node_memory_bytes_total:sum - node:node_memory_bytes_available:sum) + / + scalar(sum(node:node_memory_bytes_total:sum)) + record: node:cluster_memory_utilisation:ratio - expr: |- 1e3 * sum( (rate(node_vmstat_pgpgin{job="node-exporter"}[1m]) @@ -136,25 +150,25 @@ spec: - expr: max by (namespace, pod, device) (node_filesystem_avail_bytes{fstype=~"ext[234]|btrfs|xfs|zfs"} / node_filesystem_size_bytes{fstype=~"ext[234]|btrfs|xfs|zfs"}) record: 'node:node_filesystem_avail:' - expr: |- - sum(irate(node_network_receive_bytes_total{job="node-exporter",device="eth0"}[1m])) + - sum(irate(node_network_transmit_bytes_total{job="node-exporter",device="eth0"}[1m])) + sum(irate(node_network_receive_bytes_total{job="node-exporter",device!~"veth.+"}[1m])) + + sum(irate(node_network_transmit_bytes_total{job="node-exporter",device!~"veth.+"}[1m])) record: :node_net_utilisation:sum_irate - expr: |- sum by (node) ( - (irate(node_network_receive_bytes_total{job="node-exporter",device="eth0"}[1m]) + - irate(node_network_transmit_bytes_total{job="node-exporter",device="eth0"}[1m])) + (irate(node_network_receive_bytes_total{job="node-exporter",device!~"veth.+"}[1m]) + + irate(node_network_transmit_bytes_total{job="node-exporter",device!~"veth.+"}[1m])) * on (namespace, pod) group_left(node) node_namespace_pod:kube_pod_info: ) record: node:node_net_utilisation:sum_irate - expr: |- - sum(irate(node_network_receive_drop_total{job="node-exporter",device="eth0"}[1m])) + - sum(irate(node_network_transmit_drop_total{job="node-exporter",device="eth0"}[1m])) + sum(irate(node_network_receive_drop_total{job="node-exporter",device!~"veth.+"}[1m])) + + sum(irate(node_network_transmit_drop_total{job="node-exporter",device!~"veth.+"}[1m])) record: :node_net_saturation:sum_irate - expr: |- sum by (node) ( - (irate(node_network_receive_drop_total{job="node-exporter",device="eth0"}[1m]) + - irate(node_network_transmit_drop_total{job="node-exporter",device="eth0"}[1m])) + (irate(node_network_receive_drop_total{job="node-exporter",device!~"veth.+"}[1m]) + + irate(node_network_transmit_drop_total{job="node-exporter",device!~"veth.+"}[1m])) * on (namespace, pod) group_left(node) node_namespace_pod:kube_pod_info: ) diff --git a/stable/prometheus-operator/templates/alertmanager/rules/prometheus-operator.yaml b/stable/prometheus-operator/templates/prometheus/rules/prometheus-operator.yaml similarity index 82% rename from stable/prometheus-operator/templates/alertmanager/rules/prometheus-operator.yaml rename to stable/prometheus-operator/templates/prometheus/rules/prometheus-operator.yaml index 55725275b76c..774a540c5d6f 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/prometheus-operator.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/prometheus-operator.yaml @@ -1,6 +1,9 @@ # Generated from 'prometheus-operator' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.defaultRules.rules.prometheusOperator }} {{- $operatorJob := printf "%s-%s" (include "prometheus-operator.fullname" .) "operator" }} +{{- $namespace := .Release.Namespace }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule metadata: @@ -22,14 +25,14 @@ spec: - alert: PrometheusOperatorReconcileErrors annotations: message: Errors while reconciling {{`{{ $labels.controller }}`}} in {{`{{ $labels.namespace }}`}} Namespace. - expr: rate(prometheus_operator_reconcile_errors_total{job="{{ $operatorJob }}"}[5m]) > 0.1 + expr: rate(prometheus_operator_reconcile_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0.1 for: 10m labels: severity: warning - alert: PrometheusOperatorNodeLookupErrors annotations: message: Errors while reconciling Prometheus in {{`{{ $labels.namespace }}`}} Namespace. - expr: rate(prometheus_operator_node_address_lookup_errors_total{job="{{ $operatorJob }}"}[5m]) > 0.1 + expr: rate(prometheus_operator_node_address_lookup_errors_total{job="{{ $operatorJob }}",namespace="{{ $namespace }}"}[5m]) > 0.1 for: 10m labels: severity: warning diff --git a/stable/prometheus-operator/templates/alertmanager/rules/prometheus.rules.yaml b/stable/prometheus-operator/templates/prometheus/rules/prometheus.rules.yaml similarity index 81% rename from stable/prometheus-operator/templates/alertmanager/rules/prometheus.rules.yaml rename to stable/prometheus-operator/templates/prometheus/rules/prometheus.rules.yaml index bb31139c2a6f..3c9e14900656 100644 --- a/stable/prometheus-operator/templates/alertmanager/rules/prometheus.rules.yaml +++ b/stable/prometheus-operator/templates/prometheus/rules/prometheus.rules.yaml @@ -1,6 +1,9 @@ # Generated from 'prometheus.rules' group from https://raw.githubusercontent.com/coreos/prometheus-operator/master/contrib/kube-prometheus/manifests/prometheus-rules.yaml +# Do not change in-place! In order to change this file first read following link: +# https://github.com/helm/charts/tree/master/stable/prometheus-operator/hack {{- if and .Values.defaultRules.create .Values.defaultRules.rules.prometheus }} {{- $prometheusJob := printf "%s-%s" (include "prometheus-operator.fullname" .) "prometheus" }} +{{- $namespace := .Release.Namespace }} apiVersion: {{ printf "%s/v1" (.Values.prometheusOperator.crdApiGroup | default "monitoring.coreos.com") }} kind: PrometheusRule metadata: @@ -23,7 +26,7 @@ spec: annotations: description: Reloading Prometheus' configuration has failed for {{`{{$labels.namespace}}`}}/{{`{{$labels.pod}}`}} summary: Reloading Prometheus' configuration failed - expr: prometheus_config_last_reload_successful{job="{{ $prometheusJob }}"} == 0 + expr: prometheus_config_last_reload_successful{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} == 0 for: 10m labels: severity: warning @@ -31,7 +34,7 @@ spec: annotations: description: Prometheus' alert notification queue is running full for {{`{{$labels.namespace}}`}}/{{`{{ $labels.pod}}`}} summary: Prometheus' alert notification queue is running full - expr: predict_linear(prometheus_notifications_queue_length{job="{{ $prometheusJob }}"}[5m], 60 * 30) > prometheus_notifications_queue_capacity{job="{{ $prometheusJob }}"} + expr: predict_linear(prometheus_notifications_queue_length{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m], 60 * 30) > prometheus_notifications_queue_capacity{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} for: 10m labels: severity: warning @@ -39,7 +42,7 @@ spec: annotations: description: Errors while sending alerts from Prometheus {{`{{$labels.namespace}}`}}/{{`{{ $labels.pod}}`}} to Alertmanager {{`{{$labels.Alertmanager}}`}} summary: Errors while sending alert from Prometheus - expr: rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}"}[5m]) / rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}"}[5m]) > 0.01 + expr: rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) / rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0.01 for: 10m labels: severity: warning @@ -47,7 +50,7 @@ spec: annotations: description: Errors while sending alerts from Prometheus {{`{{$labels.namespace}}`}}/{{`{{ $labels.pod}}`}} to Alertmanager {{`{{$labels.Alertmanager}}`}} summary: Errors while sending alerts from Prometheus - expr: rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}"}[5m]) / rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}"}[5m]) > 0.03 + expr: rate(prometheus_notifications_errors_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) / rate(prometheus_notifications_sent_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0.03 for: 10m labels: severity: critical @@ -55,7 +58,7 @@ spec: annotations: description: Prometheus {{`{{ $labels.namespace }}`}}/{{`{{ $labels.pod}}`}} is not connected to any Alertmanagers summary: Prometheus is not connected to any Alertmanagers - expr: prometheus_notifications_alertmanagers_discovered{job="{{ $prometheusJob }}"} < 1 + expr: prometheus_notifications_alertmanagers_discovered{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} < 1 for: 10m labels: severity: warning @@ -63,7 +66,7 @@ spec: annotations: description: '{{`{{$labels.job}}`}} at {{`{{$labels.instance}}`}} had {{`{{$value | humanize}}`}} reload failures over the last four hours.' summary: Prometheus has issues reloading data blocks from disk - expr: increase(prometheus_tsdb_reloads_failures_total{job="{{ $prometheusJob }}"}[2h]) > 0 + expr: increase(prometheus_tsdb_reloads_failures_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[2h]) > 0 for: 12h labels: severity: warning @@ -71,7 +74,7 @@ spec: annotations: description: '{{`{{$labels.job}}`}} at {{`{{$labels.instance}}`}} had {{`{{$value | humanize}}`}} compaction failures over the last four hours.' summary: Prometheus has issues compacting sample blocks - expr: increase(prometheus_tsdb_compactions_failed_total{job="{{ $prometheusJob }}"}[2h]) > 0 + expr: increase(prometheus_tsdb_compactions_failed_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[2h]) > 0 for: 12h labels: severity: warning @@ -79,7 +82,7 @@ spec: annotations: description: '{{`{{$labels.job}}`}} at {{`{{$labels.instance}}`}} has a corrupted write-ahead log (WAL).' summary: Prometheus write-ahead log is corrupted - expr: tsdb_wal_corruptions_total{job="{{ $prometheusJob }}"} > 0 + expr: tsdb_wal_corruptions_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"} > 0 for: 4h labels: severity: warning @@ -87,7 +90,7 @@ spec: annotations: description: Prometheus {{`{{ $labels.namespace }}`}}/{{`{{ $labels.pod}}`}} isn't ingesting samples. summary: Prometheus isn't ingesting samples - expr: rate(prometheus_tsdb_head_samples_appended_total{job="{{ $prometheusJob }}"}[5m]) <= 0 + expr: rate(prometheus_tsdb_head_samples_appended_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) <= 0 for: 10m labels: severity: warning @@ -95,7 +98,7 @@ spec: annotations: description: '{{`{{$labels.namespace}}`}}/{{`{{$labels.pod}}`}} has many samples rejected due to duplicate timestamps but different values' summary: Prometheus has many samples rejected - expr: increase(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="{{ $prometheusJob }}"}[5m]) > 0 + expr: increase(prometheus_target_scrapes_sample_duplicate_timestamp_total{job="{{ $prometheusJob }}",namespace="{{ $namespace }}"}[5m]) > 0 for: 10m labels: severity: warning diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index 742b698a1626..804a4e87d52e 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -105,7 +105,7 @@ alertmanager: receiver: 'null' routes: - match: - alertname: DeadMansSwitch + alertname: Watchdog receiver: 'null' receivers: - name: 'null' From c20aa5c619235fc23638536505022ac61536e703 Mon Sep 17 00:00:00 2001 From: Jon Leonard Date: Fri, 22 Feb 2019 15:02:01 -0500 Subject: [PATCH 0275/1586] PXC Strict Mode (#11656) * add pxc_strict_mode parameter Signed-off-by: Jon Leonard * add README.md section on pxc_strict_mode Signed-off-by: Jon Leonard * version bump Signed-off-by: Jon Leonard --- stable/percona-xtradb-cluster/Chart.yaml | 2 +- stable/percona-xtradb-cluster/README.md | 16 ++++++++++++++++ .../percona-xtradb-cluster/files/entrypoint.sh | 4 ++-- .../templates/statefulset.yaml | 2 ++ stable/percona-xtradb-cluster/values.yaml | 4 ++++ 5 files changed, 25 insertions(+), 3 deletions(-) diff --git a/stable/percona-xtradb-cluster/Chart.yaml b/stable/percona-xtradb-cluster/Chart.yaml index 17e1c18c86e0..f88ae1575c7a 100644 --- a/stable/percona-xtradb-cluster/Chart.yaml +++ b/stable/percona-xtradb-cluster/Chart.yaml @@ -1,5 +1,5 @@ name: percona-xtradb-cluster -version: 0.6.2 +version: 0.6.3 appVersion: 5.7.19 description: free, fully compatible, enhanced, open source drop-in replacement for MySQL with Galera Replication (xtradb) diff --git a/stable/percona-xtradb-cluster/README.md b/stable/percona-xtradb-cluster/README.md index 68b54bd00867..024e1e360ac8 100644 --- a/stable/percona-xtradb-cluster/README.md +++ b/stable/percona-xtradb-cluster/README.md @@ -59,6 +59,7 @@ The following table lists the configurable parameters of the Percona chart and t | `allowRootFrom` | Remote hosts to allow root access, set to `127.0.0.1` to disable remote root | `%` | | `mysqlRootPassword` | Password for the `root` user. | `not-a-secure-password` | | `xtraBackupPassword` | Password for the `xtrabackup` user. | `replicate-my-data` | +| `pxc_strict_mode` | Setting for `pxc_strict_mode`. | ENFORCING | | `mysqlUser` | Username of new user to create. | `nil` | | `mysqlPassword` | Password for the new user. | `nil` | | `mysqlDatabase` | Name for new database to create. | `nil` | @@ -170,3 +171,18 @@ If you are using a certificate your configurationFiles must include the three ss ssl-cert=/ssl/server-cert.pem ssl-key=/ssl/server-key.pem ``` + +## PXC Strict Mode + +PXC Strict Mode is designed to avoid the use of experimental and unsupported features in Percona XtraDB Cluster. It performs a number of validations at startup and during runtime. + +Depending on the actual mode you select, upon encountering a failed validation, the server will either throw an error (halting startup or denying the operation), or log a warning and continue running as normal. The following modes are available: + +* DISABLED: Do not perform strict mode validations and run as normal. +* PERMISSIVE: If a vaidation fails, log a warning and continue running as normal. +* ENFORCING: If a validation fails during startup, halt the server and throw an error. If a validation fails during runtime, deny the operation and throw an error. +* MASTER: The same as ENFORCING except that the validation of explicit table locking is not performed. This mode can be used with clusters in which write operations are isolated to a single node. + +By default, PXC Strict Mode is set to ENFORCING, except if the node is acting as a standalone server or the node is bootstrapping, then PXC Strict Mode defaults to DISABLED. + +Source: https://www.percona.com/doc/percona-xtradb-cluster/LATEST/features/pxc-strict-mode.html diff --git a/stable/percona-xtradb-cluster/files/entrypoint.sh b/stable/percona-xtradb-cluster/files/entrypoint.sh index d1a89ce0ba33..91b0fca50952 100644 --- a/stable/percona-xtradb-cluster/files/entrypoint.sh +++ b/stable/percona-xtradb-cluster/files/entrypoint.sh @@ -24,7 +24,7 @@ if [[ -z "${cluster_join}" ]]; then exec mysqld --user=mysql --wsrep_cluster_name=$SHORT_CLUSTER_NAME --wsrep_node_name=$hostname \ --wsrep_cluster_address=gcomm:// --wsrep_sst_method=xtrabackup-v2 \ --wsrep_sst_auth="xtrabackup:$XTRABACKUP_PASSWORD" \ - --wsrep_node_address="$ipaddr" $CMDARG + --wsrep_node_address="$ipaddr" --pxc_strict_mode="$PXC_STRICT_MODE" $CMDARG else echo "I am not the Primary Node" chown -R mysql:mysql /var/lib/mysql || true # default is root:root 777 @@ -34,5 +34,5 @@ else exec mysqld --user=mysql --wsrep_cluster_name=$SHORT_CLUSTER_NAME --wsrep_node_name=$hostname \ --wsrep_cluster_address="gcomm://$cluster_join" --wsrep_sst_method=xtrabackup-v2 \ --wsrep_sst_auth="xtrabackup:$XTRABACKUP_PASSWORD" \ - --wsrep_node_address="$ipaddr" $CMDARG + --wsrep_node_address="$ipaddr" --pxc_strict_mode="$PXC_STRICT_MODE" $CMDARG fi diff --git a/stable/percona-xtradb-cluster/templates/statefulset.yaml b/stable/percona-xtradb-cluster/templates/statefulset.yaml index 5071475c242c..e5393a21473c 100644 --- a/stable/percona-xtradb-cluster/templates/statefulset.yaml +++ b/stable/percona-xtradb-cluster/templates/statefulset.yaml @@ -79,6 +79,8 @@ spec: value: {{ template "percona-xtradb-cluster.shortname" . }} - name: K8S_SERVICE_NAME value: {{ template "percona-xtradb-cluster.fullname" . }}-repl + - name: PXC_STRICT_MODE + value: {{ default "ENFORCING" .Values.pxc_strict_mode | quote }} - name: DEBUG value: "true" ports: diff --git a/stable/percona-xtradb-cluster/values.yaml b/stable/percona-xtradb-cluster/values.yaml index e15a0d427518..34df0616980b 100644 --- a/stable/percona-xtradb-cluster/values.yaml +++ b/stable/percona-xtradb-cluster/values.yaml @@ -31,6 +31,10 @@ replicas: 3 ## # mysqlDatabase: test +## Configure pxc_strict_mode +## ref: https://www.percona.com/doc/percona-xtradb-cluster/LATEST/features/pxc-strict-mode.html +## pxc_strict_mode: ENFORCING + ## hosts to allow root user access from # set to "127.0.0.1" to deny remote root. allowRootFrom: "%" From f62326e461d3495dec0179f7225fa5f76f37ecd3 Mon Sep 17 00:00:00 2001 From: Abhishek Jaisingh Date: Sat, 23 Feb 2019 01:49:03 +0530 Subject: [PATCH 0276/1586] [stable/mongodb] make metrics exporter checks configurable (#11587) Signed-off-by: Abhishek Jaisingh --- stable/mongodb/Chart.yaml | 2 +- stable/mongodb/README.md | 4 ++++ stable/mongodb/templates/deployment-standalone.yaml | 8 ++++---- stable/mongodb/templates/statefulset-primary-rs.yaml | 8 ++++---- stable/mongodb/templates/statefulset-secondary-rs.yaml | 8 ++++---- 5 files changed, 17 insertions(+), 13 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index a23040ce264b..465ccbc692b9 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,5 +1,5 @@ name: mongodb -version: 5.4.0 +version: 5.5.0 appVersion: 4.0.6 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: diff --git a/stable/mongodb/README.md b/stable/mongodb/README.md index 7f959ebc164b..15d02f879bf6 100644 --- a/stable/mongodb/README.md +++ b/stable/mongodb/README.md @@ -119,6 +119,10 @@ The following table lists the configurable parameters of the MongoDB chart and t | `metrics.serviceMonitor.relabellings` | Specify Metric Relabellings to add to the scrape endpoint | `nil` | | `metrics.serviceMonitor.alerting.rules` | Define individual alerting rules as required | {} | | `metrics.serviceMonitor.alerting.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | {} | +| `metrics.livenessProbe.initialDelaySeconds` | Iniitial Delay for Liveness Check of Prometheus metrics exporter | 15 | +| `metrics.livenessProbe.timeoutSeconds` | Timeout for Liveness Check of Prometheus metrics exporter | 5 | +| `metrics.readinessProbe.initialDelaySeconds` | Iniitial Delay for Readiness Check of Prometheus metrics exporter | 5 | +| `metrics.readinessProbe.timeoutSeconds` | Timeout for Readiness Check of Prometheus metrics exporter | 1 | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/mongodb/templates/deployment-standalone.yaml b/stable/mongodb/templates/deployment-standalone.yaml index 6360b928defb..2b33b9d6164c 100644 --- a/stable/mongodb/templates/deployment-standalone.yaml +++ b/stable/mongodb/templates/deployment-standalone.yaml @@ -176,14 +176,14 @@ spec: httpGet: path: /metrics port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 + initialDelaySeconds: {{ default 15 .Values.metrics.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ default 5 .Values.metrics.livenessProbe.timeoutSeconds }} readinessProbe: httpGet: path: /metrics port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 + initialDelaySeconds: {{ default 5 .Values.metrics.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ default 1 .Values.metrics.readinessProbe.timeoutSeconds }} resources: {{ toYaml .Values.metrics.resources | indent 10 }} {{- end }} diff --git a/stable/mongodb/templates/statefulset-primary-rs.yaml b/stable/mongodb/templates/statefulset-primary-rs.yaml index b32523699f44..98883a3641a7 100644 --- a/stable/mongodb/templates/statefulset-primary-rs.yaml +++ b/stable/mongodb/templates/statefulset-primary-rs.yaml @@ -197,14 +197,14 @@ spec: httpGet: path: /metrics port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 + initialDelaySeconds: {{ default 15 .Values.metrics.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ default 5 .Values.metrics.livenessProbe.timeoutSeconds }} readinessProbe: httpGet: path: /metrics port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 + initialDelaySeconds: {{ default 5 .Values.metrics.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ default 1 .Values.metrics.readinessProbe.timeoutSeconds }} resources: {{ toYaml .Values.metrics.resources | indent 12 }} {{- end }} diff --git a/stable/mongodb/templates/statefulset-secondary-rs.yaml b/stable/mongodb/templates/statefulset-secondary-rs.yaml index 1ff5e6995dea..bdcc8fda9d99 100644 --- a/stable/mongodb/templates/statefulset-secondary-rs.yaml +++ b/stable/mongodb/templates/statefulset-secondary-rs.yaml @@ -181,14 +181,14 @@ spec: httpGet: path: /metrics port: metrics - initialDelaySeconds: 15 - timeoutSeconds: 5 + initialDelaySeconds: {{ default 15 .Values.metrics.livenessProbe.initialDelaySeconds }} + timeoutSeconds: {{ default 5 .Values.metrics.livenessProbe.timeoutSeconds }} readinessProbe: httpGet: path: /metrics port: metrics - initialDelaySeconds: 5 - timeoutSeconds: 1 + initialDelaySeconds: {{ default 5 .Values.metrics.readinessProbe.initialDelaySeconds }} + timeoutSeconds: {{ default 1 .Values.metrics.readinessProbe.timeoutSeconds }} resources: {{ toYaml .Values.metrics.resources | indent 12 }} {{- end }} From 0aef61478ebba59741f98951a9ad73b81acf2760 Mon Sep 17 00:00:00 2001 From: jasquat Date: Fri, 22 Feb 2019 17:02:24 -0500 Subject: [PATCH 0277/1586] Nodeport support in rabbitmq ha (#11580) * [stable/rabbitmq-ha] Support node port Signed-off-by: jasquat * [stable/rabbitmq-ha] Allowing opting into using the discovery service for ingress Signed-off-by: jasquat * [stable/rabbitmq-ha] Removed ingress.useDiscoveryService option and moved NodePort options under service. Signed-off-by: jasquat * [stable/rabbitmq-ha] fixed variable name in ingress.yaml Signed-off-by: jasquat * [stable/rabbitmq-ha] renamed NodePort options. Signed-off-by: jasquat * [stable/rabbitmq-ha] modify comment to trigger build Signed-off-by: jasquat --- stable/rabbitmq-ha/Chart.yaml | 2 +- stable/rabbitmq-ha/templates/service.yaml | 5 +++++ stable/rabbitmq-ha/values.yaml | 7 +++++++ 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/stable/rabbitmq-ha/Chart.yaml b/stable/rabbitmq-ha/Chart.yaml index f6d115d00e3c..8a6f8540b2ae 100644 --- a/stable/rabbitmq-ha/Chart.yaml +++ b/stable/rabbitmq-ha/Chart.yaml @@ -1,7 +1,7 @@ name: rabbitmq-ha apiVersion: v1 appVersion: 3.7.8 -version: 1.19.0 +version: 1.20.0 description: Highly available RabbitMQ cluster, the open source message broker software that implements the Advanced Message Queuing Protocol (AMQP). keywords: diff --git a/stable/rabbitmq-ha/templates/service.yaml b/stable/rabbitmq-ha/templates/service.yaml index e9d0f0c1242b..2ff343a3e1fd 100644 --- a/stable/rabbitmq-ha/templates/service.yaml +++ b/stable/rabbitmq-ha/templates/service.yaml @@ -21,7 +21,9 @@ metadata: {{ toYaml .Values.extraLabels | indent 4 }} {{- end }} spec: +{{- if ne .Values.service.type "NodePort" }} clusterIP: "{{ .Values.service.clusterIP }}" +{{- end }} {{- if .Values.service.externalIPs }} externalIPs: {{ toYaml .Values.service.externalIPs | indent 4 }} @@ -37,14 +39,17 @@ spec: - name: http protocol: TCP port: {{ .Values.rabbitmqManagerPort }} + nodePort: {{ .Values.service.managerNodePort }} targetPort: http - name: amqp protocol: TCP port: {{ .Values.rabbitmqNodePort }} + nodePort: {{ .Values.service.amqpNodePort }} targetPort: amqp - name: epmd protocol: TCP port: {{ .Values.rabbitmqEpmdPort }} + nodePort: {{ .Values.service.epmdNodePort }} targetPort: epmd {{- if .Values.rabbitmqSTOMPPlugin.enabled }} - name: stomp-tcp diff --git a/stable/rabbitmq-ha/values.yaml b/stable/rabbitmq-ha/values.yaml index f240506bf5ad..759163a69fb1 100644 --- a/stable/rabbitmq-ha/values.yaml +++ b/stable/rabbitmq-ha/values.yaml @@ -298,6 +298,13 @@ service: loadBalancerSourceRanges: [] type: ClusterIP + ## Customize nodePort number when the service type is NodePort + ### Ref: https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types + ### + epmdNodePort: null + amqpNodePort: null + managerNodePort: null + podManagementPolicy: OrderedReady ## Statefulsets rolling update update strategy From b23ce6af309bfe25d4d485e85b66ce63475070d7 Mon Sep 17 00:00:00 2001 From: Prateek Pandey Date: Sat, 23 Feb 2019 10:32:15 +0530 Subject: [PATCH 0278/1586] [stable/openebs] update charts to latest 0.8.1 release (#11650) - Updated README - Updated chart version - Updated values.yaml - Added liveness probe in all control-plane component templates - Change NDM update strategy to 'RollingUpdate' Signed-off-by: prateekpandey14 --- stable/openebs/Chart.yaml | 4 +-- stable/openebs/README.md | 30 ++++++++-------- .../templates/cm-node-disk-manager.yaml | 3 ++ stable/openebs/templates/daemonset-ndm.yaml | 13 +++++-- .../templates/deployment-maya-apiserver.yaml | 8 +++++ .../deployment-maya-provisioner.yaml | 8 +++++ .../deployment-maya-snapshot-operator.yaml | 15 ++++++++ stable/openebs/values.yaml | 34 +++++++++++++------ 8 files changed, 85 insertions(+), 30 deletions(-) diff --git a/stable/openebs/Chart.yaml b/stable/openebs/Chart.yaml index 759ca853a31b..9b08797ad5a2 100644 --- a/stable/openebs/Chart.yaml +++ b/stable/openebs/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 -version: 0.8.1 +version: 0.8.2 name: openebs -appVersion: 0.8.0 +appVersion: 0.8.1 description: Containerized Storage for Containers icon: https://raw.githubusercontent.com/openebs/chitrakala/master/OpenEBS%20logo/logo-square.png home: http://www.openebs.io/ diff --git a/stable/openebs/README.md b/stable/openebs/README.md index c0a67a3f7bbc..61bc7ad91b0e 100644 --- a/stable/openebs/README.md +++ b/stable/openebs/README.md @@ -40,39 +40,41 @@ The following table lists the configurable parameters of the OpenEBS chart and t | `rbac.create` | Enable RBAC Resources | `true` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `apiserver.image` | Image for API Server | `quay.io/openebs/m-apiserver` | -| `apiserver.imageTag` | Image Tag for API Server | `0.8.0` | +| `apiserver.imageTag` | Image Tag for API Server | `0.8.1` | | `apiserver.replicas` | Number of API Server Replicas | `1` | | `provisioner.image` | Image for Provisioner | `quay.io/openebs/openebs-k8s-provisioner` | -| `provisioner.imageTag` | Image Tag for Provisioner | `0.8.0` | +| `provisioner.imageTag` | Image Tag for Provisioner | `0.8.1` | | `provisioner.replicas` | Number of Provisioner Replicas | `1` | | `snapshotOperator.provisioner.image` | Image for Snapshot Provisioner | `quay.io/openebs/snapshot-provisioner` | -| `snapshotOperator.provisioner.imageTag` | Image Tag for Snapshot Provisioner | `0.8.0` | +| `snapshotOperator.provisioner.imageTag` | Image Tag for Snapshot Provisioner | `0.8.1` | | `snapshotOperator.controller.image` | Image for Snapshot Controller | `quay.io/openebs/snapshot-controller` | -| `snapshotOperator.controller.imageTag` | Image Tag for Snapshot Controller | `0.8.0` | +| `snapshotOperator.controller.imageTag` | Image Tag for Snapshot Controller | `0.8.1` | | `snapshotOperator.replicas` | Number of Snapshot Operator Replicas | `1` | | `ndm.image` | Image for Node Disk Manager | `quay.io/openebs/openebs/node-disk-manager-amd64` | -| `ndm.imageTag` | Image Tag for Node Disk Manager | `v0.2.0` | +| `ndm.imageTag` | Image Tag for Node Disk Manager | `v0.3.0` | | `ndm.sparse.enabled` | Create Sparse files and cStor Sparse Pool | `true` | | `ndm.sparse.path` | Directory where Sparse files are created | `/var/openebs/sparse` | | `ndm.sparse.size` | Size of the sparse file in bytes | `10737418240` | | `ndm.sparse.count` | Number of sparse files to be created | `1` | -| `ndm.sparse.filters.excludeVendors` | Exclude devices with specified vendor | `CLOUDBYT,OpenEBS` | -| `ndm.sparse.filters.excludePaths` | Exclude devices with specified path patterns | `loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md` | +| `ndm.filters.excludeVendors` | Exclude devices with specified vendor | `CLOUDBYT,OpenEBS` | +| `ndm.filters.excludePaths` | Exclude devices with specified path patterns | `loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md` | | `jiva.image` | Image for Jiva | `quay.io/openebs/jiva` | -| `jiva.imageTag` | Image Tag for Jiva | `0.8.0` | +| `jiva.imageTag` | Image Tag for Jiva | `0.8.1` | | `jiva.replicas` | Number of Jiva Replicas | `3` | | `cstor.pool.image` | Image for cStor Pool | `quay.io/openebs/cstor-pool` | -| `cstor.pool.imageTag` | Image Tag for cStor Pool | `0.8.0` | +| `cstor.pool.imageTag` | Image Tag for cStor Pool | `0.8.1` | | `cstor.poolMgmt.image` | Image for cStor Pool Management | `quay.io/openebs/cstor-pool-mgmt` | -| `cstor.poolMgmt.imageTag` | Image Tag for cStor Pool Management | `0.8.0` | +| `cstor.poolMgmt.imageTag` | Image Tag for cStor Pool Management | `0.8.1` | | `cstor.target.image` | Image for cStor Target | `quay.io/openebs/cstor-istgt` | -| `cstor.target.imageTag` | Image Tag for cStor Target | `0.8.0` | +| `cstor.target.imageTag` | Image Tag for cStor Target | `0.8.1` | | `cstor.volumeMgmt.image` | Image for cStor Volume Management | `quay.io/openebs/cstor-volume-mgmt` | -| `cstor.volumeMgmt.imageTag` | Image Tag for cStor Volume Management | `0.8.0` | +| `cstor.volumeMgmt.imageTag` | Image Tag for cStor Volume Management | `0.8.1` | | `policies.monitoring.image` | Image for Prometheus Exporter | `quay.io/openebs/m-exporter` | -| `policies.monitoring.imageTag` | Image Tag for Prometheus Exporter | `0.8.0` | +| `policies.monitoring.imageTag` | Image Tag for Prometheus Exporter | `0.8.1` | | `analytics.enabled` | Enable sending stats to Google Analytics | `true` | -| `analytics.pingInterval` | Duration(hours) between sending ping stat | `24h` | +| `analytics.pingInterval` | Duration(hours) between sending ping stat | `24h` | +| `HealthCheck.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | | 30 | +| `HealthCheck.periodSeconds` | How often to perform the liveness probe | `60` | | 10 | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/stable/openebs/templates/cm-node-disk-manager.yaml b/stable/openebs/templates/cm-node-disk-manager.yaml index 05d152807989..d7022989929f 100644 --- a/stable/openebs/templates/cm-node-disk-manager.yaml +++ b/stable/openebs/templates/cm-node-disk-manager.yaml @@ -19,6 +19,9 @@ data: - key: udev-probe name: udev probe state: true + - key: seachest-probe + name: seachest probe + state: true - key: smart-probe name: smart probe state: true diff --git a/stable/openebs/templates/daemonset-ndm.yaml b/stable/openebs/templates/daemonset-ndm.yaml index 77e8e170f6a3..e1d236364809 100644 --- a/stable/openebs/templates/daemonset-ndm.yaml +++ b/stable/openebs/templates/daemonset-ndm.yaml @@ -8,7 +8,10 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: ndm + openebs.io/component-name: ndm spec: + updateStrategy: + type: "RollingUpdate" selector: matchLabels: app: {{ template "openebs.name" . }} @@ -27,9 +30,6 @@ spec: - name: {{ template "openebs.name" . }}-ndm image: "{{ .Values.ndm.image }}:{{ .Values.ndm.imageTag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} - command: - - /usr/sbin/ndm - - start securityContext: privileged: true env: @@ -56,6 +56,13 @@ spec: value: "{{ .Values.ndm.sparse.count }}" {{- end }} {{- end }} + livenessProbe: + exec: + command: + - pgrep + - ".*ndm" + initialDelaySeconds: {{ .Values.ndm.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.ndm.healthCheck.periodSeconds }} volumeMounts: - name: config mountPath: /host/node-disk-manager.config diff --git a/stable/openebs/templates/deployment-maya-apiserver.yaml b/stable/openebs/templates/deployment-maya-apiserver.yaml index c7c6992e9394..6d0904981d9c 100644 --- a/stable/openebs/templates/deployment-maya-apiserver.yaml +++ b/stable/openebs/templates/deployment-maya-apiserver.yaml @@ -9,6 +9,7 @@ metadata: heritage: {{ .Release.Service }} component: apiserver name: maya-apiserver + openebs.io/component-name: maya-apiserver spec: replicas: {{ .Values.apiserver.replicas }} selector: @@ -91,6 +92,13 @@ spec: # for periodic ping events sent to Google Analytics. Default is 24 hours. - name: OPENEBS_IO_ANALYTICS_PING_INTERVAL value: "{{ .Values.analytics.pingInterval }}" + livenessProbe: + exec: + command: + - /usr/local/bin/mayactl + - version + initialDelaySeconds: {{ .Values.apiserver.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.apiserver.healthCheck.periodSeconds }} {{- if .Values.apiserver.nodeSelector }} nodeSelector: {{ toYaml .Values.apiserver.nodeSelector | indent 8 }} diff --git a/stable/openebs/templates/deployment-maya-provisioner.yaml b/stable/openebs/templates/deployment-maya-provisioner.yaml index 7ac74202c6e4..ccb652268da5 100644 --- a/stable/openebs/templates/deployment-maya-provisioner.yaml +++ b/stable/openebs/templates/deployment-maya-provisioner.yaml @@ -8,6 +8,7 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: provisioner + openebs.io/component-name: openebs-provisioner spec: replicas: {{ .Values.provisioner.replicas }} selector: @@ -59,6 +60,13 @@ spec: # value: "{{ .Values.provisioner.monitorVolumeKey }}" #- name: MAYA_PORTAL_URL # value: "{{ .Values.provisioner.mayaPortalUrl }}" + livenessProbe: + exec: + command: + - pgrep + - ".*openebs" + initialDelaySeconds: {{ .Values.provisioner.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.provisioner.healthCheck.periodSeconds }} {{- if .Values.provisioner.nodeSelector }} nodeSelector: {{ toYaml .Values.provisioner.nodeSelector | indent 8 }} diff --git a/stable/openebs/templates/deployment-maya-snapshot-operator.yaml b/stable/openebs/templates/deployment-maya-snapshot-operator.yaml index ead94e232bae..7a012536c4bc 100644 --- a/stable/openebs/templates/deployment-maya-snapshot-operator.yaml +++ b/stable/openebs/templates/deployment-maya-snapshot-operator.yaml @@ -8,6 +8,7 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: snapshot-operator + openebs.io/component-name: openebs-snapshot-operator spec: replicas: {{ .Values.snapshotOperator.replicas }} selector: @@ -53,6 +54,13 @@ spec: # This is supported for openebs snapshot controller version 0.6-RC1 onwards - name: OPENEBS_MAYA_SERVICE_NAME value: "{{ template "openebs.fullname" . }}-apiservice" + livenessProbe: + exec: + command: + - pgrep + - ".*controller" + initialDelaySeconds: {{ .Values.snapshotOperator.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.snapshotOperator.healthCheck.periodSeconds }} - name: {{ template "openebs.name" . }}-snapshot-provisioner image: "{{ .Values.snapshotOperator.provisioner.image }}:{{ .Values.snapshotOperator.provisioner.imageTag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -81,6 +89,13 @@ spec: # This is supported for openebs snapshot provisioner version 0.6-RC1 onwards - name: OPENEBS_MAYA_SERVICE_NAME value: "{{ template "openebs.fullname" . }}-apiservice" + livenessProbe: + exec: + command: + - pgrep + - ".*provisioner" + initialDelaySeconds: {{ .Values.snapshotOperator.healthCheck.initialDelaySeconds }} + periodSeconds: {{ .Values.snapshotOperator.healthCheck.periodSeconds }} {{- if .Values.snapshotOperator.nodeSelector }} nodeSelector: {{ toYaml .Values.snapshotOperator.nodeSelector | indent 8 }} diff --git a/stable/openebs/values.yaml b/stable/openebs/values.yaml index 3811eb40fd31..6b1e16964ac2 100644 --- a/stable/openebs/values.yaml +++ b/stable/openebs/values.yaml @@ -15,7 +15,7 @@ image: apiserver: image: "quay.io/openebs/m-apiserver" - imageTag: "0.8.0" + imageTag: "0.8.1" replicas: 1 ports: externalPort: 5656 @@ -23,31 +23,40 @@ apiserver: nodeSelector: {} tolerations: [] affinity: {} + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 provisioner: image: "quay.io/openebs/openebs-k8s-provisioner" - imageTag: "0.8.0" + imageTag: "0.8.1" replicas: 1 nodeSelector: {} tolerations: [] affinity: {} + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 snapshotOperator: controller: image: "quay.io/openebs/snapshot-controller" - imageTag: "0.8.0" + imageTag: "0.8.1" provisioner: image: "quay.io/openebs/snapshot-provisioner" - imageTag: "0.8.0" + imageTag: "0.8.1" replicas: 1 upgradeStrategy: "Recreate" nodeSelector: {} tolerations: [] affinity: {} + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 ndm: image: "quay.io/openebs/node-disk-manager-amd64" - imageTag: "v0.2.0" + imageTag: "v0.3.0" sparse: enabled: "true" path: "/var/openebs/sparse" @@ -57,31 +66,34 @@ ndm: excludeVendors: "CLOUDBYT,OpenEBS" excludePaths: "loop,fd0,sr0,/dev/ram,/dev/dm-,/dev/md" nodeSelector: {} + healthCheck: + initialDelaySeconds: 30 + periodSeconds: 60 jiva: image: "quay.io/openebs/jiva" - imageTag: "0.8.0" + imageTag: "0.8.1" replicas: 3 cstor: pool: image: "quay.io/openebs/cstor-pool" - imageTag: "0.8.0" + imageTag: "0.8.1" poolMgmt: image: "quay.io/openebs/cstor-pool-mgmt" - imageTag: "0.8.0" + imageTag: "0.8.1" target: image: "quay.io/openebs/cstor-istgt" - imageTag: "0.8.0" + imageTag: "0.8.1" volumeMgmt: image: "quay.io/openebs/cstor-volume-mgmt" - imageTag: "0.8.0" + imageTag: "0.8.1" policies: monitoring: enabled: true image: "quay.io/openebs/m-exporter" - imageTag: "0.8.0" + imageTag: "0.8.1" analytics: enabled: true From 24d26fed48aac418d15b390e6433b46fd7d78a05 Mon Sep 17 00:00:00 2001 From: Andrew Meier Date: Sat, 23 Feb 2019 15:01:43 -0500 Subject: [PATCH 0279/1586] Fix/airflow helper (#11614) * fix/airflow-helper: closes #5341 update assignment operator Signed-off-by: Andrew Meier * fix/airflow-helper: bump chart version Signed-off-by: Andrew Meier * fix/airflow-helper: bump chart version Signed-off-by: Andrew Meier --- stable/airflow/Chart.yaml | 2 +- stable/airflow/templates/_helpers.tpl | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index f436d2c5fe21..e736dd414dc8 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,6 +1,6 @@ description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 1.0.0 +version: 1.0.1 appVersion: 1.10.0 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/templates/_helpers.tpl b/stable/airflow/templates/_helpers.tpl index f97d1b6ab2fd..f8a1bd83ddc3 100644 --- a/stable/airflow/templates/_helpers.tpl +++ b/stable/airflow/templates/_helpers.tpl @@ -87,9 +87,9 @@ Map environment vars to secrets {{- $secretName := .Release.Name | trunc 63 | trimSuffix "-" }} {{- $mapping := .Values.airflow.defaultSecretsMapping }} {{- if .Values.existingAirflowSecret }} - {{- $secretName = .Values.existingAirflowSecret }} + {{- $secretName := .Values.existingAirflowSecret }} {{- if .Values.airflow.secretsMapping }} - {{- $mapping = .Values.airflow.secretsMapping }} + {{- $mapping := .Values.airflow.secretsMapping }} {{- end }} {{- end }} {{- range $val := $mapping }} From 02b2d3488c27155776bda5e091027b471f2ebee7 Mon Sep 17 00:00:00 2001 From: Flynn Date: Sat, 23 Feb 2019 23:59:24 -0500 Subject: [PATCH 0280/1586] Bump Ambassador version to 0.50.3. (#11657) * Restore default replicas == 3 Signed-off-by: Flynn * Fix some markdown Signed-off-by: Flynn * Bump chart version, and switch my name to Flynn. :) Signed-off-by: Flynn * Add icon. Signed-off-by: Flynn * Sort OWNERS, and add nbkrause (from Datawire) Signed-off-by: Flynn * Heh. Didn't realize a change to OWNERS required a version bump. Signed-off-by: Flynn * Bump to Ambassador 0.50.2. Signed-off-by: Flynn * Bump Ambassador to version 0.50.3. Signed-off-by: Flynn * Augh. Fix Ambassador versions in values.yaml and README. Signed-off-by: Flynn * Update chart maintainers per PR comments Signed-off-by: Flynn --- stable/ambassador/Chart.yaml | 8 +++++--- stable/ambassador/README.md | 2 +- stable/ambassador/values.yaml | 2 +- 3 files changed, 7 insertions(+), 5 deletions(-) diff --git a/stable/ambassador/Chart.yaml b/stable/ambassador/Chart.yaml index 6a3c489f0be8..c2014e3287fe 100644 --- a/stable/ambassador/Chart.yaml +++ b/stable/ambassador/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 0.50.2 +appVersion: 0.50.3 description: A Helm chart for Datawire Ambassador name: ambassador -version: 1.1.4 +version: 1.1.5 icon: https://www.getambassador.io/images/logo.png home: https://www.getambassador.io/ sources: @@ -16,6 +16,8 @@ keywords: maintainers: - name: flydiverny email: markus@maga.se - - name: Flynn + - name: kflynn email: flynn@datawire.io + - name: nbkrause + email: nkrause@datawire.io engine: gotpl diff --git a/stable/ambassador/README.md b/stable/ambassador/README.md index c9311bce0811..2f60b8f307b1 100755 --- a/stable/ambassador/README.md +++ b/stable/ambassador/README.md @@ -53,7 +53,7 @@ The following tables lists the configurable parameters of the Ambassador chart a | `env` | Any additional environment variables for ambassador pods | `{}` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `image.repository` | Image | `quay.io/datawire/ambassador` | -| `image.tag` | Image tag | `0.50.2` | +| `image.tag` | Image tag | `0.50.3` | | `imagePullSecrets` | Image pull secrets | `[]` | | `namespace.name` | Set the `AMBASSADOR_NAMESPACE` environment variable | `metadata.namespace` | | `podAnnotations` | Additional annotations for ambassador pods | `{}` | diff --git a/stable/ambassador/values.yaml b/stable/ambassador/values.yaml index c85cc6f7bf62..61437e2ec069 100644 --- a/stable/ambassador/values.yaml +++ b/stable/ambassador/values.yaml @@ -34,7 +34,7 @@ securityContext: image: repository: quay.io/datawire/ambassador - tag: 0.50.1 + tag: 0.50.3 pullPolicy: IfNotPresent nameOverride: "" From f0cd0f9f85e1a1586f32ede4ebda5d3438c85790 Mon Sep 17 00:00:00 2001 From: Maha Gamal Date: Sun, 24 Feb 2019 18:06:13 +0200 Subject: [PATCH 0281/1586] [stable/grafana] Added option to add Sidecar containers (#11650) (#11676) * Added option to add containers Signed-off-by: Maha * Added option to add containers Signed-off-by: Maha --- stable/grafana/Chart.yaml | 2 +- stable/grafana/README.md | 3 +++ stable/grafana/templates/deployment.yaml | 3 +++ stable/grafana/templates/service.yaml | 2 +- stable/grafana/values.yaml | 19 +++++++++++++++++++ 5 files changed, 27 insertions(+), 2 deletions(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index a2b0f9c03a5c..0a59ccab5366 100755 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 2.0.2 +version: 2.1.0 appVersion: 5.4.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/README.md b/stable/grafana/README.md index 98efab048854..6f2f9d0b3653 100644 --- a/stable/grafana/README.md +++ b/stable/grafana/README.md @@ -42,6 +42,7 @@ The command removes all the Kubernetes components associated with the chart and | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `service.type` | Kubernetes service type | `ClusterIP` | | `service.port` | Kubernetes port where service is exposed | `80` | +| `service.targetPort` | internal service is port | `3000` | | `service.annotations` | Service annotations | `{}` | | `service.labels` | Custom labels | `{}` | | `ingress.enabled` | Enables Ingress | `false` | @@ -53,6 +54,8 @@ The command removes all the Kubernetes components associated with the chart and | `nodeSelector` | Node labels for pod assignment | `{}` | | `tolerations` | Toleration labels for pod assignment | `[]` | | `affinity` | Affinity settings for pod assignment | `{}` | +| `extraContainers` | Sidecar containers to add to the grafana pod | `{}` + | | `persistence.enabled` | Use persistent volume to store data | `false` | | `persistence.initChownData` | Change ownership of persistent volume on initialization | `true` | | `persistence.size` | Size of persistent volume claim | `10Gi` | diff --git a/stable/grafana/templates/deployment.yaml b/stable/grafana/templates/deployment.yaml index aae4e6083029..0af2126b2304 100644 --- a/stable/grafana/templates/deployment.yaml +++ b/stable/grafana/templates/deployment.yaml @@ -249,6 +249,9 @@ spec: {{ toYaml .Values.readinessProbe | indent 12 }} resources: {{ toYaml .Values.resources | indent 12 }} +{{- if .Values.extraContainers }} +{{ toYaml .Values.extraContainers | indent 8}} +{{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/stable/grafana/templates/service.yaml b/stable/grafana/templates/service.yaml index 6dcd63a4d2db..87fac70ca04c 100644 --- a/stable/grafana/templates/service.yaml +++ b/stable/grafana/templates/service.yaml @@ -40,7 +40,7 @@ spec: - name: service port: {{ .Values.service.port }} protocol: TCP - targetPort: 3000 + targetPort: {{ .Values.service.targetPort }} {{ if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} nodePort: {{.Values.service.nodePort}} {{ end }} diff --git a/stable/grafana/values.yaml b/stable/grafana/values.yaml index f1dbc0bcd8eb..d4499f2c343e 100644 --- a/stable/grafana/values.yaml +++ b/stable/grafana/values.yaml @@ -74,6 +74,8 @@ chownDataImage: service: type: ClusterIP port: 80 + targetPort: 3000 + # targetPort: 4181 To be used with a proxy extraContainer annotations: {} labels: {} @@ -114,6 +116,23 @@ tolerations: [] ## affinity: {} +## Enable an Specify container in extraContainers. This is meant to allow adding an authentication proxy to a grafana pod +extraContainers: | +# - name: proxy +# image: quay.io/gambol99/keycloak-proxy:latest +# args: +# - -provider=github +# - -client-id= +# - -client-secret= +# - -github-org= +# - -email-domain=* +# - -cookie-secret= +# - -http-address=http://0.0.0.0:4181 +# - -upstream-url=http://127.0.0.1:3000 +# ports: +# - name: proxy-web +# containerPort: 4181 + ## Enable persistence using Persistent Volume Claims ## ref: http://kubernetes.io/docs/user-guide/persistent-volumes/ ## From b697142af275a6f2a2f141d14cf3102e0555c4a1 Mon Sep 17 00:00:00 2001 From: Naseem Date: Sun, 24 Feb 2019 11:54:36 -0500 Subject: [PATCH 0282/1586] Bump sidecar version (#11680) Signed-off-by: Naseem Ullah --- stable/grafana/Chart.yaml | 2 +- stable/grafana/README.md | 9 ++++++--- stable/grafana/values.yaml | 4 ++-- 3 files changed, 9 insertions(+), 6 deletions(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index 0a59ccab5366..0f756b580c84 100755 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 2.1.0 +version: 2.1.1 appVersion: 5.4.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/README.md b/stable/grafana/README.md index 6f2f9d0b3653..92651a8da965 100644 --- a/stable/grafana/README.md +++ b/stable/grafana/README.md @@ -79,6 +79,9 @@ The command removes all the Kubernetes components associated with the chart and | `ldap.config ` | Grafana's LDAP configuration | `""` | | `annotations` | Deployment annotations | `{}` | | `podAnnotations` | Pod annotations | `{}` | +| `sidecar.image` | Sidecar image | `kiwigrid/k8s-sidecar:0.0.11` | +| `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | +| `sidecar.resources` | Sidecar resources | `{}` | | `sidecar.dashboards.enabled` | Enabled the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | | `sidecar.dashboards.label` | Label that config maps with dashboards should have to be added | `grafana_dashboard` | | `sidecar.dashboards.searchNamespace` | If specified, the sidecar will search for dashboard config-maps inside this namespace. Otherwise the namespace in which the sidecar is running will be used. It's also possible to specify ALL to search in all namespaces | `nil` | @@ -131,12 +134,12 @@ dashboards: ## BASE64 dashboards Dashboards could be storaged in a server that does not return JSON directly and instead of it returns a Base64 encoded file (e.g. Gerrit) -A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk. +A new parameter has been added to the url use case so if you specify a b64content value equals to true after the url entry a Base64 decoding is applied before save the file to disk. If this entry is not set or is equals to false not decoding is applied to the file before saving it to disk. -### Gerrit use case: +### Gerrit use case: Gerrit API for download files has the following schema: https://yourgerritserver/a/{project-name}/branches/{branch-id}/files/{file-id}/content where {project-name} and -{file-id} usualy has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard +{file-id} usualy has '/' in their values and so they MUST be replaced by %2F so if project-name is user/repo, branch-id is master and file-id is equals to dir1/dir2/dashboard the url value is https://yourgerritserver/a/user%2Frepo/branches/master/files/dir1%2Fdir2%2Fdashboard/content ## Sidecar for dashboards diff --git a/stable/grafana/values.yaml b/stable/grafana/values.yaml index d4499f2c343e..bda6fb8aec03 100644 --- a/stable/grafana/values.yaml +++ b/stable/grafana/values.yaml @@ -314,9 +314,9 @@ smtp: ## Sidecars that collect the configmaps with specified label and stores the included files them into the respective folders ## Requires at least Grafana 5 to work and can't be used together with parameters dashboardProviders, datasources and dashboards sidecar: - image: kiwigrid/k8s-sidecar:0.0.10 + image: kiwigrid/k8s-sidecar:0.0.11 imagePullPolicy: IfNotPresent - resources: + resources: {} # limits: # cpu: 100m # memory: 100Mi From 8e87d8c9480832b0d4e862a7630d917421df7b36 Mon Sep 17 00:00:00 2001 From: Carlos Ravelo Date: Sun, 24 Feb 2019 12:39:40 -0500 Subject: [PATCH 0283/1586] Feature/add subpath to grafana custom volumes (#11683) * Documented the feature on the README and bump the chart version Signed-off-by: Carlos Ravelo * Added subPath in extraVolumeMounts Signed-off-by: Carlos Ravelo * Chart version bump Signed-off-by: Carlos Ravelo --- stable/grafana/Chart.yaml | 2 +- stable/grafana/README.md | 11 +++++++++++ stable/grafana/templates/deployment.yaml | 1 + 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index 0f756b580c84..63c252856009 100755 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 2.1.1 +version: 2.1.2 appVersion: 5.4.3 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/README.md b/stable/grafana/README.md index 92651a8da965..682df76c3894 100644 --- a/stable/grafana/README.md +++ b/stable/grafana/README.md @@ -99,6 +99,17 @@ The command removes all the Kubernetes components associated with the chart and | `rbac.pspEnabled` | Create PodSecurityPolicy (with `rbac.create`, grant roles permissions as well) | `true` | | `rbac.pspUseAppArmor` | Enforce AppArmor in created PodSecurityPolicy (requires `rbac.pspEnabled`) | `true` | +### Example of extraVolumeMounts + +```yaml +- extraVolumeMounts: + - name: plugins + mountPath: /var/lib/grafana/plugins + subPath: configs/grafana/plugins + existingClaim: existing-grafana-claim + readOnly: false +``` + ## Import dashboards There are a few methods to import dashboards to Grafana. Below are some examples and explanations as to how to use each method: diff --git a/stable/grafana/templates/deployment.yaml b/stable/grafana/templates/deployment.yaml index 0af2126b2304..e79a51e83260 100644 --- a/stable/grafana/templates/deployment.yaml +++ b/stable/grafana/templates/deployment.yaml @@ -195,6 +195,7 @@ spec: {{- range .Values.extraVolumeMounts }} - name: {{ .name }} mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} readOnly: {{ .readOnly }} {{- end }} ports: From ccecf3559e7b55ba5621a6c944a10a3770ef614f Mon Sep 17 00:00:00 2001 From: Steve Larkin Date: Sun, 24 Feb 2019 22:01:34 +0100 Subject: [PATCH 0284/1586] [stable/airflow] Configurable web and scheduler pod annotaitons (#11520) * [stable/airflow] Fix whitespace in configuration table Signed-off-by: Steve Larkin * [stable/airflow] workers.pod.annotations => workers.podAnnotations This follows the standard used elsewhere, such as in the Kibana chart. Note that this introduces a break in backwards compatibility. Signed-off-by: Steve Larkin * [stable/airflow] Fix typo in README Signed-off-by: Steve Larkin * [stable/airflow] Add annotations for Web/Scheduler/Worker Pods Signed-off-by: Steve Larkin * [stable/airflow] Step Chart version and describe upgrade path Signed-off-by: Steve Larkin --- stable/airflow/Chart.yaml | 2 +- stable/airflow/README.md | 14 ++++++++++---- .../airflow/templates/deployments-scheduler.yaml | 3 +++ stable/airflow/templates/deployments-web.yaml | 3 +++ stable/airflow/templates/statefulsets-workers.yaml | 9 ++++++--- stable/airflow/values.yaml | 12 ++++++++---- 6 files changed, 31 insertions(+), 12 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index e736dd414dc8..8403962027ba 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,6 +1,6 @@ description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 1.0.1 +version: 2.0.0 appVersion: 1.10.0 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/README.md b/stable/airflow/README.md index 680e8ab54882..3a2230d4c042 100644 --- a/stable/airflow/README.md +++ b/stable/airflow/README.md @@ -274,13 +274,14 @@ The following table lists the configurable parameters of the Airflow chart and t | `airflow.webReplicas` | how many replicas for web server | `1` | | `airflow.config` | custom airflow configuration env variables | `{}` | | `airflow.podDisruptionBudget` | control pod disruption budget | `{'maxUnavailable': 1}` | -| `airflow.secretsMapping` | override any environment variable with a secret | | -| `airflow.extraConfigmapMounts` | Additional configMap volume mounts on the airflow pods. | `[]` | +| `airflow.secretsMapping` | override any environment variable with a secret | | +| `airflow.extraConfigmapMounts` | Additional configMap volume mounts on the airflow pods. | `[]` | +| `airflow.podAnnotations` | annotations for scheduler, worker and web pods | `{}` | | `workers.enabled` | enable workers | `true` | | `workers.replicas` | number of workers pods to launch | `1` | | `workers.resources` | custom resource configuration for worker pod | `{}` | | `workers.celery.instances` | number of parallel celery tasks per worker | `1` | -| `workers.pod.annotations` | annotations for the worker pods | `{}` | +| `workers.podAnnotations` | annotations for the worker pods | `{}` | | `workers.secretsDir` | directory in which to mount secrets on worker nodes | /var/airflow/secrets | | `workers.secrets` | secrets to mount as volumes on worker nodes | [] | | `existingAirflowSecret` | secret to use for postgres and redis connection | | @@ -293,7 +294,7 @@ The following table lists the configurable parameters of the Airflow chart and t | `ingress.flower.host` | hostname for the flower ui | "" | | `ingress.flower.path` | path of the flower ui (read `values.yaml`) | `` | | `ingress.flower.livenessPath` | path to the liveness probe (read `values.yaml`) | `/` | -| `ingress.flower.annotations` | annotations for the web ui ingress | `{}` | +| `ingress.flower.annotations` | annotations for the flower ui ingress | `{}` | | `ingress.flower.tls.enabled` | enables TLS termination at the ingress | `false` | | `ingress.flower.tls.secretName` | name of the secret containing the TLS certificate & key | `` | | `persistence.enabled` | enable persistence storage for DAGs | `false` | @@ -336,3 +337,8 @@ The following table lists the configurable parameters of the Airflow chart and t Full and up-to-date documentation can be found in the comments of the `values.yaml` file. + +## Upgrading +### To 2.0.0 +The parameter `workers.pod.annotations` has been renamed to `workers.podAnnotations`. If using a +custom values file, rename this parameter. diff --git a/stable/airflow/templates/deployments-scheduler.yaml b/stable/airflow/templates/deployments-scheduler.yaml index 044131eb13ea..3e8432c9ef61 100755 --- a/stable/airflow/templates/deployments-scheduler.yaml +++ b/stable/airflow/templates/deployments-scheduler.yaml @@ -27,6 +27,9 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap-airflow.yaml") . | sha256sum }} configmap.fabric8.io/update-on-change: "{{ template "airflow.fullname" . }}-env" +{{- if .Values.airflow.podAnnotations }} +{{ toYaml .Values.airflow.podAnnotations | indent 8 }} +{{- end }} labels: app: {{ template "airflow.name" . }} component: scheduler diff --git a/stable/airflow/templates/deployments-web.yaml b/stable/airflow/templates/deployments-web.yaml index a9e10cf94e68..52a1998faf9e 100644 --- a/stable/airflow/templates/deployments-web.yaml +++ b/stable/airflow/templates/deployments-web.yaml @@ -27,6 +27,9 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap-airflow.yaml") . | sha256sum }} configmap.fabric8.io/update-on-change: "{{ template "airflow.fullname" . }}-env" +{{- if .Values.airflow.podAnnotations }} +{{ toYaml .Values.airflow.podAnnotations | indent 8 }} +{{- end }} labels: app: {{ template "airflow.name" . }} component: web diff --git a/stable/airflow/templates/statefulsets-workers.yaml b/stable/airflow/templates/statefulsets-workers.yaml index 6ad8a6ebb5a0..bccb1e4fb200 100644 --- a/stable/airflow/templates/statefulsets-workers.yaml +++ b/stable/airflow/templates/statefulsets-workers.yaml @@ -31,9 +31,12 @@ spec: annotations: checksum/config: {{ include (print $.Template.BasePath "/configmap-airflow.yaml") . | sha256sum }} configmap.fabric8.io/update-on-change: "{{ template "airflow.fullname" . }}-env" - {{ range $key, $value := .Values.workers.pod.annotations }} - {{ $key }}: {{ $value | quote }} - {{- end }} +{{- if .Values.airflow.podAnnotations }} +{{ toYaml .Values.airflow.podAnnotations | indent 8 }} +{{- end }} +{{- if .Values.workers.podAnnotations }} +{{ toYaml .Values.workers.podAnnotations | indent 8 }} +{{- end }} labels: app: {{ template "airflow.name" . }} component: worker diff --git a/stable/airflow/values.yaml b/stable/airflow/values.yaml index ba31b64c6a8c..1c53c82b8353 100644 --- a/stable/airflow/values.yaml +++ b/stable/airflow/values.yaml @@ -132,6 +132,11 @@ airflow: ## type: aws ## extra: '{"aws_access_key_id": "**********", "aws_secret_access_key": "***", "region_name":"eu-central-1"}' connections: {} + ## + ## Annotations for the Scheduler, Worker and Web pods + podAnnotations: {} + ## Example: + ## iam.amazonaws.com/role: airflow-Role ## ## Workers configuration workers: @@ -150,10 +155,9 @@ workers: # memory: "512Mi" ## ## Annotations for the Worker pods - pod: - annotations: - ## Example: - ## iam.amazonaws.com/role: airflow-worker-Role + podAnnotations: {} + ## Example: + ## iam.amazonaws.com/role: airflow-Role ## ## Celery worker configuration celery: From 71aba34853380ba7977cb6aa650e7fd13ae39fea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bauer?= Date: Mon, 25 Feb 2019 06:27:45 +0100 Subject: [PATCH 0285/1586] updated metricbeat to 6.6.1 (#11668) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: André Bauer --- stable/metricbeat/Chart.yaml | 4 +-- stable/metricbeat/README.md | 62 +++++++++++++++++------------------ stable/metricbeat/values.yaml | 2 +- 3 files changed, 34 insertions(+), 34 deletions(-) diff --git a/stable/metricbeat/Chart.yaml b/stable/metricbeat/Chart.yaml index 7558fd768a6a..0064026e1174 100644 --- a/stable/metricbeat/Chart.yaml +++ b/stable/metricbeat/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v1 description: A Helm chart to collect Kubernetes logs with metricbeat icon: https://www.elastic.co/assets/blt47799dcdcf08438d/logo-elastic-beats-lt.svg name: metricbeat -version: 1.1.0 -appVersion: 6.6.0 +version: 1.1.1 +appVersion: 6.6.1 home: https://www.elastic.co/products/beats/metricbeat sources: - https://www.elastic.co/guide/en/beats/metricbeat/current/index.html diff --git a/stable/metricbeat/README.md b/stable/metricbeat/README.md index 6a1076b0f072..23724c12e4b7 100644 --- a/stable/metricbeat/README.md +++ b/stable/metricbeat/README.md @@ -4,7 +4,7 @@ ## Prerequisites -- Kubernetes 1.9+ +- Kubernetes 1.9+ ## Installing the Chart @@ -30,36 +30,36 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the metricbeat chart and their default values. -| Parameter | Description | Default | -|-------------------------------------|------------------------------------|-------------------------------------------| -| `image.repository` | The image repository to pull from | `docker.elastic.co/beats/metricbeat` | -| `image.tag` | The image tag to pull | `6.6.0` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `rbac.create` | If true, create & use RBAC resources | `true` | -| `serviceAccount.create` | If true, create & use ServiceAccount | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | | -| `config` | The content of the configuration file consumed by metricbeat. See the [metricbeat.reference.yml](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-reference-yml.html) for full details | | -| `plugins` | List of beat plugins | | -| `extraEnv` | Additional environment | | -| `extraVolumes`, `extraVolumeMounts` | Additional volumes and mounts, for example to provide other configuration files | | -| `resources.requests.cpu` | CPU resource requests | | -| `resources.limits.cpu` | CPU resource limits | | -| `resources.requests.memory` | Memory resource requests | | -| `resources.limits.memory` | Memory resource limits | | -| `daemonset.modules..config` | The content of the modules configuration file consumed by metricbeat deployed as daemonset, which is assumed to collect metrics in each nodes. See the [metricbeat.reference.yml](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-reference-yml.html) for full details | -| `daemonset.modules..enabled` | If true, enable configuration | | -| `daemonset.podAnnotations` | Pod annotations for daemonset | | -| `daemonset.nodeSelector` | Pod node selector for daemonset | `{}` | -| `daemonset.tolerations` | Pod taint tolerations for daemonset | `[{"key": "node-role.kubernetes.io/master", "operator": "Exists", "effect": "NoSchedule"}]` | -| `daemonset.resources.requests.cpu` | CPU resource requests for daemonset | | -| `daemonset.resources.limits.cpu` | CPU resource limits for daemonset | | -| `deployment.modules..config` | The content of the modules configuration file consumed by metricbeat deployed as deployment, which is assumed to collect cluster-level metrics. See the [metricbeat.reference.yml](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-reference-yml.html) for full details || -| `deployment.modules..enabled` | If true, enable configuration || -| `deployment.podAnnotations` | Pod annotations for deployment | | -| `deployment.nodeSelector` | Pod node selector for deployment | `{}` | -| `deployment.tolerations` | Pod taint tolerations for deployment | `[]` | -| `deployment.resources.requests.cpu` | CPU resource requests for daemonset | | -| `deployment.resources.limits.cpu` | CPU resource limits for daemonset | | +| Parameter | Description | Default | +| ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | +| `image.repository` | The image repository to pull from | `docker.elastic.co/beats/metricbeat` | +| `image.tag` | The image tag to pull | `6.6.1` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `rbac.create` | If true, create & use RBAC resources | `true` | +| `serviceAccount.create` | If true, create & use ServiceAccount | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | | +| `config` | The content of the configuration file consumed by metricbeat. See the [metricbeat.reference.yml](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-reference-yml.html) for full details | | +| `plugins` | List of beat plugins | | +| `extraEnv` | Additional environment | | +| `extraVolumes`, `extraVolumeMounts` | Additional volumes and mounts, for example to provide other configuration files | | +| `resources.requests.cpu` | CPU resource requests | | +| `resources.limits.cpu` | CPU resource limits | | +| `resources.requests.memory` | Memory resource requests | | +| `resources.limits.memory` | Memory resource limits | | +| `daemonset.modules..config` | The content of the modules configuration file consumed by metricbeat deployed as daemonset, which is assumed to collect metrics in each nodes. See the [metricbeat.reference.yml](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-reference-yml.html) for full details | | +| `daemonset.modules..enabled` | If true, enable configuration | | +| `daemonset.podAnnotations` | Pod annotations for daemonset | | +| `daemonset.nodeSelector` | Pod node selector for daemonset | `{}` | +| `daemonset.tolerations` | Pod taint tolerations for daemonset | `[{"key": "node-role.kubernetes.io/master", "operator": "Exists", "effect": "NoSchedule"}]` | +| `daemonset.resources.requests.cpu` | CPU resource requests for daemonset | | +| `daemonset.resources.limits.cpu` | CPU resource limits for daemonset | | +| `deployment.modules..config` | The content of the modules configuration file consumed by metricbeat deployed as deployment, which is assumed to collect cluster-level metrics. See the [metricbeat.reference.yml](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-reference-yml.html) for full details | | +| `deployment.modules..enabled` | If true, enable configuration | | +| `deployment.podAnnotations` | Pod annotations for deployment | | +| `deployment.nodeSelector` | Pod node selector for deployment | `{}` | +| `deployment.tolerations` | Pod taint tolerations for deployment | `[]` | +| `deployment.resources.requests.cpu` | CPU resource requests for daemonset | | +| `deployment.resources.limits.cpu` | CPU resource limits for daemonset | | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/metricbeat/values.yaml b/stable/metricbeat/values.yaml index 4e4d92fa755f..c9a41f348f95 100644 --- a/stable/metricbeat/values.yaml +++ b/stable/metricbeat/values.yaml @@ -1,6 +1,6 @@ image: repository: docker.elastic.co/beats/metricbeat - tag: 6.6.0 + tag: 6.6.1 pullPolicy: IfNotPresent # The instances created by daemonset retrieve most metrics from the host From 01261d516e62d07fe803fb9fc8a7c96f93b54b1a Mon Sep 17 00:00:00 2001 From: Ismail Alidzhikov Date: Mon, 25 Feb 2019 10:20:46 +0200 Subject: [PATCH 0286/1586] [stable/elasticsearch] Update elastic to 6.6.1 (#11669) Signed-off-by: ialidzhikov --- stable/elasticsearch/Chart.yaml | 4 ++-- stable/elasticsearch/README.md | 2 +- stable/elasticsearch/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/elasticsearch/Chart.yaml b/stable/elasticsearch/Chart.yaml index 8c77f0356b42..324917588973 100755 --- a/stable/elasticsearch/Chart.yaml +++ b/stable/elasticsearch/Chart.yaml @@ -1,7 +1,7 @@ name: elasticsearch home: https://www.elastic.co/products/elasticsearch -version: 1.21.0 -appVersion: 6.6.0 +version: 1.21.1 +appVersion: 6.6.1 description: Flexible and powerful open source, distributed real-time search and analytics engine. icon: https://static-www.elastic.co/assets/blteb1c97719574938d/logo-elastic-elasticsearch-lt.svg diff --git a/stable/elasticsearch/README.md b/stable/elasticsearch/README.md index 23eb3149ab79..35de9cb6b054 100644 --- a/stable/elasticsearch/README.md +++ b/stable/elasticsearch/README.md @@ -61,7 +61,7 @@ The following table lists the configurable parameters of the elasticsearch chart | Parameter | Description | Default | | ------------------------------------ | ------------------------------------------------------------------- | --------------------------------------------------- | -| `appVersion` | Application Version (Elasticsearch) | `6.6.0` | +| `appVersion` | Application Version (Elasticsearch) | `6.6.1` | | `image.repository` | Container image name | `docker.elastic.co/elasticsearch/elasticsearch-oss` | | `image.tag` | Container image tag | `6.5.1` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | diff --git a/stable/elasticsearch/values.yaml b/stable/elasticsearch/values.yaml index e7289057fa81..acfff404f4a9 100644 --- a/stable/elasticsearch/values.yaml +++ b/stable/elasticsearch/values.yaml @@ -1,7 +1,7 @@ # Default values for elasticsearch. # This is a YAML-formatted file. # Declare variables to be passed into your templates. -appVersion: "6.6.0" +appVersion: "6.6.1" ## Define serviceAccount names for components. Defaults to component's fully qualified name. ## @@ -33,7 +33,7 @@ podSecurityPolicy: image: repository: "docker.elastic.co/elasticsearch/elasticsearch-oss" - tag: "6.6.0" + tag: "6.6.1" pullPolicy: "IfNotPresent" # If specified, use these secrets to access the image # pullSecrets: From f5294200f032f60d1066ca5bdd54d77222598280 Mon Sep 17 00:00:00 2001 From: Brandon Bell Date: Mon, 25 Feb 2019 02:46:03 -0600 Subject: [PATCH 0287/1586] Chartmuseum/oracle (#11624) * Adding Oracle OCI Object Storage Signed-off-by: Brandon Bell * Bumping version Signed-off-by: Brandon Bell * Readme fixes Signed-off-by: Brandon Bell * Remove trailing whitespace Signed-off-by: Brandon Bell --- stable/chartmuseum/Chart.yaml | 2 +- stable/chartmuseum/README.md | 46 ++++++++++++++++++++ stable/chartmuseum/templates/deployment.yaml | 15 +++++++ stable/chartmuseum/values.yaml | 17 +++++++- 4 files changed, 78 insertions(+), 2 deletions(-) diff --git a/stable/chartmuseum/Chart.yaml b/stable/chartmuseum/Chart.yaml index 7bcd1f78a69d..462030a50162 100644 --- a/stable/chartmuseum/Chart.yaml +++ b/stable/chartmuseum/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Host your own Helm Chart Repository name: chartmuseum -version: 1.9.1 +version: 1.9.2 appVersion: 0.8.1 home: https://github.com/helm/chartmuseum icon: https://raw.githubusercontent.com/helm/chartmuseum/master/logo2.png diff --git a/stable/chartmuseum/README.md b/stable/chartmuseum/README.md index 833cc1dfb7d0..691a0b8509c6 100644 --- a/stable/chartmuseum/README.md +++ b/stable/chartmuseum/README.md @@ -22,6 +22,7 @@ Please also see https://github.com/kubernetes-helm/chartmuseum - [Using with Microsoft Azure Blob Storage](#using-with-microsoft-azure-blob-storage) - [Using with Alibaba Cloud OSS Storage](#using-with-alibaba-cloud-oss-storage) - [Using with Openstack Object Storage](#using-with-openstack-object-storage) + - [Using with Oracle Object Storage](#using-with-oracle-object-storage) - [Using an existing secret](#using-an-existing-secret) - [Using with local filesystem storage](#using-with-local-filesystem-storage) - [Example storage class](#example-storage-class) @@ -103,6 +104,9 @@ their default values. See values.yaml for all available options. | `env.open.STORAGE_OPENSTACK_PREFIX` | Prefix to store charts for openstack | `` | | `env.open.STORAGE_OPENSTACK_REGION` | Region of openstack container | `` | | `env.open.STORAGE_OPENSTACK_CACERT` | Path to a CA cert bundle for openstack | `` | +| `env.open.STORAGE_ORACLE_COMPARTMENTID`| Compartment ID for Oracle Object Store | `` | +| `env.open.STORAGE_ORACLE_BUCKET` | Bucket to store charts in Oracle Object Store | `` | +| `env.open.STORAGE_ORACLE_PREFIX` | Prefix to store charts for Oracle object Store | `` | | `env.open.CHART_POST_FORM_FIELD_NAME` | Form field to query for chart file content | `` | | `env.open.PROV_POST_FORM_FIELD_NAME` | Form field to query for chart provenance | `` | | `env.open.DEPTH` | levels of nested repos for multitenancy. | `0` | @@ -129,6 +133,10 @@ their default values. See values.yaml for all available options. | `gcp.secret.enabled` | Flag for the GCP service account | `false` | | `gcp.secret.name` | Secret name for the GCP json file | `` | | `gcp.secret.key` | Secret key for te GCP json file | `credentials.json` | +| `oracle.secret.enabled` | Flag for Oracle OCI account | `false` | +| `oracle.secret.name` | Secret name for OCI config and key | `` | +| `oracle.secret.config` | Secret key that holds the OCI config | `config` | +| `oracle.secret.key_file` | Secret key that holds the OCI private key | `key_file` | | `service.type` | Kubernetes Service type | `ClusterIP` | | `service.clusterIP` | Static clusterIP or None for headless services| `nil` | | `service.externalTrafficPolicy` | Source IP preservation (only for Service type NodePort) | `Local` | @@ -412,6 +420,44 @@ env: Run command to install +```shell +helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum +``` +### Using with Oracle Object Storage + +Oracle (OCI) configuration and private key need to be added to a secret and are mounted at /home/chartmuseum/.oci. Your OCI config needs to be under [DEFAULT] and your `key_file` needs to be /home/chartmuseum/.oci/oci.key. See https://docs.cloud.oracle.com/iaas/Content/API/Concepts/sdkconfig.htm + +```shell +kubectl create secret generic chartmuseum-secret --from-file=config=".oci/config" --from-file=key_file=".oci/oci.key" +``` + +Then you can either use a `VALUES` yaml with your values or set those values in the command line: + +```shell +helm install stable/chartmuseum --debug --set env.open.STORAGE=oracle,env.open.STORAGE_ORACLE_COMPARTMENTID=ocid1.compartment.oc1..abc123,env.open.STORAGE_ORACLE_BUCKET=myocibucket,env.open.STORAGE_ORACLE_PREFIX=chartmuseum,oracle.secret.enabled=true,oracle.secret.name=chartmuseum-secret +``` + +If you prefer to use a yaml file: + +```yaml +env: + open: + STORAGE: oracle + STORAGE_ORACLE_COMPARTMENTID: ocid1.compartment.oc1..abc123 + STORAGE_ORACLE_BUCKET: myocibucket + STORAGE_ORACLE_PREFIX: chartmuseum + +oracle: + secret: + enabled: enabled + name: chartmuseum-secret + config: config + key_file: key_file + +``` + +Run command to install + ```shell helm install --name my-chartmuseum -f custom.yaml stable/chartmuseum ``` diff --git a/stable/chartmuseum/templates/deployment.yaml b/stable/chartmuseum/templates/deployment.yaml index 3187b2fbf293..bed2e53512da 100644 --- a/stable/chartmuseum/templates/deployment.yaml +++ b/stable/chartmuseum/templates/deployment.yaml @@ -104,6 +104,11 @@ spec: volumeMounts: - mountPath: /etc/secrets/google name: {{ include "chartmuseum.fullname" . }}-gcp +{{- end }} +{{- if .Values.oracle.secret.enabled }} + volumeMounts: + - mountPath: /home/chartmuseum/.oci + name: {{ include "chartmuseum.fullname" . }}-oracle {{- end }} {{- with .Values.resources }} resources: @@ -153,3 +158,13 @@ spec: path: credentials.json {{ end }} {{ end }} + {{ if .Values.oracle.secret.enabled }} + - name: {{ include "chartmuseum.fullname" . }}-oracle + secret: + secretName: {{ .Values.oracle.secret.name }} + items: + - key: {{ .Values.oracle.secret.config }} + path: config + - key: {{ .Values.oracle.secret.key_file }} + path: oci.key + {{ end }} diff --git a/stable/chartmuseum/values.yaml b/stable/chartmuseum/values.yaml index 355125e07797..4785efe5ef33 100644 --- a/stable/chartmuseum/values.yaml +++ b/stable/chartmuseum/values.yaml @@ -9,7 +9,7 @@ image: pullPolicy: IfNotPresent env: open: - # storage backend, can be one of: local, alibaba, amazon, google, microsoft + # storage backend, can be one of: local, alibaba, amazon, google, microsoft, oracle STORAGE: local # oss bucket to store charts for alibaba storage backend STORAGE_ALIBABA_BUCKET: @@ -46,6 +46,12 @@ env: STORAGE_OPENSTACK_REGION: # path to a CA cert bundle for your openstack endpoint STORAGE_OPENSTACK_CACERT: + # compartment id for for oracle storage backend + STORAGE_ORACLE_COMPARTMENTID: + # oci bucket to store charts for oracle storage backend + STORAGE_ORACLE_BUCKET: + # prefix to store charts for oracle storage backend + STORAGE_ORACLE_PREFIX: # form field which will be queried for the chart file content CHART_POST_FORM_FIELD_NAME: chart # form field which will be queried for the provenance file content @@ -233,3 +239,12 @@ gcp: name: # Secret key that holds the json value. key: credentials.json +oracle: + secret: + enabled: false + # Name of the secret that contains the encoded config and key + name: + # Secret key that holds the oci config + config: config + # Secret key that holds the oci private key + key_file: key_file From c680f8a3342d3b1fdd57f41ba47ff3004d5ee039 Mon Sep 17 00:00:00 2001 From: Gus Date: Mon, 25 Feb 2019 10:35:06 +0100 Subject: [PATCH 0288/1586] Refactoring chart + Readme to make them consistent (#11636) * refactoring chart + Readme to make them consistent Signed-off-by: Pierre Guceski * bumping version + re-ordering configs Signed-off-by: Pierre Guceski * adding new line character at the end of value file Signed-off-by: Pierre Guceski * fixing lint Signed-off-by: Pierre Guceski * review update Signed-off-by: Pierre Guceski * refactor wording for 0.18 Signed-off-by: Pierre Guceski * removing wrong ref Signed-off-by: Pierre Guceski --- stable/datadog/Chart.yaml | 2 +- stable/datadog/README.md | 316 +++++++++++-------- stable/datadog/values.yaml | 628 +++++++++++++++++++++++-------------- 3 files changed, 576 insertions(+), 370 deletions(-) diff --git a/stable/datadog/Chart.yaml b/stable/datadog/Chart.yaml index ffa2b7e74b75..1f0fc83536c5 100755 --- a/stable/datadog/Chart.yaml +++ b/stable/datadog/Chart.yaml @@ -1,5 +1,5 @@ name: datadog -version: 1.21.2 +version: 1.22.0 appVersion: 6.9.0 description: DataDog Agent keywords: diff --git a/stable/datadog/README.md b/stable/datadog/README.md index 45031ffbc042..3b71f138599e 100644 --- a/stable/datadog/README.md +++ b/stable/datadog/README.md @@ -1,177 +1,142 @@ # Datadog -[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. +[Datadog](https://www.datadoghq.com/) is a hosted infrastructure monitoring platform. This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). -## Introduction +Datadog [offers two variants](https://hub.docker.com/r/datadog/agent/tags/), switch to a `-jmx` tag if you need to run JMX/java integrations. The chart also supports running [the standalone dogstatsd image](https://hub.docker.com/r/datadog/dogstatsd/tags/). -This chart adds the Datadog Agent to all nodes in your cluster via a DaemonSet. It also optionally depends on the [kube-state-metrics chart](https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics). For more information about monitoring Kubernetes with Datadog, please refer to the [Datadog documentation website](https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/). +See the [Datadog JMX integration](https://docs.datadoghq.com/integrations/java/) to learn more. ## Prerequisites -Kubernetes 1.4+ or OpenShift 3.4+ (1.3 support is currently partial, full support is planned for 6.4.0). +Kubernetes 1.4+ or OpenShift 3.4+, note that: + +* the Datadog Agent supports Kubernetes 1.3+ +* The Datadog chart's defaults are tailored to Kubernetes 1.7.6+, see [Datadog Agent legacy Kubernetes versions documentation](https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#legacy-kubernetes-versions) for adjustments you might need to make for older versions + +## Quick start + +By default, the Datadog Agent runs in a DaemonSet. It can alternatively run inside a Deployment for special use cases. + +**Note:** simultaneous DaemonSet + Deployment installation within a single release will be deprecated in a future version, requiring two releases to achieve this. -## Installing the Chart +### Installing the Datadog Chart -To install the chart with the release name `my-release`, retrieve your Datadog API key from your [Agent Installation Instructions](https://app.datadoghq.com/account/settings#agent/kubernetes) and run: +To install the chart with the release name ``, retrieve your Datadog API key from your [Agent Installation Instructions](https://app.datadoghq.com/account/settings#agent/kubernetes) and run: ```bash -helm install --name my-release \ - --set datadog.apiKey=YOUR-KEY-HERE stable/datadog +helm install --name \ + --set datadog.apiKey= stable/datadog ``` -After a few minutes, you should see hosts and metrics being reported in Datadog. - -**Tip**: List all releases using `helm list` +By default, this Chart creates a Secret and puts an API key in that Secret. +However, you can use manually created secret by setting the `datadog.apiKeyExistingSecret` value. After a few minutes, you should see hosts and metrics being reported in Datadog. ### Enabling the Datadog Cluster Agent Read about the Datadog Cluster Agent in the [official documentation](https://docs.datadoghq.com/agent/kubernetes/cluster/). -Run the following if you want to deploy the chart with the Datadog Cluster Agent. -Note that specifying `clusterAgent.metricsProvider.enabled=true` will enable the External Metrics Server. -If you want to learn to use this feature, you can check out this [walkthrough](https://github.com/DataDog/datadog-agent/blob/master/docs/cluster-agent/CUSTOM_METRICS_SERVER.md). -The Leader Election is enabled by default in the chart for the Cluster Agent. Only the Cluster Agent(s) participate in the election, in case you have several replicas configured (using `clusterAgent.replicas`. -You can specify the token used to secure the communication between the Cluster Agent(s)q and the Agents with `clusterAgent.token`. If not specified, a random one will be generated and you will be prompted a warning when installing the chart. +Run the following if you want to deploy the chart with the Datadog Cluster Agent: ```bash helm install --name datadog-monitoring \ - --set datadog.apiKey=YOUR-API-KEY-HERE \ - --set datadog.appKey=YOUR-APP-KEY-HERE \ + --set datadog.apiKey= \ + --set datadog.appKey== 1.19.0 + +Version `1.19.0` introduces the use of release name as full name if it contains the chart name(`datadog` in this case). +E.g. with a release name of `datadog`, this renames the `DaemonSet` from `datadog-datadog` to `datadog`. +The suggested approach is to delete the release and reinstall it. + +### Uninstalling the Chart + +To uninstall/delete the `` deployment: ```bash -helm delete my-release +helm delete --purge ``` The command removes all the Kubernetes components associated with the chart and deletes the release. ## Configuration -The following table lists the configurable parameters of the Datadog chart and their default values. - -| Parameter | Description | Default | -|-----------------------------|------------------------------------|-------------------------------------------| -| `datadog.apiKey` | Your Datadog API key | `Nil` You must provide your own key | -| `datadog.apiKeyExistingSecret` | If set, use the secret with a provided name instead of creating a new one |`nil` | -| `datadog.appKey` | Datadog APP key required to use metricsProvider | `Nil` You must provide your own key | -| `datadog.appKeyExistingSecret` | If set, use the secret with a provided name instead of creating a new one |`nil` | -| `image.repository` | The image repository to pull from | `datadog/agent` | -| `image.tag` | The image tag to pull | `6.9.0` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Image pull secrets | `nil` | -| `rbac.create` | If true, create & use RBAC resources | `true` | -| `rbac.serviceAccount` | existing ServiceAccount to use (ignored if rbac.create=true) | `default` | -| `datadog.name` | Container name if Daemonset or Deployment | `datadog` | -| `datadog.site` | Site ('datadoghq.com' or 'datadoghq.eu') | `nil` | -| `datadog.dd_url` | Datadog intake server | `nil` | -| `datadog.env` | Additional Datadog environment variables | `nil` | -| `datadog.logsEnabled` | Enable log collection | `nil` | -| `datadog.logsConfigContainerCollectAll` | Collect logs from all containers | `nil` | -| `datadog.logsPointerHostPath` | Host path to store the log tailing state in | `/var/lib/datadog-agent/logs` | -| `datadog.apmEnabled` | Enable tracing from the host | `nil` | -| `datadog.processAgentEnabled` | Enable live process monitoring | `nil` | -| `datadog.checksd` | Additional custom checks as python code | `nil` | -| `datadog.confd` | Additional check configurations (static and Autodiscovery) | `nil` | -| `datadog.criSocketPath` | Path to the container runtime socket (if different from Docker) | `nil` | -| `datadog.tags` | Set host tags | `nil` | -| `datadog.nonLocalTraffic` | Enable statsd reporting from any external ip | `False` | -| `datadog.useCriSocketVolume` | Enable mounting the container runtime socket in Agent containers | `True` | -| `datadog.dogstatsdOriginDetection` | Enable origin detection for container tagging | `False` | -| `datadog.useDogStatsDSocketVolume` | Enable dogstatsd over Unix Domain Socket | `False` | -| `datadog.volumes` | Additional volumes for the daemonset or deployment | `nil` | -| `datadog.volumeMounts` | Additional volumeMounts for the daemonset or deployment | `nil` | -| `datadog.podAnnotationsAsTags` | Kubernetes Annotations to Datadog Tags mapping | `nil` | -| `datadog.podLabelsAsTags` | Kubernetes Labels to Datadog Tags mapping | `nil` | -| `datadog.resources.requests.cpu` | CPU resource requests | `200m` | -| `datadog.resources.limits.cpu` | CPU resource limits | `200m` | -| `datadog.resources.requests.memory` | Memory resource requests | `256Mi` | -| `datadog.resources.limits.memory` | Memory resource limits | `256Mi` | -| `datadog.securityContext` | Allows you to overwrite the default securityContext applied to the container | `nil` | -| `datadog.livenessProbe` | Overrides the default liveness probe | http port 5555 | -| `datadog.hostname` | Set the hostname (write it in datadog.conf) | `nil` | -| `datadog.acInclude` | Include containers based on image name | `nil` | -| `datadog.acExclude` | Exclude containers based on image name | `nil` | -| `daemonset.podAnnotations` | Annotations to add to the DaemonSet's Pods | `nil` | -| `daemonset.tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `nil` | -| `daemonset.nodeSelector` | Node selectors | `nil` | -| `daemonset.affinity` | Node affinities | `nil` | -| `daemonset.useHostNetwork` | If true, use the host's network | `nil` | -| `daemonset.useHostPID`. | If true, use the host's PID namespace | `nil` | -| `daemonset.useHostPort` | If true, use the same ports for both host and container | `nil` | -| `daemonset.priorityClassName` | Which Priority Class to associate with the daemonset| `nil` | -| `datadog.leaderElection` | Enable the leader Election feature | `false` | -| `datadog.leaderLeaseDuration`| The duration for which a leader stays elected.| `nil` | -| `datadog.collectEvents` | Enable Kubernetes event collection. Requires leader election. | `false` | -| `deployment.affinity` | Node / Pod affinities | `{}` | -| `deployment.tolerations` | List of node taints to tolerate | `[]` | -| `deployment.priorityClassName` | Which Priority Class to associate with the deployment | `nil` | -| `kubeStateMetrics.enabled` | If true, create kube-state-metrics | `true` | -| `kube-state-metrics.rbac.create`| If true, create & use RBAC resources for kube-state-metrics | `true` | -| `kube-state-metrics.rbac.serviceAccount` | existing ServiceAccount to use (ignored if rbac.create=true) for kube-state-metrics | `default` | -| `clusterAgent.enabled` | Use the cluster-agent for cluster metrics (Kubernetes 1.10+ only) | `false` | -| `clusterAgent.token` | A cluster-internal secret for agent-to-agent communication. Must be 32+ characters a-zA-Z | Generates a random value | -| `clusterAgent.containerName` | The container name for the Cluster Agent | `cluster-agent` | -| `clusterAgent.image.repository` | The image repository for the cluster-agent | `datadog/cluster-agent` | -| `clusterAgent.image.tag` | The image tag to pull | `1.0.0` | -| `clusterAgent.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `clusterAgent.image.pullSecrets` | Image pull secrets | `nil` | -| `clusterAgent.metricsProvider.enabled` | Enable Datadog metrics as a source for HPA scaling | `false` | -| `clusterAgent.resources.requests.cpu` | CPU resource requests | `200m` | -| `clusterAgent.resources.limits.cpu` | CPU resource limits | `200m` | -| `clusterAgent.resources.requests.memory` | Memory resource requests | `256Mi` | -| `clusterAgent.resources.limits.memory` | Memory resource limits | `256Mi` | -| `clusterAgent.tolerations` | List of node taints to tolerate | `[]` | -| `clusterAgent.livenessProbe` | Overrides the default liveness probe | http port 443 if external metrics enabled | -| `clusterAgent.readinessProbe` | Overrides the default readiness probe | http port 443 if external metrics enabled | - -Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, +As a best practice, a YAML file that specifies the values for the chart parameters should be provided to configure the chart: + +1. **Copy the default [`datadog-values.yaml`](/values.yaml) value file.** +2. Set the `apiKey` parameter with your [Datadog API key](https://app.datadoghq.com/account/settings#api). +3. Upgrade the Datadog Helm chart with the new `datadog-values.yaml` file: ```bash -helm install --name my-release \ - --set datadog.apiKey=YOUR-KEY-HERE,datadog.logLevel=DEBUG \ - stable/datadog +helm upgrade -f datadog-values.yaml stable/datadog --recreate-pods +``` + +See the [All configuration options](#all-configuration-options) section to discover all possibilities offered by the Datadog chart. + +### Enabling Log Collection + +Update your [datadog-values.yaml](/values.yaml) file with the following log collection configuration: + +``` +datadog: + (...) + logsEnabled: true + logsConfigContainerCollectAll: true ``` -Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, +then upgrade your Datadog Helm chart: ```bash -helm install --name my-release -f my-values.yaml stable/datadog +helm upgrade -f datadog-values.yaml stable/datadog --recreate-pods ``` -**Tip**: You can copy and customize the default [values.yaml](values.yaml) +### Enabling Process Collection -### Image repository and tag +Update your [datadog-values.yaml](/values.yaml) file with the process collection configuration: -Datadog [offers two variants](https://hub.docker.com/r/datadog/agent/tags/), switch to a `-jmx` tag if you need to run JMX/java integrations. The chart also supports running [the standalone dogstatsd image](https://hub.docker.com/r/datadog/dogstatsd/tags/). +``` +datadog: + (...) + processAgentEnabled: true +``` -Starting with version 1.0.0, this chart does not support deploying Agent 5.x anymore. If you cannot upgrade to Agent 6.x, you can use a previous version of the chart by calling helm install with `--version 0.18.0`. +then upgrade your Datadog Helm chart: -### DaemonSet and Deployment +```bash +helm upgrade -f datadog-values.yaml stable/datadog --recreate-pods +``` -By default, the Datadog Agent runs in a DaemonSet. It can alternatively run inside a Deployment for special use cases. +### Kubernetes event collection -**Note:** simultaneous DaemonSet + Deployment installation within a single release will be deprecated in a future version, requiring two releases to achieve this. +Use the [Datadog Cluster Agent](#enabling-the-datadog-cluster-agent) to collect Kubernetes events. Please read [the official documentation](https://docs.datadoghq.com/agent/kubernetes/event_collection/) for more context. -### Secret +Alternatively set the `datadog.leaderElection`, `datadog.collectEvents` and `rbac.create` options to `true` in order to enable Kubernetes event collection. -By default, this Chart creates a Secret and puts an API key in that Secret. -However, you can use manually created secret by setting the `datadog.apiKeyExistingSecret` value. +### conf.d and checks.d -### confd and checksd +The Datadog [entrypoint](https://github.com/DataDog/datadog-agent/blob/master/Dockerfiles/agent/entrypoint/89-copy-customfiles.sh) copies files with a `.yaml` extension found in `/conf.d` and files with `.py` extension in `/check.d` to `/etc/datadog-agent/conf.d` and `/etc/datadog-agent/checks.d` respectively. -The Datadog [entrypoint -](https://github.com/DataDog/datadog-agent/blob/master/Dockerfiles/agent/entrypoint/89-copy-customfiles.sh) -will copy files with a `.yaml` extension found in `/conf.d` and files with `.py` extension in -`/check.d` to `/etc/datadog-agent/conf.d` and `/etc/datadog-agent/checks.d` respectively. The keys for -`datadog.confd` and `datadog.checksd` should mirror the content found in their -respective ConfigMaps, ie +The keys for `datadog.confd` and `datadog.checksd` should mirror the content found in their respective ConfigMaps. Update your [datadog-values.yaml](/values.yaml) file with the check configurations: ```yaml datadog: @@ -198,18 +163,17 @@ datadog: port: 6379 ``` -For more details, please refer to [the documentation](https://docs.datadoghq.com/agent/kubernetes/integrations/). - -### Kubernetes event collection +then upgrade your Datadog Helm chart: -To enable event collection, you will need to set the `datadog.leaderElection`, `datadog.collectEvents` and `rbac.create` options to `true`. +```bash +helm upgrade -f datadog-values.yaml stable/datadog --recreate-pods +``` -It is now recommended to use the Datadog Cluster Agent to collect the events - Refer to the [Enabling the Datadog Cluster Agent](#enabling-the-datadog-cluster-agent) section. -Please read [the official documentation](https://docs.datadoghq.com/agent/kubernetes/event_collection/) for more context. +For more details, please refer to [the documentation](https://docs.datadoghq.com/agent/kubernetes/integrations/). ### Kubernetes Labels and Annotations -To map Kubernetes pod labels and annotations to Datadog tags, provide a dictionary with kubernetes labels/annotations as keys and datadog tags as values: +To map Kubernetes pod labels and annotations to Datadog tags, provide a dictionary with kubernetes labels/annotations as keys and Datadog tags key as values in your [datadog-values.yaml](/values.yaml) file: ```yaml podAnnotationsAsTags: @@ -222,19 +186,101 @@ podLabelsAsTags: release: helm_release ``` +then upgrade your Datadog Helm chart: + +```bash +helm upgrade -f datadog-values.yaml stable/datadog --recreate-pods +``` + ### CRI integration -As of the version 6.6.0, the Datadog Agent supports collecting metrics from any container runtime interface used in your cluster. -Configure the location path of the socket with `datadog.criSocketPath` and make sure you allow the socket to be mounted into the pod running the agent by setting `datadog.useCriSocketVolume` to `True`. +As of the version 6.6.0, the Datadog Agent supports collecting metrics from any container runtime interface used in your cluster. Configure the location path of the socket with `datadog.criSocketPath` and make sure you allow the socket to be mounted into the pod running the agent by setting `datadog.useCriSocketVolume` to `True`. Standard paths are: - Containerd socket: `/var/run/containerd/containerd.sock` - Cri-o socket: `/var/run/crio/crio.sock` -## Updating +## All configuration options -### From < 1.19.0 to >= 1.19.0 +The following table lists the configurable parameters of the Datadog chart and their default values. Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, -Version `1.19.0` introduces the use of release name as full name if it contains the chart name(`datadog` in this case). -E.g. with a release name of `datadog`, this renames the `DaemonSet` from `datadog-datadog` to `datadog`. -The suggested approach is to delete the release and reinstall it. \ No newline at end of file +```bash +helm install --name \ + --set datadog.apiKey=,datadog.logLevel=DEBUG \ + stable/datadog +``` + +| Parameter | Description | Default | +| ----------------------------- | ------------------------------------ | ------------------------------------------- | +| `datadog.apiKey` | Your Datadog API key | `Nil` You must provide your own key | +| `datadog.apiKeyExistingSecret` | If set, use the secret with a provided name instead of creating a new one | `nil` | +| `datadog.appKey` | Datadog APP key required to use metricsProvider | `Nil` You must provide your own key | +| `datadog.appKeyExistingSecret` | If set, use the secret with a provided name instead of creating a new one | `nil` | +| `image.repository` | The image repository to pull from | `datadog/agent` | +| `image.tag` | The image tag to pull | `6.9.0` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets | `nil` | +| `rbac.create` | If true, create & use RBAC resources | `true` | +| `rbac.serviceAccount` | existing ServiceAccount to use (ignored if rbac.create=true) | `default` | +| `datadog.name` | Container name if Daemonset or Deployment | `datadog` | +| `datadog.site` | Site ('datadoghq.com' or 'datadoghq.eu') | `nil` | +| `datadog.dd_url` | Datadog intake server | `nil` | +| `datadog.env` | Additional Datadog environment variables | `nil` | +| `datadog.logsEnabled` | Enable log collection | `nil` | +| `datadog.logsConfigContainerCollectAll` | Collect logs from all containers | `nil` | +| `datadog.logsPointerHostPath` | Host path to store the log tailing state in | `/var/lib/datadog-agent/logs` | +| `datadog.apmEnabled` | Enable tracing from the host | `nil` | +| `datadog.processAgentEnabled` | Enable live process monitoring | `nil` | +| `datadog.checksd` | Additional custom checks as python code | `nil` | +| `datadog.confd` | Additional check configurations (static and Autodiscovery) | `nil` | +| `datadog.criSocketPath` | Path to the container runtime socket (if different from Docker) | `nil` | +| `datadog.tags` | Set host tags | `nil` | +| `datadog.nonLocalTraffic` | Enable statsd reporting from any external ip | `False` | +| `datadog.useCriSocketVolume` | Enable mounting the container runtime socket in Agent containers | `True` | +| `datadog.dogstatsdOriginDetection` | Enable origin detection for container tagging | `False` | +| `datadog.useDogStatsDSocketVolume` | Enable dogstatsd over Unix Domain Socket | `False` | +| `datadog.volumes` | Additional volumes for the daemonset or deployment | `nil` | +| `datadog.volumeMounts` | Additional volumeMounts for the daemonset or deployment | `nil` | +| `datadog.podAnnotationsAsTags` | Kubernetes Annotations to Datadog Tags mapping | `nil` | +| `datadog.podLabelsAsTags` | Kubernetes Labels to Datadog Tags mapping | `nil` | +| `datadog.resources.requests.cpu` | CPU resource requests | `200m` | +| `datadog.resources.limits.cpu` | CPU resource limits | `200m` | +| `datadog.resources.requests.memory` | Memory resource requests | `256Mi` | +| `datadog.resources.limits.memory` | Memory resource limits | `256Mi` | +| `datadog.securityContext` | Allows you to overwrite the default securityContext applied to the container | `nil` | +| `datadog.livenessProbe` | Overrides the default liveness probe | http port 5555 | +| `datadog.hostname` | Set the hostname (write it in datadog.conf) | `nil` | +| `datadog.acInclude` | Include containers based on image name | `nil` | +| `datadog.acExclude` | Exclude containers based on image name | `nil` | +| `daemonset.podAnnotations` | Annotations to add to the DaemonSet's Pods | `nil` | +| `daemonset.tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `nil` | +| `daemonset.nodeSelector` | Node selectors | `nil` | +| `daemonset.affinity` | Node affinities | `nil` | +| `daemonset.useHostNetwork` | If true, use the host's network | `nil` | +| `daemonset.useHostPID`. | If true, use the host's PID namespace | `nil` | +| `daemonset.useHostPort` | If true, use the same ports for both host and container | `nil` | +| `daemonset.priorityClassName` | Which Priority Class to associate with the daemonset | `nil` | +| `datadog.leaderElection` | Enable the leader Election feature | `false` | +| `datadog.leaderLeaseDuration` | The duration for which a leader stays elected. | `nil` | +| `datadog.collectEvents` | Enable Kubernetes event collection. Requires leader election. | `false` | +| `deployment.affinity` | Node / Pod affinities | `{}` | +| `deployment.tolerations` | List of node taints to tolerate | `[]` | +| `deployment.priorityClassName` | Which Priority Class to associate with the deployment | `nil` | +| `kubeStateMetrics.enabled` | If true, create kube-state-metrics | `true` | +| `kube-state-metrics.rbac.create` | If true, create & use RBAC resources for kube-state-metrics | `true` | +| `kube-state-metrics.rbac.serviceAccount` | existing ServiceAccount to use (ignored if rbac.create=true) for kube-state-metrics | `default` | +| `clusterAgent.enabled` | Use the cluster-agent for cluster metrics (Kubernetes 1.10+ only) | `false` | +| `clusterAgent.token` | A cluster-internal secret for agent-to-agent communication. Must be 32+ characters a-zA-Z | Generates a random value | +| `clusterAgent.containerName` | The container name for the Cluster Agent | `cluster-agent` | +| `clusterAgent.image.repository` | The image repository for the cluster-agent | `datadog/cluster-agent` | +| `clusterAgent.image.tag` | The image tag to pull | `1.0.0` | +| `clusterAgent.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `clusterAgent.image.pullSecrets` | Image pull secrets | `nil` | +| `clusterAgent.metricsProvider.enabled` | Enable Datadog metrics as a source for HPA scaling | `false` | +| `clusterAgent.resources.requests.cpu` | CPU resource requests | `200m` | +| `clusterAgent.resources.limits.cpu` | CPU resource limits | `200m` | +| `clusterAgent.resources.requests.memory` | Memory resource requests | `256Mi` | +| `clusterAgent.resources.limits.memory` | Memory resource limits | `256Mi` | +| `clusterAgent.tolerations` | List of node taints to tolerate | `[]` | +| `clusterAgent.livenessProbe` | Overrides the default liveness probe | http port 443 if external metrics enabled | +| `clusterAgent.readinessProbe` | Overrides the default readiness probe | http port 443 if external metrics enabled | diff --git a/stable/datadog/values.yaml b/stable/datadog/values.yaml index 64959997267d..e7a8d098720d 100644 --- a/stable/datadog/values.yaml +++ b/stable/datadog/values.yaml @@ -1,290 +1,299 @@ -# Default values for datadog. -image: - # This chart is compatible with different images, please choose one - repository: datadog/agent # Agent6 - # repository: datadog/dogstatsd # Standalone DogStatsD6 - tag: 6.9.0 # Use 6.9.0-jmx to enable jmx fetch collection - pullPolicy: IfNotPresent - ## It is possible to specify docker registry credentials - ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod - # pullSecrets: - # - name: regsecret - -# NB! Normally you need to keep Datadog DaemonSet enabled! -# The exceptional case could be a situation when you need to run -# single DataDog pod per every namespace, but you do not need to -# re-create a DaemonSet for every non-default namespace install. -# Note, that StatsD and DogStatsD work over UDP, so you may not -# get guaranteed delivery of the metrics in Datadog-per-namespace setup! -daemonset: - enabled: true - ## Bind ports on the hostNetwork. Useful for CNI networking where hostPort might - ## not be supported. The ports will need to be available on all hosts. Can be - ## used for custom metrics instead of a service endpoint. - ## WARNING: Make sure that hosts using this are properly firewalled otherwise - ## metrics and traces will be accepted from any host able to connect to this host. - # useHostNetwork: true - - ## Sets the hostPort to the same value of the container port. Needs to be used - ## to receive traces in a standard APM set up. Can be used as for sending custom metrics. - ## The ports will need to be available on all hosts. - ## WARNING: Make sure that hosts using this are properly firewalled otherwise - ## metrics and traces will be accepted from any host able to connect to this host. - # useHostPort: true - - ## Run the agent in the host's PID namespace. This is required for Dogstatsd origin - ## detection to work. See https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ - # useHostPID: true - - ## Annotations to add to the DaemonSet's Pods - # podAnnotations: - # scheduler.alpha.kubernetes.io/tolerations: '[{"key": "example", "value": "foo"}]' - - ## Allow the DaemonSet to schedule on tainted nodes (requires Kubernetes >= 1.6) - # tolerations: [] - - ## Allow the DaemonSet to schedule on selected nodes - # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - # nodeSelector: {} - - ## Allow the DaemonSet to schedule ussing affinity rules - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - # affinity: {} - - ## Allow the DaemonSet to perform a rolling update on helm update - ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ - # updateStrategy: RollingUpdate +## Default values for Datadog Agent +## See Datadog helm documentation to learn more: +## https://docs.datadoghq.com/agent/kubernetes/helm/ - ## Sets PriorityClassName if defined - # priorityClassName: - -# Apart from DaemonSet, deploy Datadog agent pods and related service for -# applications that want to send custom metrics. Provides DogStasD service. +## @param image - object - required +## Define the Datadog image to work with. # -# HINT: If you want to use datadog.collectEvents, keep deployment.replicas set to 1. -deployment: - enabled: false - replicas: 1 - # Affinity for pod assignment - # Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity - affinity: {} - # Tolerations for pod assignment - # Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] - # If you're using a NodePort-type service and need a fixed port, set this parameter. - # dogstatsdNodePort: 8125 - # traceNodePort: 8126 - - service: - type: ClusterIP - annotations: {} - - ## Sets PriorityClassName if defined - # priorityClassName: - -## deploy the kube-state-metrics deployment -## ref: https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics - -kubeStateMetrics: - enabled: true +image: -# This is the new cluster agent implementation that handles cluster-wide -# metrics more cleanly, separates concerns for better rbac, and implements -# the external metrics API so you can autoscale HPAs based on datadog -# metrics -clusterAgent: - containerName: cluster-agent - image: - repository: datadog/cluster-agent - tag: 1.1.0 - pullPolicy: IfNotPresent - enabled: false - ## This needs to be at least 32 characters a-zA-z - ## It is a preshared key between the node agents and the cluster agent - token: "" - replicas: 1 - ## Enable the metricsProvider to be able to scale based on metrics in Datadog - metricsProvider: - enabled: false - resources: - requests: - cpu: 200m - memory: 256Mi - limits: - cpu: 200m - memory: 256Mi + ## @param repository - string - required + ## Define the repository to use: + ## use "datadog/agent" for Datadog Agent 6 + ## use "datadog/dogstatsd" for Standalone Datadog Agent DogStatsD6 + # + repository: datadog/agent + + ## @param tag - string - required + ## Define the Agent version to use. + ## Use 6.9.0-jmx to enable jmx fetch collection + # + tag: 6.9.0 + + ## @param pullPolicy - string - required + ## The Kubernetes pull policy. + # + pullPolicy: IfNotPresent - ## Override the agent's liveness probe logic from the default: - ## In case of issues with the probe, you can disable it with the - ## following values, to allow easier investigating: - # livenessProbe: - # exec: - # command: ["/bin/true"] - ## Override the cluster-agent's readiness probe logic from the default: - # readinessProbe: + ## @param pullSecrets - list of key:value strings - optional + ## It is possible to specify docker registry credentials + ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + # + # pullSecrets: + # - name: "" datadog: - ## You'll need to set this to your Datadog API key before the agent will run. + + ## @param apiKey - string - required + ## Set this to your Datadog API key before the Agent runs. ## ref: https://app.datadoghq.com/account/settings#agent/kubernetes - ## - # apiKey: + # + apiKey: + + ## @param apiKeyExistingSecret - string - optional + ## Use existing Secret which stores API key instead of creating a new one. + ## If set, this parameter takes precedence over "apiKey". + # + # apiKeyExistingSecret: + + ## @param appKey - string - optional + ## If you are using clusterAgent.metricsProvider.enabled = true, you must set + ## a Datadog application key for read access to your metrics. + # + # appKey: + + ## @param appKeyExistingSecret - string - optional + ## Use existing Secret which stores APP key instead of creating a new one + ## If set, this parameter takes precedence over "appKey". + # + # appKeyExistingSecret: + ## @param securityContext - object - optional ## You can modify the security context used to run the containers by ## modifying the label type below: - # securityContext: - # seLinuxOptions: - # seLinuxLabel: "spc_t" - - ## Use existing Secret which stores API key instead of creating a new one - # apiKeyExistingSecret: - - ## If you are using clusterAgent.metricsProvider.enabled = true, you'll need - ## a datadog app key for read access to the metrics - # appKey: - - ## Use existing Secret which stores APP key instead of creating a new one - # appKeyExistingSecret: + # + # securityContext: + # seLinuxOptions: + # seLinuxLabel: "spc_t" + ## @param name - string - required ## Daemonset/Deployment container name ## See clusterAgent.containerName if clusterAgent.enabled = true - ## + # name: datadog - # The site of the Datadog intake to send Agent data to. - # Defaults to 'datadoghq.com', set to 'datadoghq.eu' to send data to the EU site. - # site: datadoghq.com - - # The host of the Datadog intake server to send Agent data to, only set this option - # if you need the Agent to send data to a custom URL. - # Overrides the site setting defined in "site". - # dd_url: https://app.datadoghq.com - - ## Set logging verbosity. - ## ref: https://github.com/DataDog/docker-dd-agent#environment-variables - ## Note: For Agent6 (image `datadog/agent`) the valid log levels are + ## @param site - string - optional - default: 'datadoghq.com' + ## The site of the Datadog intake to send Agent data to. + ## Set to 'datadoghq.eu' to send data to the EU site. + # + # site: datadoghq.com + + ## @param dd_url - string - optional - default: 'https://app.datadoghq.com' + ## The host of the Datadog intake server to send Agent data to, only set this option + ## if you need the Agent to send data to a custom URL. + ## Overrides the site setting defined in "site". + # + # dd_url: https://app.datadoghq.com + + ## @param logLevel - string - required + ## Set logging verbosity, valid log levels are: ## trace, debug, info, warn, error, critical, and off - ## + # logLevel: INFO - ## Un-comment this to make each node accept non-local statsd traffic. - ## ref: https://github.com/DataDog/docker-dd-agent#environment-variables - ## - # nonLocalTraffic: true + ## @param podLabelsAsTags - list of key:value strings - optional + ## Provide a mapping of Kubernetes Labels to Datadog Tags. + # + # podLabelsAsTags: + # app: kube_app + # release: helm_release + # : - ## Enable origin detection for container tagging - ## https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging + ## @param podAnnotationsAsTags - list of key:value strings - optional + ## Provide a mapping of Kubernetes Annotations to Datadog Tags + # + # podAnnotationsAsTags: + # iam.amazonaws.com/role: kube_iamrole + # : + + ## @param tags - list of key:value elements - optional + ## List of tags to attach to every metric, event and service check collected by this Agent. ## - # dogstatsdOriginDetection: true + ## Learn more about tagging: https://docs.datadoghq.com/tagging/ + # + # tags: + # - : + # - : + ## @param useCriSocketVolume - boolean - required ## Enable container runtime socket volume mounting + # useCriSocketVolume: true + ## @param dogstatsdOriginDetection - boolean - optional + ## Enable origin detection for container tagging + ## https://docs.datadoghq.com/developers/dogstatsd/unix_socket/#using-origin-detection-for-container-tagging + # + # dogstatsdOriginDetection: true + + ## @param useDogStatsDSocketVolume - boolean - optional ## Enable dogstatsd over Unix Domain Socket ## ref: https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ - ## - # useDogStatsDSocketVolume: true - - ## Set host tags. - ## ref: https://github.com/DataDog/docker-dd-agent#environment-variables - ## - # tags: + # + # useDogStatsDSocketVolume: true - ## Enables event collection from the kubernetes API + ## @param nonLocalTraffic - boolean - optional - default: false + ## Enable this to make each node accept non-local statsd traffic. ## ref: https://github.com/DataDog/docker-dd-agent#environment-variables - ## - collectEvents: false + # + # nonLocalTraffic: false + + ## @param collectEvents - boolean - optional - default: false + ## Enables this to start event collection from the kubernetes API + ## ref: https://docs.datadoghq.com/agent/kubernetes/event_collection/ + # + # collectEvents: false + + ## @param leaderElection - boolean - optional - default: false + ## Enables leader election mechanism for event collection. + # + # leaderElection: false + + ## @param leaderLeaseDuration - integer - optional - default: 60 + ## Set the lease time for leader election in second. + # + # leaderLeaseDuration: 60 + + ## @param logsEnabled - boolean - optional - default: false + ## Enables this to activate Datadog Agent log collection. + ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup + # + # logsEnabled: false - ## Enables log collection + ## @param logsConfigContainerCollectAll - boolean - optional - default: false + ## Enable this to allow log collection for all containers. ## ref: https://docs.datadoghq.com/agent/basic_agent_usage/kubernetes/#log-collection-setup - ## - # logsEnabled: false - # logsConfigContainerCollectAll: false + # + # logsConfigContainerCollectAll: false - ## Un-comment this to enable APM and tracing, on port 8126 + ## @param apmEnabled - boolean - optional - default: false + ## Enable this to enable APM and tracing, on port 8126 ## ref: https://github.com/DataDog/docker-dd-agent#tracing-from-the-host - ## - # apmEnabled: true + # + # apmEnabled: false - ## Un-comment this to enable live process monitoring - ## /etc/passwd will automatically be mounted to allow username resolution + ## @param processAgentEnabled - boolean - optional - default: false + ## Enable this to activate live process monitoring. + ## Note: /etc/passwd is automatically mounted to allow username resolution. ## ref: https://docs.datadoghq.com/graphing/infrastructure/process/#kubernetes-daemonset - ## - # processAgentEnabled: true + # + # processAgentEnabled: false + ## @param env - list of object - optional ## The dd-agent supports many environment variables ## ref: https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#environment-variables - ## - # env: - # - name: - # value: - - ## If needed, you can specify additionnal volumes to mount in the dd-agent container - # volumes: - # - hostPath: - # path: /host/path - # name: myvolume - # volumeMounts: - # - name: myvolume - # mountPath: /container/path - # readOnly: true - - ## Enable leader election mechanism for event collection - ## - # leaderElection: false - - ## Set the lease time for leader election - ## - # leaderLeaseDuration: 600 - + # + # env: + # - name: + # value: + + ## @param volumes - list of objects - optional + ## Specify additional volumes to mount in the dd-agent container + # + # volumes: + # - hostPath: + # path: + # name: + + ## @param volumeMounts - list of objects - optional + ## Specify additional volumes to mount in the dd-agent container + # + # volumeMounts: + # - name: + # mountPath: + # readOnly: true + + ## @param confd - list of objects - optional ## Provide additional check configurations (static and Autodiscovery) - ## Each key will become a file in /conf.d + ## Each key becomes a file in /conf.d ## ref: https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#optional-volumes ## ref: https://docs.datadoghq.com/agent/autodiscovery/ - ## - # confd: - # redisdb.yaml: |- - # init_config: - # instances: - # - host: "name" - # port: "6379" - # kubernetes_state.yaml: |- - # ad_identifiers: - # - kube-state-metrics - # init_config: - # instances: - # - kube_state_url: http://%%host%%:8080/metrics - + # + # confd: + # redisdb.yaml: |- + # init_config: + # instances: + # - host: "name" + # port: "6379" + # kubernetes_state.yaml: |- + # ad_identifiers: + # - kube-state-metrics + # init_config: + # instances: + # - kube_state_url: http://%%host%%:8080/metrics + + ## @param checksd - list of key:value strings - optional ## Provide additional custom checks as python code - ## Each key will become a file in /checks.d + ## Each key becomes a file in /checks.d ## ref: https://github.com/DataDog/datadog-agent/tree/master/Dockerfiles/agent#optional-volumes - ## - # checksd: - # service.py: |- + # + # checksd: + # service.py: |- + ## @param criSocketPath - string - optional ## Path to the container runtime socket (if different from Docker) ## This is supported starting from agent 6.6.0 - # criSocketPath: /var/run/containerd/containerd.sock - - ## Provide a mapping of Kubernetes Labels to Datadog Tags - # podLabelsAsTags: - # app: kube_app - # release: helm_release - - ## Provide a mapping of Kubernetes Annotations to Datadog Tags - # podAnnotationsAsTags: - # iam.amazonaws.com/role: kube_iamrole + # + # criSocketPath: /var/run/containerd/containerd.sock + ## @param livenessProbe - object - optional ## Override the agent's liveness probe logic from the default: ## In case of issues with the probe, you can disable it with the ## following values, to allow easier investigating: - # livenessProbe: - # exec: - # command: ["/bin/true"] + # + # livenessProbe: + # exec: + # command: ["/bin/true"] + ## @param resources - object -required ## datadog-agent resource requests and limits ## Make sure to keep requests and limits equal to keep the pods in the Guaranteed QoS class ## Ref: http://kubernetes.io/docs/user-guide/compute-resources/ - ## + # + resources: + requests: + cpu: 200m + memory: 256Mi + limits: + cpu: 200m + memory: 256Mi + +## @param clusterAgent - object - required +## This is the Datadog Cluster Agent implementation that handles cluster-wide +## metrics more cleanly, separates concerns for better rbac, and implements +## the external metrics API so you can autoscale HPAs based on datadog metrics +## ref: https://docs.datadoghq.com/agent/kubernetes/cluster/ +# +clusterAgent: + + ## @param enabled - boolean - required + ## Set this to true to enable Datadog Cluster Agent + # + enabled: false + + containerName: cluster-agent + image: + repository: datadog/cluster-agent + tag: 1.1.0 + pullPolicy: IfNotPresent + + ## @param token - string - required + ## This needs to be at least 32 characters a-zA-z + ## It is a preshared key between the node agents and the cluster agent + ## ref: + # + token: "" + replicas: 1 + + ## @param metricsProvider - object - required + ## Enable the metricsProvider to be able to scale based on metrics in Datadog + # + metricsProvider: + enabled: false + + ## @param resources - object -required + ## Datadog cluster-agent resource requests and limits. + # resources: requests: cpu: 200m @@ -293,18 +302,169 @@ datadog: cpu: 200m memory: 256Mi + ## @param livenessProbe - object - optional + ## Override the agent's liveness probe logic from the default: + ## In case of issues with the probe, you can disable it with the + ## following values, to allow easier investigating: + # + # livenessProbe: + # exec: + # command: ["/bin/true"] + + ## @param readinessProbe - object - optional + ## Override the cluster-agent's readiness probe logic from the default: + # + # readinessProbe: + rbac: + + ## @param created - boolean - required ## If true, create & use RBAC resources + # create: true + ## @param serviceAccountName - string - required ## Ignored if rbac.create is true + # serviceAccountName: default tolerations: [] +kubeStateMetrics: + + ## @param enabled - boolean - required + ## If true, deploys the kube-state-metrics deployment. + ## ref: https://github.com/kubernetes/charts/tree/master/stable/kube-state-metrics + # + enabled: true + kube-state-metrics: rbac: + + ## @param created - boolean - required + ## If true, create & use RBAC resources + # create: true + ## @param serviceAccountName - string - required ## Ignored if rbac.create is true + # serviceAccountName: default + +daemonset: + + ## @param enabled - boolean - required + ## You should keep Datadog DaemonSet enabled! + ## The exceptional case could be a situation when you need to run + ## single DataDog pod per every namespace, but you do not need to + ## re-create a DaemonSet for every non-default namespace install. + ## Note: StatsD and DogStatsD work over UDP, so you may not + ## get guaranteed delivery of the metrics in Datadog-per-namespace setup! + # + enabled: true + + ## @param useHostNetwork - boolean - optional + ## Bind ports on the hostNetwork. Useful for CNI networking where hostPort might + ## not be supported. The ports need to be available on all hosts. It Can be + ## used for custom metrics instead of a service endpoint. + ## + ## WARNING: Make sure that hosts using this are properly firewalled otherwise + ## metrics and traces are accepted from any host able to connect to this host. + # + # useHostNetwork: true + + ## @param useHostPort - boolean - optional + ## Sets the hostPort to the same value of the container port. Needs to be used + ## to receive traces in a standard APM set up. Can be used as for sending custom metrics. + ## The ports need to be available on all hosts. + ## + ## WARNING: Make sure that hosts using this are properly firewalled otherwise + ## metrics and traces are accepted from any host able to connect to this host. + # + # useHostPort: true + + ## @param useHostPID - boolean - optional + ## Run the agent in the host's PID namespace. This is required for Dogstatsd origin + ## detection to work. See https://docs.datadoghq.com/developers/dogstatsd/unix_socket/ + # + # useHostPID: true + + ## @param podAnnotations - list of key:value strings - optional + ## Annotations to add to the DaemonSet's Pods + # + # podAnnotations: + # : '[{"key": "", "value": ""}]' + + ## @param tolerations - array - optional + ## Allow the DaemonSet to schedule on tainted nodes (requires Kubernetes >= 1.6) + # + # tolerations: [] + + ## @param nodeSelector - object - optional + ## Allow the DaemonSet to schedule on selected nodes + ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ + # + # nodeSelector: {} + + ## @param affinity - object - optional + ## Allow the DaemonSet to schedule ussing affinity rules + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + # + # affinity: {} + + ## @param updateStrategy - string - optional + ## Allow the DaemonSet to perform a rolling update on helm update + ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ + # + # updateStrategy: RollingUpdate + + ## @param priorityClassName - string - optional + ## Sets PriorityClassName if defined. + # + # priorityClassName: + +deployment: + ## @param enabled - boolean - required + ## Apart from DaemonSet, deploy Datadog agent pods and related service for + ## applications that want to send custom metrics. Provides DogStasD service. + # + enabled: false + + ## @param replicas - integer - required + ## If you want to use datadog.collectEvents, keep deployment.replicas set to 1. + # + replicas: 1 + + ## @param affinity - object - required + ## Affinity for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity + # + affinity: {} + + ## @param tolerations - array - required + ## Tolerations for pod assignment + ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ + # + tolerations: [] + + ## @param dogstatsdNodePort - integer - optional + ## If you're using a NodePort-type service and need a fixed port, set this parameter. + # + # dogstatsdNodePort: 8125 + + ## @param traceNodePort - integer - optional + ## If you're using a NodePort-type service and need a fixed port, set this parameter. + # + # traceNodePort: 8126 + + ## @param service - object - required + ## + # + service: + type: ClusterIP + annotations: {} + + ## @param priorityClassName - string - optional + ## Sets PriorityClassName if defined. + # + # priorityClassName: From d7d51797bdf3638a9957bf7505045a797c40e5fb Mon Sep 17 00:00:00 2001 From: Abdulaziz AlMalki Date: Mon, 25 Feb 2019 16:54:45 +0300 Subject: [PATCH 0289/1586] [stable/jenkins] Fix slave jnlp port always being reset when container is restarted (#11685) * fix slave jnlp port always being reset when container is restarted Signed-off-by: Abdulaziz AlMalki * bump chart version Signed-off-by: Abdulaziz AlMalki --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/templates/jenkins-master-deployment.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index 7574fe3eda8d..ddea11fee1fa 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.32.9 +version: 0.32.10 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/templates/jenkins-master-deployment.yaml b/stable/jenkins/templates/jenkins-master-deployment.yaml index 79e59afe14ac..6ec247bc0e5d 100644 --- a/stable/jenkins/templates/jenkins-master-deployment.yaml +++ b/stable/jenkins/templates/jenkins-master-deployment.yaml @@ -145,6 +145,8 @@ spec: value: {{ default "" .Values.Master.JavaOpts | quote }} - name: JENKINS_OPTS value: "{{ if .Values.Master.JenkinsUriPrefix }}--prefix={{ .Values.Master.JenkinsUriPrefix }} {{ end }}{{ default "" .Values.Master.JenkinsOpts}}" + - name: JENKINS_SLAVE_AGENT_PORT + value: "{{ .Values.Master.SlaveListenerPort }}" {{- if .Values.Master.UseSecurity }} - name: ADMIN_PASSWORD valueFrom: From 9f10c2d71dd18c1526753c9998e13608df91d612 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arthur=20Cl=C3=A9ment?= Date: Mon, 25 Feb 2019 16:08:06 +0100 Subject: [PATCH 0290/1586] [stable/airflow] fix expired documentation link in values.yml (#11700) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Arthur Clément --- stable/airflow/Chart.yaml | 2 +- stable/airflow/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index 8403962027ba..b769e17fb116 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,6 +1,6 @@ description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 2.0.0 +version: 2.0.1 appVersion: 1.10.0 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/values.yaml b/stable/airflow/values.yaml index 1c53c82b8353..cac81f3ca085 100644 --- a/stable/airflow/values.yaml +++ b/stable/airflow/values.yaml @@ -110,7 +110,7 @@ airflow: ## Custom airflow configuration environment variables ## Use this to override any airflow setting settings defining environment variables in the ## following form: AIRFLOW__
__. - ## See the Airflow documentation: http://airflow.readthedocs.io/en/latest/configuration.html?highlight=__CORE__#setting-configuration-options) + ## See the Airflow documentation: https://airflow.readthedocs.io/en/stable/howto/set-config.html?highlight=setting-configuration ## Example: ## config: ## AIRFLOW__CORE__EXPOSE_CONFIG: "True" From 0b89e10942960017a708835e9de6e40b3d9a7525 Mon Sep 17 00:00:00 2001 From: Pedro <5179251+pedrohdz@users.noreply.github.com> Date: Mon, 25 Feb 2019 17:12:27 +0100 Subject: [PATCH 0291/1586] [stable/jenkins] Add hostAliases (#11701) Signed-off-by: Pedro Hernandez --- stable/jenkins/Chart.yaml | 2 +- stable/jenkins/README.md | 1 + .../jenkins/templates/jenkins-master-deployment.yaml | 4 ++++ stable/jenkins/values.yaml | 10 ++++++++++ 4 files changed, 16 insertions(+), 1 deletion(-) diff --git a/stable/jenkins/Chart.yaml b/stable/jenkins/Chart.yaml index ddea11fee1fa..9efc0ce99102 100755 --- a/stable/jenkins/Chart.yaml +++ b/stable/jenkins/Chart.yaml @@ -1,6 +1,6 @@ name: jenkins home: https://jenkins.io/ -version: 0.32.10 +version: 0.33.0 appVersion: lts description: Open source continuous integration server. It supports multiple SCM tools including CVS, Subversion and Git. It can execute Apache Ant and Apache Maven-based diff --git a/stable/jenkins/README.md b/stable/jenkins/README.md index d0111d32782d..2442821d52d0 100644 --- a/stable/jenkins/README.md +++ b/stable/jenkins/README.md @@ -52,6 +52,7 @@ The following tables list the configurable parameters of the Jenkins chart and t | `Master.UsePodSecurityContext` | Enable pod security context (must be `true` if `RunAsUser` or `FsGroup` are set) | `true` | | `Master.RunAsUser` | uid that jenkins runs with | `0` | | `Master.FsGroup` | uid that will be used for persistent volume | `0` | +| `Master.HostAliases` | Aliases for IPs in `/etc/hosts` | `[]` | | `Master.ServiceAnnotations` | Service annotations | `{}` | | `Master.ServiceType` | k8s service type | `LoadBalancer` | | `Master.ServicePort` | k8s service port | `8080` | diff --git a/stable/jenkins/templates/jenkins-master-deployment.yaml b/stable/jenkins/templates/jenkins-master-deployment.yaml index 6ec247bc0e5d..779662baf646 100644 --- a/stable/jenkins/templates/jenkins-master-deployment.yaml +++ b/stable/jenkins/templates/jenkins-master-deployment.yaml @@ -65,6 +65,10 @@ spec: hostNetwork: true dnsPolicy: ClusterFirstWithHostNet {{- end }} + {{- if .Values.Master.HostAliases }} + hostAliases: + {{- toYaml .Values.Master.HostAliases | nindent 8 }} + {{- end }} initContainers: - name: "copy-default-config" image: "{{ .Values.Master.Image }}:{{ .Values.Master.ImageTag }}" diff --git a/stable/jenkins/values.yaml b/stable/jenkins/values.yaml index 6bcf59398864..d3f42f350ea8 100644 --- a/stable/jenkins/values.yaml +++ b/stable/jenkins/values.yaml @@ -258,6 +258,16 @@ Master: # - jenkins.cluster.local AdditionalConfig: {} + # Master.HostAliases allows for adding entries to Pod /etc/hosts: + # https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/ + HostAliases: [] + # - ip: 192.168.50.50 + # hostnames: + # - something.local + # - ip: 10.0.50.50 + # hostnames: + # - other.local + Agent: Enabled: true Image: jenkins/jnlp-slave From c33552500dea80273f48e936e7afd936e168b64d Mon Sep 17 00:00:00 2001 From: Steven Sheehy Date: Mon, 25 Feb 2019 11:14:55 -0600 Subject: [PATCH 0292/1586] [stable/grafana] Bump to 6.0.0 (#11705) Signed-off-by: Steven Sheehy --- stable/grafana/Chart.yaml | 4 ++-- stable/grafana/README.md | 5 ++--- stable/grafana/values.yaml | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index 63c252856009..5aca5f803152 100755 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: grafana -version: 2.1.2 -appVersion: 5.4.3 +version: 2.2.0 +appVersion: 6.0.0 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. home: https://grafana.net diff --git a/stable/grafana/README.md b/stable/grafana/README.md index 682df76c3894..29c89ec54dbd 100644 --- a/stable/grafana/README.md +++ b/stable/grafana/README.md @@ -38,7 +38,7 @@ The command removes all the Kubernetes components associated with the chart and | `securityContext` | Deployment securityContext | `{"runAsUser": 472, "fsGroup": 472}` | | `priorityClassName` | Name of Priority Class to assign pods | `nil` | | `image.repository` | Image repository | `grafana/grafana` | -| `image.tag` | Image tag. (`Must be >= 5.0.0`) | `5.4.3` | +| `image.tag` | Image tag. (`Must be >= 5.0.0`) | `6.0.0` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `service.type` | Kubernetes service type | `ClusterIP` | | `service.port` | Kubernetes port where service is exposed | `80` | @@ -54,8 +54,7 @@ The command removes all the Kubernetes components associated with the chart and | `nodeSelector` | Node labels for pod assignment | `{}` | | `tolerations` | Toleration labels for pod assignment | `[]` | | `affinity` | Affinity settings for pod assignment | `{}` | -| `extraContainers` | Sidecar containers to add to the grafana pod | `{}` - | +| `extraContainers` | Sidecar containers to add to the grafana pod | `{}` | | `persistence.enabled` | Use persistent volume to store data | `false` | | `persistence.initChownData` | Change ownership of persistent volume on initialization | `true` | | `persistence.size` | Size of persistent volume claim | `10Gi` | diff --git a/stable/grafana/values.yaml b/stable/grafana/values.yaml index bda6fb8aec03..469ede08abb4 100644 --- a/stable/grafana/values.yaml +++ b/stable/grafana/values.yaml @@ -26,7 +26,7 @@ livenessProbe: image: repository: grafana/grafana - tag: 5.4.3 + tag: 6.0.0 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 57dea96a3ecf099f082e9321c7784bc9fe91059e Mon Sep 17 00:00:00 2001 From: Salvatore Mazzarino Date: Mon, 25 Feb 2019 19:01:52 +0100 Subject: [PATCH 0293/1586] [kuberhealthy] Fix ServiceMonitor selector (#11639) * Fixed ServiceMonitor label Signed-off-by: Salvatore Mazzarino * Bump version Signed-off-by: Salvatore Mazzarino --- stable/kuberhealthy/Chart.yaml | 2 +- stable/kuberhealthy/templates/servicemonitor.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/kuberhealthy/Chart.yaml b/stable/kuberhealthy/Chart.yaml index 8fccf6f85898..bca5958046e6 100644 --- a/stable/kuberhealthy/Chart.yaml +++ b/stable/kuberhealthy/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "1.0.0" home: https://comcast.github.io/kuberhealthy/ description: The official Helm chart for Kuberhealthy. name: kuberhealthy -version: 1.1.0 +version: 1.1.1 maintainers: - name: integrii email: eric.greer@comcast.com diff --git a/stable/kuberhealthy/templates/servicemonitor.yaml b/stable/kuberhealthy/templates/servicemonitor.yaml index 219169314b47..a7a7d3f62d66 100644 --- a/stable/kuberhealthy/templates/servicemonitor.yaml +++ b/stable/kuberhealthy/templates/servicemonitor.yaml @@ -15,7 +15,7 @@ spec: selector: matchLabels: app: {{ .Chart.Name }} - chart: {{ .Chart.Name }} + release: {{ .Release.Name }} namespaceSelector: matchNames: - {{ .Release.Namespace }} From 6d79ab03f2679961c38f5025f236e467bf9ed326 Mon Sep 17 00:00:00 2001 From: Maha Gamal Date: Mon, 25 Feb 2019 20:48:09 +0200 Subject: [PATCH 0294/1586] [stable/prometheus-operator] Added target port (#11675) - Updated README - Updated chart version - Updated values.yaml - Added tagetport in prometheus service component templates Signed-off-by: Maha --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 1 + stable/prometheus-operator/ci/test-values.yaml | 4 ++++ .../prometheus-operator/templates/prometheus/service.yaml | 2 +- stable/prometheus-operator/values.yaml | 6 +++++- 5 files changed, 12 insertions(+), 3 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 047bedc4b8f8..e27f3d6e0c18 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 4.0.0 +version: 4.1.0 appVersion: 0.29.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index 5bea1dee3159..9ada427642fd 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -156,6 +156,7 @@ The following tables lists the configurable parameters of the prometheus-operato | `prometheus.ingress.tls` | Prometheus Ingress TLS configuration (YAML) | `[]` | | `prometheus.service.type` | Prometheus Service type | `ClusterIP` | | `prometheus.service.clusterIP` | Prometheus service clusterIP IP | `""` | +| `prometheus.service.targetPort` | Prometheus Service internal port | `9090` | | `prometheus.service.nodePort` | Prometheus Service port for NodePort service type | `39090` | | `prometheus.service.annotations` | Prometheus Service Annotations | `{}` | | `prometheus.service.labels` | Prometheus Service Labels | `{}` | diff --git a/stable/prometheus-operator/ci/test-values.yaml b/stable/prometheus-operator/ci/test-values.yaml index 56b93992e7e8..ac80d34a3628 100644 --- a/stable/prometheus-operator/ci/test-values.yaml +++ b/stable/prometheus-operator/ci/test-values.yaml @@ -707,6 +707,10 @@ prometheus: labels: {} clusterIP: "" + + ## To be used with a proxy extraContainer port + targetPort: 9090 + ## List of IP addresses at which the Prometheus server service is available ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ## diff --git a/stable/prometheus-operator/templates/prometheus/service.yaml b/stable/prometheus-operator/templates/prometheus/service.yaml index a06a288697f4..fc94f953ba78 100644 --- a/stable/prometheus-operator/templates/prometheus/service.yaml +++ b/stable/prometheus-operator/templates/prometheus/service.yaml @@ -33,7 +33,7 @@ spec: nodePort: {{ .Values.prometheus.service.nodePort }} {{- end }} port: 9090 - targetPort: web + targetPort: {{ .Values.prometheus.service.targetPort }} selector: app: prometheus prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index 804a4e87d52e..54ecec4b3522 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -707,6 +707,10 @@ prometheus: labels: {} clusterIP: "" + + ## To be used with a proxy extraContainer port + targetPort: 9090 + ## List of IP addresses at which the Prometheus server service is available ## Ref: https://kubernetes.io/docs/user-guide/services/#external-ips ## @@ -1047,7 +1051,7 @@ prometheus: thanos: {} ## Containers allows injecting additional containers. This is meant to allow adding an authentication proxy to a Prometheus pod. - ## + ## if using proxy extraContainer update targetPort with proxy container port containers: [] ## Enable additional scrape configs that are managed externally to this chart. Note that the prometheus From 4b1ed3e14740cbad09a67702e581f51e712b232c Mon Sep 17 00:00:00 2001 From: Jake Martin Date: Mon, 25 Feb 2019 11:27:41 -0800 Subject: [PATCH 0295/1586] 1.0.1 release for kuberhealthy bug fixes (#11709) * Cutting version 1.0.0 release for kuberhealthy Signed-off-by: Jake Martin * Revving to 1.0.1 Signed-off-by: Jake Martin * Updating to actually match the quay tags we are using moving forward Signed-off-by: Jake Martin --- stable/kuberhealthy/Chart.yaml | 4 ++-- stable/kuberhealthy/README.md | 2 +- stable/kuberhealthy/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/kuberhealthy/Chart.yaml b/stable/kuberhealthy/Chart.yaml index bca5958046e6..b16db4893bfb 100644 --- a/stable/kuberhealthy/Chart.yaml +++ b/stable/kuberhealthy/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v1 -appVersion: "1.0.0" +appVersion: "v1.0.1" home: https://comcast.github.io/kuberhealthy/ description: The official Helm chart for Kuberhealthy. name: kuberhealthy -version: 1.1.1 +version: 1.1.2 maintainers: - name: integrii email: eric.greer@comcast.com diff --git a/stable/kuberhealthy/README.md b/stable/kuberhealthy/README.md index 93ea6999f8bd..b1b20078035d 100644 --- a/stable/kuberhealthy/README.md +++ b/stable/kuberhealthy/README.md @@ -37,7 +37,7 @@ app: name: "kuberhealthy" # what to name the kuberhealthy deployment image: repository: quay.io/comcast/kuberhealthy - tag: 1.0.0 + tag: v1.0.1 resources: requests: cpu: 100m diff --git a/stable/kuberhealthy/values.yaml b/stable/kuberhealthy/values.yaml index 6236f76a870c..4cba092154e0 100644 --- a/stable/kuberhealthy/values.yaml +++ b/stable/kuberhealthy/values.yaml @@ -11,7 +11,7 @@ prometheus: image: repository: quay.io/comcast/kuberhealthy - tag: 1.0.0 + tag: v1.0.1 resources: requests: From bfd68b131a47682f1c69f61fb9b3ec9ee64d5fe8 Mon Sep 17 00:00:00 2001 From: "Ciro S. Costa" Date: Mon, 25 Feb 2019 14:37:16 -0500 Subject: [PATCH 0296/1586] [stable/concourse] Make values.yaml more consistent; uncomments fields (#11296) The `values.yaml` for `stable/concourse` didn't look much consistent, having some values with totally different commenting formats compared to others. This commit also improves the documentation around some of those values that are not very easy to infer what they're all about. By making the values uncommented we can leverage tools that parse yaml files to make sure we have all variables documented. He we also remove an unused debug values file and fix few values check. With the use of default values under `values.yaml` as opposed to commented fields, few values (like default `storageClass`) needed to be updated, as well as adding few checks. Also, Previously we allowed the creation of objects that wouldn't pass `kubeval`'s validation. Now `kubeval` is ok with all of our objects. Signed-off-by: Ciro S. Costa --- stable/concourse/Chart.yaml | 2 +- stable/concourse/more-config.yaml | 8 - stable/concourse/templates/NOTES.txt | 6 +- .../concourse/templates/web-deployment.yaml | 6 + stable/concourse/templates/web-svc.yaml | 2 + .../templates/worker-statefulset.yaml | 8 +- stable/concourse/values.yaml | 1091 ++++++++++++----- 7 files changed, 800 insertions(+), 323 deletions(-) delete mode 100644 stable/concourse/more-config.yaml diff --git a/stable/concourse/Chart.yaml b/stable/concourse/Chart.yaml index 634054d25381..39b2a32cedfe 100644 --- a/stable/concourse/Chart.yaml +++ b/stable/concourse/Chart.yaml @@ -1,5 +1,5 @@ name: concourse -version: 3.7.4 +version: 3.7.5 appVersion: 4.2.2 description: Concourse is a simple and scalable CI system. icon: https://avatars1.githubusercontent.com/u/7809479 diff --git a/stable/concourse/more-config.yaml b/stable/concourse/more-config.yaml deleted file mode 100644 index f08a291b220e..000000000000 --- a/stable/concourse/more-config.yaml +++ /dev/null @@ -1,8 +0,0 @@ -web: - additionalVolumes: - - name: team-authorized-keys - configMap: - name: hush-house-team-authorized-keys - additionalVolumeMounts: - - name: team-authorized-keys - mountPath: /team-authorized-keys/ diff --git a/stable/concourse/templates/NOTES.txt b/stable/concourse/templates/NOTES.txt index bec296c5decf..006ef18cf25e 100644 --- a/stable/concourse/templates/NOTES.txt +++ b/stable/concourse/templates/NOTES.txt @@ -35,19 +35,21 @@ {{- end }} * If this is your first time using Concourse, follow the tutorials at https://concourse-ci.org/tutorials.html +{{- if .Values.concourse.worker.baggageclaim.driver }} {{- if contains "naive" .Values.concourse.worker.baggageclaim.driver }} ******************* ******WARNING****** ******************* -You are using the "naive" baggage claim driver, which is also the default value for this chart. +You are using the "naive" baggage claim driver, which is also the default value for this chart. -This is the default for compatibility reasons, but is very space inefficient, and should be changed to either "btrfs" (recommended) or "overlay" depending on that filesystem's support in the Linux kernel your cluster is using. +This is the default for compatibility reasons, but is very space inefficient, and should be changed to either "btrfs" (recommended) or "overlay" depending on that filesystem's support in the Linux kernel your cluster is using. Please see https://github.com/concourse/concourse/issues/1230 and https://github.com/concourse/concourse/issues/1966 for background. {{- end }} +{{- end }} diff --git a/stable/concourse/templates/web-deployment.yaml b/stable/concourse/templates/web-deployment.yaml index 5c5440edb093..18dafea2fc90 100644 --- a/stable/concourse/templates/web-deployment.yaml +++ b/stable/concourse/templates/web-deployment.yaml @@ -14,16 +14,20 @@ spec: labels: app: {{ template "concourse.web.fullname" . }} release: "{{ .Release.Name }}" + {{- if .Values.web.annotations }} annotations: {{ toYaml .Values.web.annotations | indent 8 }} + {{- end }} spec: {{- with .Values.web.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} serviceAccountName: {{ if .Values.rbac.create }}{{ template "concourse.web.fullname" . }}{{ else }}{{ .Values.rbac.webServiceAccountName }}{{ end }} + {{- if .Values.web.tolerations }} tolerations: {{ toYaml .Values.web.tolerations | indent 8 }} + {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{- range .Values.imagePullSecrets }} @@ -932,10 +936,12 @@ spec: {{- if .Values.web.additionalVolumeMounts }} {{ toYaml .Values.web.additionalVolumeMounts | indent 12 }} {{- end }} + {{- if .Values.web.additionalAffinities }} affinity: {{- if .Values.web.additionalAffinities }} {{ toYaml .Values.web.additionalAffinities | indent 8 }} {{- end }} + {{- end }} volumes: {{- if .Values.web.additionalVolumes }} {{ toYaml .Values.web.additionalVolumes | indent 8 }} diff --git a/stable/concourse/templates/web-svc.yaml b/stable/concourse/templates/web-svc.yaml index e39a4a691f16..e8262084061e 100644 --- a/stable/concourse/templates/web-svc.yaml +++ b/stable/concourse/templates/web-svc.yaml @@ -10,6 +10,7 @@ metadata: {{- range $key, $value := .Values.web.service.labels }} {{ $key }}: {{ $value | quote }} {{- end }} + {{- if or .Values.web.service.annotations .Values.concourse.web.prometheus.enabled }} annotations: {{- range $key, $value := .Values.web.service.annotations }} {{ $key }}: {{ $value | quote }} @@ -18,6 +19,7 @@ metadata: prometheus.io/scrape: "true" prometheus.io/port: {{ .Values.concourse.web.prometheus.bindPort | quote }} {{- end }} + {{- end }} spec: type: {{ .Values.web.service.type }} {{ if .Values.web.service.loadBalancerSourceRanges }} diff --git a/stable/concourse/templates/worker-statefulset.yaml b/stable/concourse/templates/worker-statefulset.yaml index 25e839f5cf64..32022e945826 100644 --- a/stable/concourse/templates/worker-statefulset.yaml +++ b/stable/concourse/templates/worker-statefulset.yaml @@ -16,18 +16,22 @@ spec: labels: app: {{ template "concourse.worker.fullname" . }} release: "{{ .Release.Name }}" + {{- if .Values.worker.annotations }} annotations: - {{- range $key, $value := .Values.worker.annotations }} + {{- range $key, $value := .Values.worker.annotations }} {{ $key }}: {{ $value | quote }} - {{- end }} + {{- end }} + {{- end }} spec: {{- with .Values.worker.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} serviceAccountName: {{ if .Values.rbac.create }}{{ template "concourse.worker.fullname" . }}{{ else }}{{ .Values.rbac.workerServiceAccountName }}{{ end }} + {{- if .Values.worker.tolerations }} tolerations: {{ toYaml .Values.worker.tolerations | indent 8 }} + {{- end }} {{- if .Values.imagePullSecrets }} imagePullSecrets: {{- range .Values.imagePullSecrets }} diff --git a/stable/concourse/values.yaml b/stable/concourse/values.yaml index 8e0f435c3394..bf76b998b149 100644 --- a/stable/concourse/values.yaml +++ b/stable/concourse/values.yaml @@ -2,151 +2,256 @@ ## This is a YAML-formatted file. ## Declare variables to be passed into your templates. -## Override the name of the Chart. +## Provide a name in place of `concourse` for `app:` labels ## -# nameOverride: +nameOverride: -## Concourse image. +## Provide a name to substitute for the full names of resources +## +fullnameOverride: + +## Concourse image to use in both Web and Worker containers. ## image: concourse/concourse -## Concourse image version. -## ref: https://hub.docker.com/r/concourse/concourse/tags/ +## Concourse image tag. +## ps.: release candidates are published under `concourse/concourse-rc` instead +## of `concourse/concourse`. +## Ref: https://hub.docker.com/r/concourse/concourse/tags/ ## imageTag: "4.2.2" ## Specific image digest to use in place of a tag. -## ref: https://kubernetes.io/docs/concepts/configuration/overview/#container-images +## Ref: https://kubernetes.io/docs/concepts/configuration/overview/#container-images ## -# imageDigest: sha256:54ea351808b55ecc14af6590732932e2a6a0ed8f6d10f45e8be3b51165d5526a +imageDigest: -## Specify a imagePullPolicy: 'Always' if imageTag is 'latest', else set to 'IfNotPresent'. -## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images +## Specify a imagePullPolicy regarding the fetching of container images. +## Ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images ## imagePullPolicy: IfNotPresent -## Optionally specify an array of imagePullSecrets. -## Secrets must be manually created in the namespace. -## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## Array of imagePullSecrets to allow pulling the Concourse image from private registries. +## ps.: secrets must be manually created in the namespace. +## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ +## +## Example: +## +## imagePullSecrets: +## - myRegistryKeySecretName ## -# imagePullSecrets: -# - myRegistrKeySecretName +imagePullSecrets: -## Configuration values for Concourse. -## ref: https://concourse-ci.org/setting-up.html + +## Configuration values for the Concourse application (worker and web components). +## The values specified here are almost direct references to the flags under the +## `concourse web` and `concourse worker` commands. ## concourse: + ## Configurations for the `web` component based on the possible flags configurable + ## through the `concourse web` command. + ## web: - ## Minimum level of logs to see. - # logLevel: info - ## IP address on which to listen for web traffic. - # bindIp: 0.0.0.0 - ## Port on which to listen for HTTP traffic. + + ## Minimum level of logs to see. Possible options: debug, info, error. + ## + logLevel: + + ## IP address on which to listen for HTTP traffic (web UI and API). + ## + bindIp: + + ## Port on which to listen for HTTP traffic (web UI and API). + ## bindPort: 8080 - ## TLS configurations for the web component to be able to serve HTTPS traffic. - ## Once enabled, consumes the certificates set via secrets. - # + + ## TLS configuration for the web component to be able to serve HTTPS traffic. + ## Once enabled, consumes the certificates set via secrets (`web-tls-cert` and + ## `web-tls-key`). + ## tls: + + ## Enable serving HTTPS traffic directly through the web component. + ## enabled: false + ## Port on which to listen for HTTPS traffic. - # bindPort: + ## + bindPort: 443 + ## URL used to reach any ATC from the outside world. - # externalUrl: http://127.0.0.1:8080 + ## This is *very* important for a proper authentication workflow as + ## browser redirects are based on the value set here. + ## + ## Example: http://ci.concourse-ci.org + ## + externalUrl: + ## URL used to reach this ATC from other ATCs in the cluster. - # peerUrl: http://127.0.0.1:8080 - ## Enable encryption of pipeline configuration. Encryption keys can be set via secrets. - ## See https://concourse-ci.org/encryption.html + ## By default, this corresponds to `$(POD_IP):$(CONCOURSE_BIND_PORT)`. + ## + ## Example: http://127.0.0.1:8080 ## + peerUrl: + encryption: + ## Enable encryption of pipeline configuration. Encryption keys can be set via secrets + ## (`encryption-key` and `old-encryption-key` fields). + ## Ref: https://concourse-ci.org/encryption.html + ## enabled: false + localAuth: + ## Enable the use of local authentication (basic auth). + ## Once enabled, users configured through `local-users` (secret) + ## are able to authenticate. + ## + ## Local users can be individually added to the `main` team by setting + ## `concourse.web.auth.mainTeam.localUser` with a comma-separated list + ## of ids. + ## + ## Ref: https://concourse-ci.org/install.html#local-auth-config + ## enabled: true + ## IP address on which to listen for the pprof debugger endpoints. - # debugBindIp: 127.0.0.1 + ## + debugBindIp: + ## Port on which to listen for the pprof debugger endpoints. - # debugBindPort: 8079 + ## + debugBindPort: + ## Length of time for a intercepted session to be idle before terminating. - # interceptIdleTimeout: 0m + ## + interceptIdleTimeout: + ## Time limit on checking for new versions of resources. - # globalResourceCheckTimeout: 1h + ## + globalResourceCheckTimeout: + ## Interval on which to check for new versions of resources. - # resourceCheckingInterval: 1m + ## + resourceCheckingInterval: + ## Interval on which to check for new versions of resource types. - # resourceTypeCheckingInterval: 1m + ## + resourceTypeCheckingInterval: + ## Method by which a worker is selected during container placement. - # containerPlacementStrategy: volume-locality + ## Possible values: volume-locality | random + containerPlacementStrategy: + ## How long to wait for Baggageclaim to send the response header. - # baggageclaimResponseHeaderTimeout: 1m + ## + baggageclaimResponseHeaderTimeout: + ## Directory containing downloadable CLI binaries. - # cliArtifactsDir: + ## By default, Concourse will try to find the assets + ## path relative to the executable. + ## + cliArtifactsDir: + ## Log database queries. - # logDbQueries: + ## + logDbQueries: false + ## Interval on which to run build tracking. - # buildTrackerInterval: 10s - ## Default build logs to retain, 0 means all - # defaultBuildLogsToRetain: - ## Maximum build logs to retain, 0 means not specified. Will override values configured in jobs - # maxBuildLogsToRetain: - ## Default max number of cpu shares per task, 0 means unlimited - # defaultTaskCpuLimit: - ## Default maximum memory per task, 0 means unlimited - # defaultTaskMemoryLimit: + ## + buildTrackerInterval: + + ## Default number of build logs to retain. 0 means all. + ## + defaultBuildLogsToRetain: + + ## Maximum build logs to retain, 0 means not specified. Will override values configured in jobs. + ## + maxBuildLogsToRetain: + + ## Default max number of cpu shares per task, 0 means unlimited. + ## + defaultTaskCpuLimit: + + ## Default maximum memory per task, 0 means unlimited. + ## + defaultTaskMemoryLimit: + + ## Configurations regarding how the web component is able to connect to a postgres + ## instance. + ## postgres: ## The host to connect to. - host: 127.0.0.1 + ## + host: + ## The port to connect to. - port: 5432 + ## + port: + ## Path to a UNIX domain socket to connect to. - # socket: + ## + socket: + ## Whether or not to use SSL. - sslmode: disable + ## + sslmode: + ## Dialing timeout. (0 means wait indefinitely) - connectTimeout: 5m + ## + connectTimeout: + ## The name of the database to use. - database: atc + ## + database: - kubernetes: - ## Enable the use of in-cluster Kubernetes Secrets. + kubernetes: + ## Enable the use of Kubernetes Secrets as the credential provider for + ## concourse pipelines. ## enabled: true - ## Prefix to use for Kubernetes namespaces under which secrets will be looked up. Defaults to - ## the Release name hyphen, e.g. "my-release-" produces namespace "my-release-main" for the - ## "main" Concourse team. + ## Prefix to use for Kubernetes namespaces under which secrets will be looked up. + ## Defaults to the Release name hyphen, e.g. "my-release-" produces namespace "my-release-main" + ## for the "main" Concourse team. ## - ## namespacePrefix: + namespacePrefix: ## Teams to create namespaces for to hold secrets. + ## This property only has effect if `createTeamNamespaces` is set to `true`. + ## teams: - main - ## Create the Kubernetes namespace for each team listed above. + ## Create the Kubernetes namespace for each team listed under `concourse.web.kubernetes.teams`. + ## createTeamNamespaces: true ## When true, namespaces are not deleted when the release is deleted. ## Irrelevant if the namespaces are not created by this chart. + ## keepNamespaces: true ## Path to Kubernetes config when running ATC outside Kubernetes. - # configPath: + ## + configPath: awsSecretsManager: - ## Enable the use of AWS Secrets Manager. + ## Enable the use of AWS Secrets Manager for credential management. ## enabled: false ## AWS region to use when reading from Secrets Manager ## - # region: + region: ## pipeline-specific template for Secrets Manager parameters, defaults to: /concourse/{team}/{pipeline}/{secret} ## - # pipelineSecretTemplate: + pipelineSecretTemplate: ## team-specific template for Secrets Manager parameters, defaults to: /concourse/{team}/{secret} ## - # teamSecretTemplate: '' + teamSecretTemplate: awsSsm: ## Enable the use of AWS SSM. @@ -155,351 +260,657 @@ concourse: ## AWS region to use when reading from SSM ## - # region: + region: ## pipeline-specific template for SSM parameters, defaults to: /concourse/{team}/{pipeline}/{secret} ## - # pipelineSecretTemplate: + pipelineSecretTemplate: ## team-specific template for SSM parameters, defaults to: /concourse/{team}/{secret} ## - # teamSecretTemplate: '' + teamSecretTemplate: + ## Configuring for using Vault as a credential manager. + ## Ref: https://concourse-ci.org/creds.html#vault + ## vault: + ## Enable the use of Vault as a credential manager. + ## enabled: false ## URL pointing to vault addr (i.e. http://vault:8200). ## - # url: + url: - ## vault path under which to namespace credential lookup, defaults to /concourse. + ## Vault path under which to namespace credentials lookup. ## - pathPrefix: /concourse + pathPrefix: ## if the Vault server is using a self-signed certificate, set this to true, - ## and provide a value for the cert in secrets. + ## and provide a value for the cert in secrets (field `vault-ca-cert`). ## - # useCaCert: + useCaCert: false - ## vault authentication backend, leave this blank if using an initial periodic token - ## currently supported backends: token, approle, cert. + ## Vault authentication backend, leave this blank if using an initial periodic token. + ## Currently supported backends: token, approle, cert. ## - # authBackend: + authBackend: ## Cache returned secrets for their lease duration in memory - # cache: + ## + cache: false + ## If the cache is enabled, and this is set, override secrets lease duration with a maximum value - # maxLease: + ## + maxLease: + ## Path to a directory of PEMEncoded CA cert files to verify the vault server SSL cert. - # caPath: + ## + caPath: + ## If set, is used to set the SNI host when connecting via TLS. - # serverName: + ## + serverName: + ## Enable insecure SSL verification. - # insecureSkipVerify: - ## Client token for accessing secrets within the Vault server. - # clientToken: - ## Auth backend to use for logging in to Vault. - # authBackend: + ## + insecureSkipVerify: false + + ## Client token for accessing secrets within the Vault server. + ## + clientToken: + ## Time after which to force a reLogin. If not set, the token will just be continuously renewed. - # authBackendMaxTtl: + ## + authBackendMaxTtl: + ## The maximum time between retries when logging in or reAuthing a secret. - retryMax: 5m + ## + retryMax: + ## The initial time between retries when logging in or reAuthing a secret. - retryInitial: 1s + ## + retryInitial: + ## Don't actually do any automatic scheduling or checking. - # noop: + ## + noop: false + staticWorker: + ## Enables the direct registration of a worker that has its properties + ## hardcoded. + ## enabled: false + ## A Garden API endpoint to register as a worker. + ## gardenUrl: + ## A Baggageclaim API endpoint to register with the worker. + ## baggageclaimUrl: + ## A resource type to advertise for the worker. Can be specified multiple times. + ## resource: + metrics: ## Host string to attach to emitted metrics. + ## hostName: - ## A keyValue attribute to attach to emitted metrics. Can be specified multiple times. + + ## A key-value attribute to attach to emitted metrics. + ## attribute: + datadog: enabled: false + ## Use IP of node the pod is scheduled on, overrides `agentHost` + ## agentHostUseHostIP: false + ## Datadog agent host to expose dogstatsd metrics + ## agentHost: 127.0.0.1 + ## Datadog agent port to expose dogstatsd metrics + ## agentPort: 8125 + ## Prefix for all metrics to easily find them in Datadog - # prefix: concoursedev + ## + prefix: + influxdb: enabled: false + ## InfluxDB server address to emit points to. - url: http://127.0.0.1:8086 + ## Example: http://127.0.0.1:8086 + ## + url: + ## InfluxDB database to write points to. + ## database: concourse + ## InfluxDB server username. - # username: + ## + username: + ## Skip SSL verification when emitting to InfluxDB. + ## insecureSkipVerify: false - ## Emit metrics to logs. - # emitToLogs: + + ## Emit metrics to logs instead of an actual metrics system. + ## + emitToLogs: false + newrelic: enabled: false + ## New Relic Account ID - # accountId: + ## + accountId: + ## New Relic Insights API Key - # apiKey: + ## + apiKey: + ## An optional prefix for emitted New Relic events - # servicePrefix: + ## + servicePrefix: + prometheus: enabled: false + ## IP to listen on to expose Prometheus metrics. + ## bindIp: "0.0.0.0" + ## Port to listen on to expose Prometheus metrics. + ## bindPort: 9391 + riemann: enabled: false + ## Riemann server address to emit metrics to. - # host: + ## + host: + ## Port of the Riemann server to emit metrics to. + ## port: 5555 + ## An optional prefix for emitted Riemann services - # servicePrefix: + ## + servicePrefix: + ## Tag to attach to emitted metrics. Can be specified multiple times. - # tag: - ## The value to set for XFrame-Options. If omitted, the header is not set. - # xFrameOptions: + ## + tag: + + ## The value to set for X-Frame-Options. If omitted, the header is not set. + ## + xFrameOptions: + gc: + ## Enables overriding the default values that Concourse sets + ## for the parameters related to scheduling. + ## + ## **Do not change this values unless you're sure about what you're doing**. + ## overrideDefaults: false + ## Interval on which to perform garbage collection. + ## interval: 30s + ## Grace period before reaping oneOff task containers + ## oneOffGracePeriod: 5m + syslog: + ## Enables the emission of build logs to external log ingesters through + ## using the syslog protocol. + ## enabled: false + ## Client hostname with which the build logs will be sent to the syslog server. - hostName: atc-syslog-drainer + ## + hostName: + ## Remote syslog server address with port (Example: 0.0.0.0:514). - # address: + ## + address: + ## Transport protocol for syslog messages (Currently supporting tcp, udp & tls). - # transport: - ## Interval over which checking is done for new build logs to send to syslog server (duration measurement units are s/m/h; eg. 30s/30m/1h) + ## + transport: + + ## Interval over which checking is done for new build logs to send to syslog server + ## (duration measurement units are s/m/h; eg. 30s/30m/1h) drainInterval: 30s - ## if the syslog server is using a self-signed certificate, set this to true, - ## and provide a value for the cert in secrets. + + ## If the syslog server is using a self-signed certificate, set this to true, + ## and provide a value for the cert in secrets (`syslog-ca-cert`). + ## useCaCert: false + auth: ## Force sending secure flag on http cookies - # cookieSecure: + ## + cookieSecure: false + ## Length of time for which tokens are valid. Afterwards, users will have to log back in. - # duration: 24h + ## The value must be specified as Go duration values (e.g.: 30m or 24h). + duration: + mainTeam: - ## List of whitelisted local concourse users. These are the users you've added at atc startup with the addLocalUser setting. + ## List of local Concourse users to be included as members of the `main` team. + ## Make sure you have local users support enabled (`concourse.web.localAuth.enabled`) and + ## that the users were added (`local-users` secret). + ## localUser: "test" - ## Setting this flag will whitelist all logged in users in the system. ALL OF THEM. If, for example, you've configured GitHub, any user with a GitHub account will have access to your team. - # allowAllUsers: + + ## Setting this flag will whitelist all logged in users in the system. ALL OF THEM. + ## If, for example, you've configured GitHub, any user with a GitHub account will have access to your team. + ## + allowAllUsers: false + ## Authentication (Main Team) (CloudFoundry) + ## cf: ## List of whitelisted CloudFoundry users. + ## user: + ## List of whitelisted CloudFoundry orgs + ## org: + ## List of whitelisted CloudFoundry spaces + ## space: + ## (Deprecated) List of whitelisted CloudFoundry space guids + ## spaceGuid: + ## Authentication (Main Team) (GitHub) + ## github: ## List of whitelisted GitHub users + ## user: + ## List of whitelisted GitHub orgs + ## org: + ## List of whitelisted GitHub teams + ## team: + ## Authentication (Main Team) (GitLab) + ## gitlab: + ## List of whitelisted GitLab users + ## user: + ## List of whitelisted GitLab groups + ## group: + ## Authentication (Main Team) (LDAP) + ## ldap: ## List of whitelisted LDAP users + ## user: + ## List of whitelisted LDAP groups + ## group: + ## Authentication (Main Team) (OAuth2) + ## oauth: ## List of whitelisted OAuth2 users + ## user: + ## List of whitelisted OAuth2 groups + ## group: + ## Authentication (Main Team) (OIDC) + ## oidc: + ## List of whitelisted OIDC users + ## user: + ## List of whitelisted OIDC groups + ## group: + ## Authentication (CloudFoundry) + ## cf: enabled: false - ## (Required) The base API URL of your CF deployment. It will use this information to discover information about the authentication provider. - # apiUrl: https://api.run.pivotal.io + + ## (Required) The base API URL of your CF deployment. It will use this information to discover information + ## about the authentication provider. + ## + ## Example: https://api.run.pivotal.io + ## + apiUrl: + ## CA Certificate - # useCaCert: + ## + useCaCert: false + ## Skip SSL validation - # skipSslValidation: + ## + skipSslValidation: false + ## Authentication (GitHub) + ## github: enabled: false + ## Hostname of GitHub Enterprise deployment (No scheme, No trailing slash) - # host: + ## + host: + ## CA certificate of GitHub Enterprise deployment - # useCaCert: + ## + useCaCert: false + ## Authentication (GitLab) gitlab: enabled: false + ## Hostname of Gitlab Enterprise deployment (Include scheme, No trailing slash) - # host: + ## + host: + ## Authentication (LDAP) ldap: enabled: false + ## The auth provider name displayed to users on the login page - # displayName: - ## (Required) The host and optional port of the LDAP server. If port isn't supplied, it will be guessed based on the TLS configuration. 389 or 636. - # host: + ## + displayName: + + ## (Required) The host and optional port of the LDAP server. If port isn't supplied, it will be guessed + ## based on the TLS configuration. 389 or 636. + ## + host: + ## (Required) Bind DN for searching LDAP users and groups. Typically this is a readOnly user. - # bindDn: + ## + bindDn: + ## (Required) Bind Password for the user specified by 'bindDn' - # bindPw: + ## + bindPw: + ## Required if LDAP host does not use TLS. - # insecureNoSsl: + ## + insecureNoSsl: + ## Skip certificate verification - # insecureSkipVerify: + ## + insecureSkipVerify: + ## Start on insecure port, then negotiate TLS - # startTls: + ## + startTls: + ## CA certificate - # useCaCert: + ## + useCaCert: + ## BaseDN to start the search from. For example 'cn=users,dc=example,dc=com' - # userSearchBaseDn: + ## + userSearchBaseDn: + ## Optional filter to apply when searching the directory. For example '(objectClass=person)' - # userSearchFilter: - ## Attribute to match against the inputted username. This will be translated and combined with the other filter as '(=)'. - # userSearchUsername: + ## + userSearchFilter: + + ## Attribute to match against the inputted username. This will be translated and combined with the other + ## filter as '(=)'. + ## + userSearchUsername: + ## Can either be: 'sub' search the whole sub tree or 'one' - only search one level. Defaults to 'sub'. - # userSearchScope: + ## + userSearchScope: + ## A mapping of attributes on the user entry to claims. Defaults to 'uid'. - # userSearchIdAttr: + ## + userSearchIdAttr: + ## A mapping of attributes on the user entry to claims. Defaults to 'mail'. - # userSearchEmailAttr: + ## + userSearchEmailAttr: + ## A mapping of attributes on the user entry to claims. - # userSearchNameAttr: + ## + userSearchNameAttr: + ## BaseDN to start the search from. For example 'cn=groups,dc=example,dc=com' - # groupSearchBaseDn: + ## + groupSearchBaseDn: + ## Optional filter to apply when searching the directory. For example '(objectClass=posixGroup)' - # groupSearchFilter: + ## + groupSearchFilter: + ## Can either be: 'sub' search the whole sub tree or 'one' - only search one level. Defaults to 'sub'. - # groupSearchScope: + ## + groupSearchScope: + ## Adds an additional requirement to the filter that an attribute in the group match the user's attribute value. The exact filter being added is: (=) - # groupSearchUserAttr: + ## + groupSearchUserAttr: + ## Adds an additional requirement to the filter that an attribute in the group match the user's attribute value. The exact filter being added is: (=) - # groupSearchGroupAttr: + ## + groupSearchGroupAttr: + ## The attribute of the group that represents its name. - # groupSearchNameAttr: + ## + groupSearchNameAttr: + ## Authentication (OAuth2) + ## oauth: enabled: false + ## The auth provider name displayed to users on the login page - # displayName: + ## + displayName: + ## (Required) Authorization URL - # authUrl: + ## + authUrl: + ## (Required) Token URL - # tokenUrl: + ## + tokenUrl: + ## UserInfo URL - # userinfoUrl: + ## + userinfoUrl: + ## Any additional scopes that need to be requested during authorization - # scope: + ## + scope: + ## The groups key indicates which claim to use to map external groups to Concourse teams. - # groupsKey: + ## + groupsKey: + ## CA Certificate - # useCaCert: + ## + useCaCert: + ## Skip SSL validation - # skipSslValidation: + ## + skipSslValidation: + ## Authentication (OIDC) oidc: enabled: false + ## The auth provider name displayed to users on the login page - # displayName: + ## + displayName: + ## (Required) An OIDC issuer URL that will be used to discover provider configuration using the .wellKnown/openid-configuration - # issuer: + ## + issuer: + ## Any additional scopes that need to be requested during authorization - # scope: + ## + scope: + ## The groups key indicates which claim to use to map external groups to Concourse teams. - # groupsKey: + ## + groupsKey: + ## CA Certificate - # useCaCert: + ## + useCaCert: + ## Skip SSL validation - # skipSslValidation: + ## + skipSslValidation: + tsa: - ## Minimum level of logs to see. - # logLevel: info + ## Minimum level of logs to see. Possible values: debug, info, error. + ## + logLevel: + ## IP address on which to listen for SSH. - # bindIp: 0.0.0.0 + ## + bindIp: + ## Port on which to listen for SSH. + ## bindPort: 2222 + ## Port on which to listen for TSA pprof server. - # bindDebugPort: 8089 + ## + bindDebugPort: + ## IP address of this TSA, reachable by the ATCs. Used for forwarded worker addresses. - # peerIp: + ## + peerIp: + ## Path to private key to use for the SSH server. - # hostKey: + ## + hostKey: + ## Path to file containing keys to authorize, in SSH authorized_keys format (one public key per line). - # authorizedKeys: + ## + authorizedKeys: + ## Path to file containing keys to authorize, in SSH authorized_keys format (one public key per line). - # teamAuthorizedKeys: + ## + teamAuthorizedKeys: + ## ATC API endpoints to which workers will be registered. - # atcUrl: + ## + atcUrl: + ## Path to private key to use when signing tokens in reqests to the ATC during registration. - # sessionSigningKey: - ## interval on which to heartbeat workers to the ATC - # heartbeatInterval: 30s + ## + sessionSigningKey: + + ## Interval on which to heartbeat workers to the ATC. + ## + heartbeatInterval: + worker: ## The name to set for the worker during registration. If not specified, the hostname will be used. - # name: + ## + name: + ## A tag to set during registration. Can be specified multiple times. - # tag: + ## + tag: + ## The name of the team that this worker will be assigned to. - # team: + ## + team: + ## HTTP proxy endpoint to use for containers. - # http_proxy: + ## + http_proxy: + ## HTTPS proxy endpoint to use for containers. - # https_proxy: + ## + https_proxy: + ## Blacklist of addresses to skip the proxy when reaching. - # no_proxy: + ## + no_proxy: + ## If set, the worker will be immediately removed upon stalling. - # ephemeral: + ## + ephemeral: + ## Port on which to listen for beacon pprof server. - # bindDebugPort: 9099 + ## + bindDebugPort: 9099 + ## Version of the worker. This is normally baked in to the binary, so this flag is hidden. - # version: + ## + version: + ## Directory in which to place container data. + ## workDir: /concourse-work-dir + ## IP address on which to listen for the Garden server. - # bindIp: 127.0.0.1 + ## + bindIp: 127.0.0.1 + ## Port on which to listen for the Garden server. - # bindPort: 7777 + ## + bindPort: 7777 + ## IP used to reach this worker from the ATC nodes. - # peerIp: + ## + peerIp: + ## Minimum level of logs to see. - # logLevel: info + ## + logLevel: info + tsa: ## TSA host to forward the worker through. Can be specified multiple times. + ## host: 127.0.0.1:2222 + ## File containing a public key to expect from the TSA. - # publicKey: + ## + publicKey: + ## File containing the private key to use when authenticating to the TSA. - # workerPrivateKey: + ## + workerPrivateKey: + garden: ## Minimum level of logs to see. # logLevel: info @@ -627,62 +1038,86 @@ concourse: # useContainerdForProcesses: ## Enable proxy DNS server. # dnsProxyEnable: + baggageclaim: - ## Minimum level of logs to see. - # logLevel: info + ## Minimum level of logs to see. Possible values: debug, info, error + ## + logLevel: + ## IP address on which to listen for API traffic. - # bindIp: 127.0.0.1 + ## + bindIp: + ## Port on which to listen for API traffic. - # bindPort: 7788 + ## + bindPort: + ## Port on which to listen for baggageclaim pprof server. - # bindDebugPort: 8099 + ## + bindDebugPort: + ## Directory in which to place volume data. - # volumes: + ## + volumes: + ## Driver to use for managing volumes. + ## Possible values: detect, naive, btrfs, and overlay. + ## driver: naive + ## Path to btrfs binary - # btrfsBin: btrfs + ## + btrfsBin: + ## Path to mkfs.btrfs binary - # mkfsBin: mkfs.btrfs + ## + mkfsBin: + ## Path to directory in which to store overlay data - # overlaysDir: + ## + overlaysDir: + ## Interval on which to reap expired volumes. - # reapInterval: 10s + ## + reapInterval: ## Configuration values for Concourse Web components. ## web: + ## Override the components name (defaults to web). ## - # nameOverride: + nameOverride: ## Number of replicas. ## replicas: 1 - ## Configures the liveness probe used to determine - ## if the Web component is up. - ## Note.: if you're upgrading Concourse from one version - ## to another, the probe will probably fail for some time - ## before migrations are finished - in such situations, - ## either consider bumping the values set here. + ## Configures the liveness probe used to determine if the Web component is up. + ## ps.: if you're upgrading Concourse from one version to another, the probe will + ## probably fail for some time before migrations are finished - in such situations, + ## consider bumping the values set here. + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## livenessProbe: failureThreshold: 5 - httpGet: - path: /api/v1/info - port: atc initialDelaySeconds: 10 periodSeconds: 15 timeoutSeconds: 3 + httpGet: + path: /api/v1/info + port: atc ## Configures the readiness probes. + ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ + ## readinessProbe: httpGet: path: /api/v1/info port: atc ## Configure resource requests and limits. - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## resources: requests: @@ -691,13 +1126,15 @@ web: ## Configure additional environment variables for the ## web containers. - # env: + ## + env: # - name: CONCOURSE_LOG_LEVEL # value: "debug" # - name: CONCOURSE_TSA_LOG_LEVEL # value: "debug" - ## For managing where secrets should be mounted for the web agents + ## Where secrets should be mounted for the web container. + ## keySecretsPath: "/concourse-keys" authSecretsPath: "/concourse-auth" vaultSecretsPath: "/concourse-vault" @@ -707,22 +1144,25 @@ web: ## Configure additional volumes for the ## web container(s) + ## Ref: https://kubernetes.io/docs/concepts/storage/volumes/ ## - # additionalVolumes: + additionalVolumes: # - name: my-team-authorized-keys # configMap: # name: my-team-authorized-keys-config ## Configure additional volumeMounts for the ## web container(s) + ## Ref: https://kubernetes.io/docs/concepts/storage/volumes/ ## - # additionalVolumeMounts: + additionalVolumeMounts: # - name: my-team-authorized-keys # mountPath: /my-team-authorized-keys ## Additional affinities to add to the web pods. + ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity ## - # additionalAffinities: + additionalAffinities: # nodeAffinity: # preferredDuringSchedulingIgnoredDuringExecution: # - weight: 50 @@ -735,17 +1175,20 @@ web: ## Annotations for the web nodes. ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ - annotations: {} - # annotations: + ## + annotations: # key1: "value1" # key2: "value2" ## Node selector for web nodes. - nodeSelector: {} + ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ + ## + nodeSelector: ## Tolerations for the web nodes. ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] + ## + tolerations: # tolerations: # - key: "toleration=key" # operator: "Equal" @@ -753,23 +1196,26 @@ web: # effect: "NoSchedule" ## Service configuration. - ## ref: https://kubernetes.io/docs/user-guide/services/ + ## Ref: https://kubernetes.io/docs/user-guide/services/ ## service: ## For minikube, set this to ClusterIP, elsewhere use LoadBalancer or NodePort - ## ref: https://kubernetes.io/docs/user-guide/services/#publishing-services---service-types + ## Ref: https://kubernetes.io/docs/user-guide/services/#publishing-services---service-types ## type: ClusterIP - ## When using web.service.type: LoadBalancer, sets the user-specified load balancer IP - # loadBalancerIP: 172.217.1.174 + ## When using `web.service.type: LoadBalancer`, sets the user-specified load balancer IP. + ## Example: 172.217.1.174 + ## + loadBalancerIP: - # # Additional Labels to be added to the web service. - # labels: + ## Additional Labels to be added to the web service. + ## + labels: ## Annotations to be added to the web service. ## - # annotations: + annotations: # prometheus.io/probe: "true" # prometheus.io/probe_path: "/" # @@ -778,22 +1224,26 @@ web: # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http" # service.beta.kubernetes.io/aws-load-balancer-backend-port: "atc" # service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443" - # - # ## When using web.service.type: LoadBalancer, whitelist the load balancer to particular IPs - # loadBalancerSourceRanges: + + ## When using `web.service.type: LoadBalancer`, whitelist the load balancer to particular IPs + ## + loadBalancerSourceRanges: # - 192.168.1.10/32 - # When using web.service.type: NodePort, sets the nodePort for atc - # atcNodePort: 30150 - # - # When using web.service.type: NodePort, sets the nodePort for atc tls - # atcTlsNodePort: 30151 - # - # When using web.service.type: NodePort, sets the nodePort for tsa - # tsaNodePort: 30152 + ## When using `web.service.type: NodePort`, sets the nodePort for atc + ## + atcNodePort: + + ## When using `web.service.type: NodePort`, sets the nodePort for atc tls + ## + atcTlsNodePort: + + ## When using `web.service.type: NodePort`, sets the nodePort for tsa + ## + tsaNodePort: ## Ingress configuration. - ## ref: https://kubernetes.io/docs/user-guide/ingress/ + ## Ref: https://kubernetes.io/docs/user-guide/ingress/ ## ingress: ## Enable Ingress. @@ -802,44 +1252,42 @@ web: ## Annotations to be added to the web ingress. ## - # annotations: + annotations: # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: 'true' ## Hostnames. ## Must be provided if Ingress is enabled. ## - # hosts: + hosts: # - concourse.domain.com ## TLS configuration. ## Secrets must be manually created in the namespace. ## - # tls: + tls: # - secretName: concourse-web-tls # hosts: # - concourse.domain.com - # - # ## Configuration values for Concourse Worker components. ## worker: ## Override the components name (defaults to worker). ## - # nameOverride: + nameOverride: ## Number of replicas. ## replicas: 2 ## Minimum number of workers available after an eviction - ## ref: https://kubernetes.io/docs/admin/disruptions/ + ## Ref: https://kubernetes.io/docs/admin/disruptions/ ## minAvailable: 1 ## Configure resource requests and limits. - ## ref: https://kubernetes.io/docs/user-guide/compute-resources/ + ## Ref: https://kubernetes.io/docs/user-guide/compute-resources/ ## resources: requests: @@ -848,7 +1296,8 @@ worker: ## Configure additional environment variables for the ## worker container(s) - # env: + ## + env: # - name: http_proxy # value: "http://proxy.your-domain.com:3128" # - name: https_proxy @@ -862,31 +1311,33 @@ worker: # - name: CONCOURSE_GARDEN_ALLOW_HOST_ACCESS # value: "true" - ## For managing where secrets should be mounted for worker agents + ## keySecretsPath: "/concourse-keys" ## Configure additional volumeMounts for the ## worker container(s) - # additionalVolumeMounts: + ## + additionalVolumeMounts: # - name: concourse-baggageclaim # mountPath: /baggageclaim ## Annotations to be added to the worker pods. ## - # annotations: + annotations: # iam.amazonaws.com/role: arn:aws:iam::123456789012:role/concourse # ## Node selector for the worker nodes. ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector - nodeSelector: {} - # nodeSelector: {type: concourse} + ## + nodeSelector: + # type: concourse ## Additional affinities to add to the worker pods. ## Useful if you prefer to run workers on non-spot instances, for example ## - # additionalAffinities: + additionalAffinities: # nodeAffinity: # preferredDuringSchedulingIgnoredDuringExecution: # - weight: 50 @@ -898,8 +1349,9 @@ worker: # - "true" ## Configure additional volumes for the - ## worker container(s) - # additionalVolumes: + ## worker container(s). + ## + additionalVolumes: # - name: concourse-baggageclaim # hostPath: # path: /dev/nvme0n1 @@ -917,12 +1369,13 @@ worker: ## Whether the workers should be forced to run on separate nodes. ## This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature + ## hardAntiAffinity: false ## Tolerations for the worker nodes. ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ - tolerations: [] - # tolerations: + ## + tolerations: # - key: "toleration=key" # operator: "Equal" # value: "value" @@ -931,6 +1384,7 @@ worker: ## Time to allow the pod to terminate before being forcefully terminated. This should provide time for ## the worker to retire, i.e. drain its tasks. See https://concourse-ci.org/worker-internals.html for worker ## lifecycle semantics. + ## terminationGracePeriodSeconds: 60 ## If any of the strings are found in logs, the worker's livenessProbe will fail and trigger a pod restart. @@ -950,14 +1404,18 @@ worker: ## ## "OrderedReady" is default. "Parallel" means worker pods will launch or terminate ## in parallel. + ## podManagementPolicy: Parallel ## When persistance is disabled this value will be used to limit the emptyDir volume size ## Ref: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir - # emptyDirSize: 20Gi + ## + ## Example: 20Gi + ## + emptyDirSize: ## Persistent Volume Storage configuration. -## ref: https://kubernetes.io/docs/user-guide/persistent-volumes +## Ref: https://kubernetes.io/docs/user-guide/persistent-volumes ## persistence: ## Enable persistence using Persistent Volume Claims. @@ -974,7 +1432,7 @@ persistence: ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## - # storageClass: "-" + storageClass: ## Persistent Volume Access Mode. ## @@ -985,7 +1443,7 @@ persistence: size: 20Gi ## Configuration values for the postgresql dependency. -## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md +## Ref: https://github.com/helm/charts/blob/master/stable/postgresql/README.md ## postgresql: @@ -1008,33 +1466,39 @@ postgresql: postgresDatabase: concourse ## Persistent Volume Storage configuration. - ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes + ## Ref: https://kubernetes.io/docs/user-guide/persistent-volumes ## persistence: ## Enable PostgreSQL persistence using Persistent Volume Claims. ## enabled: true - ## concourse data Persistent Volume Storage Class + + ## Concourse data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning ## If undefined (the default) or set to null, no storageClassName spec is ## set, choosing the default provisioner. (gp2 on AWS, standard on ## GKE, AWS & OpenStack) ## - # storageClass: "-" + storageClass: + ## Persistent Volume Access Mode. ## accessMode: ReadWriteOnce + ## Persistent Volume Storage Size. ## size: 8Gi -## For RBAC support: +## For Kubernetes RBAC support: +## rbac: - # true here enables creation of rbac resources + ## Enable the creation of RBAC resources. + ## create: true - # rbac version + ## RBAC Version + ## apiVersion: v1beta1 ## The name of the service account to use for web pods if rbac.create is false @@ -1048,21 +1512,23 @@ rbac: ## For managing secrets using Helm ## secrets: - - ## List of username:password or username:bcrypted_password combinations for all your local concourse users. - localUsers: "test:test" ## Create the secret resource from the following values. Set this to ## false to manage these secrets outside Helm. ## create: true + ## List of `username:password` or `username:bcrypted_password` combinations for all your local concourse users. + ## + localUsers: "test:test" + ## The TLS certificate and private key for the web component to be able to terminate ## TLS connections. - # webTlsCert: - # webTlsKey: + ## + webTlsCert: + webTlsKey: ## Concourse Host Keys. - ## ref: https://concourse-ci.org/install.html#generating-keys + ## Ref: https://concourse-ci.org/install.html#generating-keys ## hostKey: |- -----BEGIN RSA PRIVATE KEY----- @@ -1097,7 +1563,7 @@ secrets: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYBQ9fG6IML+qsFaMh1Pl+81wyUwRilHdfhItAiAsLVQsOwI5+V4pn5aLhHPBuRQqIqYmbkZ7I1VUIN1+90PVJ3X7l9qqanb85AHMtLujw1j9u0zDyH2XHgpUloknUQzUSLIZjjU3Hn3Uo/XikF+vT8104isO7Ym8Xp7sIcRuvOQ3nuRsFVCRogxpLTVHD/k57rwYVqWWLaKLwvx01ZVXOq4GHk/BVaKa9ODC/dNgbZMfwvVVXuf7/NFGmSMyXb49Si4aoP4Gn7jAX6GngBbm/bgKqO0skQy/ggQm/YVF+s5q4EhleMBLVJKD1VpM5LeLDFpiu/y4bVd8wUcgK+QQ9 Concourse ## Concourse Session Signing Keys. - ## ref: https://concourse-ci.org/install.html#generating-keys + ## Ref: https://concourse-ci.org/install.html#generating-keys ## sessionSigningKey: |- -----BEGIN RSA PRIVATE KEY----- @@ -1129,7 +1595,7 @@ secrets: -----END RSA PRIVATE KEY----- ## Concourse Worker Keys. - ## ref: https://concourse-ci.org/install.html#generating-keys + ## Ref: https://concourse-ci.org/install.html#generating-keys ## workerKey: |- -----BEGIN RSA PRIVATE KEY----- @@ -1164,95 +1630,100 @@ secrets: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC496FSYFcBAKgDtMsBAJiF/6/NxlXKP5UZecyEsedYuTt1GOgJTwaA1qZ1LmHsbfLDE68oDdiM4uvxfI4wtLhz57w3u0jOUxZ2JeF7SVwEf1nVqLn4Gh/f8GUNQGSyIp1zUD5Bx9fq0PAyQ47mt7Ufi84rcf8LKl7nzAIHTcdg2BvTkQN9bUGPaq/Pb1W2bKPAQy4OzXTSIyrAJ89TH2jFeaZfyxQFGbD9jVHH/yl0oiMrDeaRYgccE5II+KY7WoLjsBry/9Qf2ERELKTK4UeIGIqWci9lab1ti+GxFPPiC3krNFjo4jShV4eUs4cNIrjwNrxVaKPXmU6o7Y3Hpayx Concourse ## Secrets for DB access - # postgresUser: - # postgresPassword: - # postgresCaCert: - # postgresClientCert: - # postgresClientKey: + ## + postgresUser: + postgresPassword: + postgresCaCert: + postgresClientCert: + postgresClientKey: ## Secrets for DB encryption ## - # encryptionKey: - # oldEncryptionKey: + encryptionKey: + oldEncryptionKey: ## Secrets for SSM AWS access - # awsSsmAccessKey: - # awsSsmSecretKey: - # awsSsmSessionToken: + ## + awsSsmAccessKey: + awsSsmSecretKey: + awsSsmSessionToken: ## Secrets for Secrets Manager AWS access - # awsSecretsmanagerAccessKey: - # awsSecretsmanagerSecretKey: - # awsSecretsmanagerSessionToken: + ## + awsSecretsmanagerAccessKey: + awsSecretsmanagerSecretKey: + awsSecretsmanagerSessionToken: ## Secrets for CF OAuth - # cfClientId: - # cfClientSecret: - # cfCaCert: |- + ## + cfClientId: + cfClientSecret: + cfCaCert: ## Secrets for GitHub OAuth. ## - # githubClientId: - # githubClientSecret: - # githubCaCert: |- + githubClientId: + githubClientSecret: + githubCaCert: ## Secrets for GitLab OAuth. ## - # gitlabClientId: - # gitlabClientSecret: + gitlabClientId: + gitlabClientSecret: ## Secrets for LDAP Auth. ## - # ldapCaCert: |- + ldapCaCert: ## Secrets for generic OAuth. ## - # oauthClientId: - # oauthClientSecret: - # oauthCaCert: |- + oauthClientId: + oauthClientSecret: + oauthCaCert: ## Secrets for oidc OAuth. ## - # oidcClientId: - # oidcClientSecret: - # oidcCaCert: |- + oidcClientId: + oidcClientSecret: + oidcCaCert: ## Secrets for using Hashcorp Vault as a credential manager. ## ## if the Vault server is using a self-signed certificate, provide the CA public key. ## the value will be written to /concourse-vault/ca.cert ## - # vaultCaCert: |- + vaultCaCert: ## initial periodic token issued for concourse - ## ref: https://www.vaultproject.io/docs/concepts/tokens.html#periodic-tokens + ## Ref: https://www.vaultproject.io/docs/concepts/tokens.html#periodic-tokens ## - # vaultClientToken: + vaultClientToken: ## vault authentication parameters - ## Paramter to pass when logging in via the backend + ## Parameter to pass when logging in via the backend ## Required for "approle" authenication method ## e.g. "role_id=x,secret_id=x" - ## ref: https://concourse-ci.org/creds.html#vault-auth-param=NAME=VALUE + ## Ref: https://concourse-ci.org/creds.html#vault-auth-param=NAME=VALUE ## - # vaultAuthParam: + vaultAuthParam: ## provide the client certificate for authenticating with the [TLS](https://www.vaultproject.io/docs/auth/cert.html) backend ## the value will be written to /concourse-vault/client.cert ## make sure to also set credentialManager.vault.authBackend to `cert` ## - # vaultClientCert: |- + vaultClientCert: ## provide the client key for authenticating with the [TLS](https://www.vaultproject.io/docs/auth/cert.html) backend ## the value will be written to /concourse-vault/client.key ## make sure to also set credentialManager.vault.authBackend to `cert` ## - # vaultClientKey: |- + vaultClientKey: ## If influxdb metrics are enabled and authentication is required, ## provide a password here to authenticate with the influxdb server configured. ## - # influxdbPassword: + influxdbPassword: ## SSL certificate used to verify the Syslog server for draining build logs. - # syslogCaCert: |- + ## + syslogCaCert: From 4fcb0b0d338e923f31d2be4c44db0f533aef7d9f Mon Sep 17 00:00:00 2001 From: Francesco Lanciana Date: Tue, 26 Feb 2019 07:10:57 +1100 Subject: [PATCH 0297/1586] [stable/redis-ha] Allow for custom labels on redis pod (#11634) * [stable/redis-ha] Allow for custom labels on redis pod Signed-off-by: Francesco Lanciana *What this PR does / why we need it:* * Added the ability to assign extra labels to the redis pod (in addition to the release and app labels) Currently there is no way to assign custom labels to the redis pod, however it is occasionally necessary for custom labels to be assigned to the pod. An example may be a label that is used to enforce a certain network security policy (this is our particular use case). Without this we are completely unable to proceed with this particular helm chart. Signed-off-by: Francesco Lanciana * [stable/redis-ha] Updated the semver minor version Signed-off-by: Francesco Lanciana Updated the minor version for this chart as new functionality (the ability to add custom labels) was added to the chart. This is fully backwards compatible. Signed-off-by: Francesco Lanciana * [stable/redis-ha] Added labels map to values.yaml Signed-off-by: Francesco Lanciana Added labels map to the values.yaml (base config for the chart) Signed-off-by: Francesco Lanciana * [stable/redis-ha] Indentation for labels line in yaml no longer greater than 8 spaces Signed-off-by: Francesco Lanciana This line doesn't need to be indented more than 8 spaces Signed-off-by: Francesco Lanciana --- stable/redis-ha/Chart.yaml | 2 +- stable/redis-ha/templates/redis-ha-statefulset.yaml | 3 +++ stable/redis-ha/values.yaml | 3 +++ 3 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/redis-ha/Chart.yaml b/stable/redis-ha/Chart.yaml index 179ab774f486..660e9bf33718 100644 --- a/stable/redis-ha/Chart.yaml +++ b/stable/redis-ha/Chart.yaml @@ -5,7 +5,7 @@ keywords: - redis - keyvalue - database -version: 3.1.6 +version: 3.2.0 appVersion: 5.0.3 description: Highly available Kubernetes implementation of Redis icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png diff --git a/stable/redis-ha/templates/redis-ha-statefulset.yaml b/stable/redis-ha/templates/redis-ha-statefulset.yaml index 1fc9062e72b7..3fde614608e4 100644 --- a/stable/redis-ha/templates/redis-ha-statefulset.yaml +++ b/stable/redis-ha/templates/redis-ha-statefulset.yaml @@ -30,6 +30,9 @@ spec: labels: release: {{ .Release.Name }} app: {{ template "redis-ha.name" . }} + {{- range $key, $value := .Values.labels }} + {{ $key }}: {{ $value }} + {{- end }} spec: {{- if .Values.nodeSelector }} nodeSelector: diff --git a/stable/redis-ha/values.yaml b/stable/redis-ha/values.yaml index ced15a008c73..6e118f064b94 100644 --- a/stable/redis-ha/values.yaml +++ b/stable/redis-ha/values.yaml @@ -8,6 +8,9 @@ image: ## replicas number for each component replicas: 3 +## Custom labels for the redis pod +labels: {} + ## Redis specific configuration options redis: port: 6379 From cad118c8a9b729831fb002bf29960ae03a63bb4c Mon Sep 17 00:00:00 2001 From: mateuszrapacz <47779884+mateuszrapacz@users.noreply.github.com> Date: Mon, 25 Feb 2019 23:08:01 +0100 Subject: [PATCH 0298/1586] [incubator/kafka] Add configuration of backoffLimit for kafka-config job (#11621) Signed-off-by: Mateusz Rapacz --- incubator/kafka/Chart.yaml | 2 +- incubator/kafka/README.md | 1 + incubator/kafka/templates/job-config.yaml | 1 + incubator/kafka/values.yaml | 7 +++++++ 4 files changed, 10 insertions(+), 1 deletion(-) diff --git a/incubator/kafka/Chart.yaml b/incubator/kafka/Chart.yaml index f04e5124ac61..3535c3486c15 100755 --- a/incubator/kafka/Chart.yaml +++ b/incubator/kafka/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: Apache Kafka is publish-subscribe messaging rethought as a distributed commit log. name: kafka -version: 0.13.9 +version: 0.13.10 appVersion: 5.0.1 keywords: - kafka diff --git a/incubator/kafka/README.md b/incubator/kafka/README.md index 8fda916d5c10..c1c4779ebc25 100644 --- a/incubator/kafka/README.md +++ b/incubator/kafka/README.md @@ -123,6 +123,7 @@ following configurable parameters: | `prometheus.operator.enabled` | True if using the Prometheus Operator, False if not | `false` | | `prometheus.operator.serviceMonitor.namespace` | Namespace which Prometheus is running in. Default to kube-prometheus install. | `monitoring` | | `prometheus.operator.serviceMonitor.selector` | Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install | `{ prometheus: kube-prometheus }` | +| `configJob.backoffLimit` | Number of retries before considering kafka-config job as failed | `6` | | `topics` | List of topics to create & configure. Can specify name, partitions, replicationFactor, reassignPartitions, config. See values.yaml | `[]` (Empty list) | | `zookeeper.enabled` | If True, installs Zookeeper Chart | `true` | | `zookeeper.resources` | Zookeeper resource requests and limits | `{}` | diff --git a/incubator/kafka/templates/job-config.yaml b/incubator/kafka/templates/job-config.yaml index 21cb7c89a8fd..54bf4f73be58 100644 --- a/incubator/kafka/templates/job-config.yaml +++ b/incubator/kafka/templates/job-config.yaml @@ -10,6 +10,7 @@ metadata: heritage: "{{ .Release.Service }}" release: "{{ .Release.Name }}" spec: + backoffLimit: {{ .Values.configJob.backoffLimit }} template: metadata: labels: diff --git a/incubator/kafka/values.yaml b/incubator/kafka/values.yaml index b3300efd714e..2c3456caf299 100644 --- a/incubator/kafka/values.yaml +++ b/incubator/kafka/values.yaml @@ -353,6 +353,13 @@ prometheus: selector: prometheus: kube-prometheus +## Kafka Config job configuration +## +configJob: + ## Specify the number of retries before considering kafka-config job as failed. + ## https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/#pod-backoff-failure-policy + backoffLimit: 6 + ## Topic creation and configuration. ## The job will be run on a deployment only when the config has been changed. ## - If 'partitions' and 'replicationFactor' are specified we create the topic (with --if-not-exists.) From 2811cbeb6006364da96e9c90960a79eb56ff2e03 Mon Sep 17 00:00:00 2001 From: Todd Brown Date: Mon, 25 Feb 2019 16:52:42 -0600 Subject: [PATCH 0299/1586] [stable/prometheus-operator] Correct spelling (#11711) * [stable/prometheus-operator] Correct spelling Signed-off-by: Todd Brown * Bump prometheus-operator version Signed-off-by: Todd Brown --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index e27f3d6e0c18..2198963b1bd7 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 4.1.0 +version: 4.1.1 appVersion: 0.29.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index 9ada427642fd..8966f03af7a4 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -1,6 +1,6 @@ # prometheus-operator -Installs [prometheus-operator](https://github.com/coreos/prometheus-operator) to create/configure/manage Prometheus clusters atop Kubernetes. This chart includes multiple components and is suitable for a variety of use-cases. +Installs [prometheus-operator](https://github.com/coreos/prometheus-operator) to create/configure/manage Prometheus clusters atop Kubernetes. This chart includes multiple components and is suitable for a variety of use-cases. The default installation is intended to suit monitoring a kubernetes cluster the chart is deployed onto. It is closely matches the kube-prometheus project. - [prometheus-operator](https://github.com/coreos/prometheus-operator) @@ -368,7 +368,7 @@ https://github.com/helm/charts/blob/master/stable/prometheus-operator/requiremen These components are loaded as dependencies into the chart. The source for both charts is found in the same repository. They are relatively simple components. ### Grafana -The Grafana chart is more feature-rich than this chart - it contains a sidecard that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentatin for the chart](https://github.com/helm/charts/tree/master/stable/grafana) +The Grafana chart is more feature-rich than this chart - it contains a sidecar that is able to load data sources and dashboards from configmaps deployed into the same cluster. For more information check out the [documentation for the chart](https://github.com/helm/charts/tree/master/stable/grafana) ### Coreos CRDs The CRDs are provisioned using crd-install hooks, rather than relying on a separate chart installation. If you already have these CRDs provisioned and don't want to remove them, you can disable the CRD creation by these hooks by passing `prometheusOperator.createCustomResource=false` @@ -388,7 +388,7 @@ spec: - ReadWriteOnce azureDisk: cachingMode: None - diskName: pvc-prometheus-migration-prometheus-0 + diskName: pvc-prometheus-migration-prometheus-0 diskURI: /subscriptions/f5125d82-2622-4c50-8d25-3f7ba3e9ac4b/resourceGroups/sample-migration-resource-group/providers/Microsoft.Compute/disks/pvc-prometheus-migration-prometheus-0 fsType: "" kind: Managed From 8a35ac6804a1928a9b7d57e8fbc2f8e34d56f4a7 Mon Sep 17 00:00:00 2001 From: "Ciro S. Costa" Date: Mon, 25 Feb 2019 20:18:03 -0500 Subject: [PATCH 0300/1586] [stable/concourse] allow specifying sidecar containers (#11507) Signed-off-by: Bishoy Youssef Co-authored-by: Ciro S. Costa --- stable/concourse/Chart.yaml | 2 +- stable/concourse/README.md | 2 ++ .../concourse/templates/web-deployment.yaml | 3 +++ .../templates/worker-statefulset.yaml | 3 +++ stable/concourse/values.yaml | 20 +++++++++++++++++++ 5 files changed, 29 insertions(+), 1 deletion(-) diff --git a/stable/concourse/Chart.yaml b/stable/concourse/Chart.yaml index 39b2a32cedfe..781261d5e30e 100644 --- a/stable/concourse/Chart.yaml +++ b/stable/concourse/Chart.yaml @@ -1,5 +1,5 @@ name: concourse -version: 3.7.5 +version: 3.8.0 appVersion: 4.2.2 description: Concourse is a simple and scalable CI system. icon: https://avatars1.githubusercontent.com/u/7809479 diff --git a/stable/concourse/README.md b/stable/concourse/README.md index e2ee6b808cc9..d91a9d36ed26 100644 --- a/stable/concourse/README.md +++ b/stable/concourse/README.md @@ -97,6 +97,7 @@ The following table lists the configurable parameters of the Concourse chart and | `web.service.loadBalancerSourceRanges` | Concourse Web Service Load Balancer Source IP ranges | `nil` | | `web.service.tsaNodePort` | Sets the nodePort for tsa when using `NodePort` | `nil` | | `web.service.type` | Concourse Web service type | `ClusterIP` | +| `web.sidecarContainers` | Array of extra containers to run alongside the Concourse web container | `nil` | | `web.syslogSecretsPath` | Specify the mount directory of the web syslog secrets | `/concourse-syslog` | | `web.tolerations` | Tolerations for the web nodes | `[]` | | `web.vaultSecretsPath` | Specify the mount directory of the web vault secrets | `/concourse-vault` | @@ -115,6 +116,7 @@ The following table lists the configurable parameters of the Concourse chart and | `worker.fatalErrors` | Newline delimited strings which, when logged, should trigger a restart of the worker | *See [values.yaml](values.yaml)* | | `worker.updateStrategy` | `OnDelete` or `RollingUpdate` (requires Kubernetes >= 1.7) | `RollingUpdate` | | `worker.podManagementPolicy` | `OrderedReady` or `Parallel` (requires Kubernetes >= 1.7) | `Parallel` | +| `worker.sidecarContainers` | Array of extra containers to run alongside the Concourse worker container | `nil` | | `worker.hardAntiAffinity` | Should the workers be forced (as opposed to preferred) to be on different nodes? | `false` | | `worker.emptyDirSize` | When persistance is disabled this value will be used to limit the emptyDir volume size | `nil` | | `persistence.enabled` | Enable Concourse persistence using Persistent Volume Claims | `true` | diff --git a/stable/concourse/templates/web-deployment.yaml b/stable/concourse/templates/web-deployment.yaml index 18dafea2fc90..98e4cb33fd28 100644 --- a/stable/concourse/templates/web-deployment.yaml +++ b/stable/concourse/templates/web-deployment.yaml @@ -35,6 +35,9 @@ spec: {{- end }} {{- end }} containers: + {{- if .Values.web.sidecarContainers }} + {{- toYaml .Values.web.sidecarContainers | nindent 8 }} + {{- end }} - name: {{ template "concourse.web.fullname" . }} {{- if .Values.imageDigest }} image: "{{ .Values.image }}@{{ .Values.imageDigest }}" diff --git a/stable/concourse/templates/worker-statefulset.yaml b/stable/concourse/templates/worker-statefulset.yaml index 32022e945826..9f012b459c39 100644 --- a/stable/concourse/templates/worker-statefulset.yaml +++ b/stable/concourse/templates/worker-statefulset.yaml @@ -40,6 +40,9 @@ spec: {{- end }} terminationGracePeriodSeconds: {{ .Values.worker.terminationGracePeriodSeconds }} containers: + {{- if .Values.worker.sidecarContainers }} + {{- toYaml .Values.worker.sidecarContainers | nindent 8 }} + {{- end }} - name: {{ template "concourse.worker.fullname" . }} {{- if .Values.imageDigest }} image: "{{ .Values.image }}@{{ .Values.imageDigest }}" diff --git a/stable/concourse/values.yaml b/stable/concourse/values.yaml index bf76b998b149..a9e95b79c6c5 100644 --- a/stable/concourse/values.yaml +++ b/stable/concourse/values.yaml @@ -1093,6 +1093,16 @@ web: ## replicas: 1 + ## Array of extra containers to run alongside the Concourse Web + ## container. + ## + ## Example: + ## - name: myapp-container + ## image: busybox + ## command: ['sh', '-c', 'echo Hello && sleep 3600'] + ## + sidecarContainers: + ## Configures the liveness probe used to determine if the Web component is up. ## ps.: if you're upgrading Concourse from one version to another, the probe will ## probably fail for some time before migrations are finished - in such situations, @@ -1281,6 +1291,16 @@ worker: ## replicas: 2 + ## Array of extra containers to run alongside the Concourse worker + ## container. + ## + ## Example: + ## - name: myapp-container + ## image: busybox + ## command: ['sh', '-c', 'echo Hello && sleep 3600'] + ## + sidecarContainers: + ## Minimum number of workers available after an eviction ## Ref: https://kubernetes.io/docs/admin/disruptions/ ## From 04892724a74636bae5f1463d0d768c123fc02f49 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=87a=C4=9Fatay=20Y=C3=BCcelen?= Date: Tue, 26 Feb 2019 11:55:02 +0300 Subject: [PATCH 0301/1586] [stable/mongodb-replica-set]securityContext bug (#10682) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * securityContext toYaml converts Uint64 to string, this bug leads to unable to disable or modify securityContext values and istio sidecar can not initialize itself. FIXED Signed-off-by: Cagatay Yucelen * new settings added to README Signed-off-by: Cagatay Yucelen * chart version bumped Signed-off-by: Cagatay Yucelen * unsetting clusterIP none Signed-off-by: Cagatay Yucelen * revert Signed-off-by: Cagatay Yucelen * Update indentation for consistency Signed-off-by: Reinhard Nägele --- stable/mongodb-replicaset/Chart.yaml | 2 +- stable/mongodb-replicaset/README.md | 5 ++++- .../mongodb-replicaset/templates/mongodb-statefulset.yaml | 6 +++++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/stable/mongodb-replicaset/Chart.yaml b/stable/mongodb-replicaset/Chart.yaml index 20670fd967fa..518e9aba8379 100644 --- a/stable/mongodb-replicaset/Chart.yaml +++ b/stable/mongodb-replicaset/Chart.yaml @@ -1,6 +1,6 @@ name: mongodb-replicaset home: https://github.com/mongodb/mongo -version: 3.9.0 +version: 3.9.1 appVersion: 3.6 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. diff --git a/stable/mongodb-replicaset/README.md b/stable/mongodb-replicaset/README.md index 45492ff5e971..5c77c330216a 100644 --- a/stable/mongodb-replicaset/README.md +++ b/stable/mongodb-replicaset/README.md @@ -49,7 +49,10 @@ The following table lists the configurable parameters of the mongodb chart and t | `image.tag` | MongoDB image tag | `3.6` | | `image.pullPolicy` | MongoDB image pull policy | `IfNotPresent` | | `podAnnotations` | Annotations to be added to MongoDB pods | `{}` | -| `securityContext` | Security context for the pod | `{runAsUser: 999, fsGroup: 999, runAsNonRoot: true}`| +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `999` | +| `securityContext.runAsUser` | User ID for the container | `999` | +| `securityContext.runAsNonRoot` | | `true` | | `resources` | Pod resource requests and limits | `{}` | | `persistentVolume.enabled` | If `true`, persistent volume claims are created | `true` | | `persistentVolume.storageClass` | Persistent volume storage class | `` | diff --git a/stable/mongodb-replicaset/templates/mongodb-statefulset.yaml b/stable/mongodb-replicaset/templates/mongodb-statefulset.yaml index d05c3a1cbd7d..6c364821d56e 100644 --- a/stable/mongodb-replicaset/templates/mongodb-statefulset.yaml +++ b/stable/mongodb-replicaset/templates/mongodb-statefulset.yaml @@ -45,8 +45,12 @@ spec: - name: {{ . }} {{- end}} {{- end }} + {{- if .Values.securityContext.enabled }} securityContext: -{{ toYaml .Values.securityContext | indent 8 }} + runAsUser: {{ .Values.securityContext.runAsUser }} + fsGroup: {{ .Values.securityContext.fsGroup }} + runAsNonRoot: {{ .Values.securityContext.runAsNonRoot }} + {{- end }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} initContainers: - name: copy-config From 72adca95fe180d1ea65ee6a6c59d9039f9f3ea06 Mon Sep 17 00:00:00 2001 From: Magnus Hyllander Date: Tue, 26 Feb 2019 10:39:30 +0100 Subject: [PATCH 0302/1586] [incubator/haproxy-ingress] Added features (#11718) * Allow setting affinity on controller pods Signed-off-by: Magnus Hyllander * Fix controller-daemonset template checksum annotation Signed-off-by: Magnus Hyllander * haproxy-ingress v0.7-beta.7 Signed-off-by: Magnus Hyllander * Added missing securityContext for DaemonSet Also added "quote" for priorityClassName. Signed-off-by: Magnus Hyllander * Added initContainers Signed-off-by: Magnus Hyllander * Added PodSecurityPolicy This policy allows using privileged containers and sets the CAP_SYS_RESOURCE capability by default. This allows changing sysctl settings like fs.file-max and fs.nr_open in an init container. haproxy is also allowed to change the ulimit nofile as required by the configured maxconn. Signed-off-by: Magnus Hyllander * Bump chart version to 0.0.8 Signed-off-by: Magnus Hyllander * Use livenessProbe for haproxy-exporter side-car container Using a readinessProbe would cause the whole pod to become unavailable if the metrics exporter side-car became unready. Signed-off-by: Magnus Hyllander --- incubator/haproxy-ingress/Chart.yaml | 2 +- incubator/haproxy-ingress/README.md | 5 ++- .../templates/clusterrole.yaml | 6 +-- .../templates/controller-daemonset.yaml | 20 +++++++-- .../templates/controller-deployment.yaml | 14 +++++-- incubator/haproxy-ingress/templates/psp.yaml | 42 +++++++++++++++++++ incubator/haproxy-ingress/templates/role.yaml | 23 +++++----- .../templates/rolebinding.yaml | 2 +- incubator/haproxy-ingress/values.yaml | 11 ++++- 9 files changed, 98 insertions(+), 27 deletions(-) create mode 100644 incubator/haproxy-ingress/templates/psp.yaml diff --git a/incubator/haproxy-ingress/Chart.yaml b/incubator/haproxy-ingress/Chart.yaml index c9ed5f2a2b26..4652b76577ae 100644 --- a/incubator/haproxy-ingress/Chart.yaml +++ b/incubator/haproxy-ingress/Chart.yaml @@ -1,5 +1,5 @@ name: haproxy-ingress -version: 0.0.7 +version: 0.0.8 appVersion: 0.7.0 home: https://github.com/jcmoraisjr/haproxy-ingress description: Ingress controller implementation for haproxy loadbalancer. diff --git a/incubator/haproxy-ingress/README.md b/incubator/haproxy-ingress/README.md index cd69f98be32e..0233ac42c6fc 100644 --- a/incubator/haproxy-ingress/README.md +++ b/incubator/haproxy-ingress/README.md @@ -36,12 +36,14 @@ The following table lists the configurable parameters of the haproxy-ingress cha Parameter | Description | Default --- | --- | --- `rbac.create` | If true, create & use RBAC resources | `true` +`rbac.security.enable` | If true, and rbac.create is true, create & use PSP resources | `false` `serviceAccount.create` | If true, create serviceAccount | `true` `serviceAccount.name` | ServiceAccount to be used | `` `controller.name` | name of the controller component | `controller` `controller.image.repository` | controller container image repository | `quay.io/jcmoraisjr/haproxy-ingress` -`controller.image.tag` | controller container image tag | `v0.7-beta.5` +`controller.image.tag` | controller container image tag | `v0.7-beta.7` `controller.image.pullPolicy` | controller container image pullPolicy | `IfNotPresent` +`controller.initContainers` | extra containers that can initialize the haproxy-ingress-controller | `{}` `controller.extraArgs` | extra command line arguments for the haproxy-ingress-controller | `{}` `controller.extraEnv` | extra environment variables for the haproxy-ingress-controller | `{}` `controller.template` | custom template for haproxy-ingress-controller | `{}` @@ -64,6 +66,7 @@ Parameter | Description | Default `controller.readinessProbe.timeoutSeconds` | The readiness probe timeout (in seconds) | `1` `controller.podAnnotations` | Annotations for the haproxy-ingress-conrtoller pod | `{}` `controller.podLabels` | Labels for the haproxy-ingress-conrtoller pod | `{}` +`controller.podAffinity` | Add affinity to the controller pods to control scheduling | `{}` `controller.priorityClassName` | Priority Class to be used | `` `controller.securityContext` | Security context settings for the haproxy-ingress-conrtoller pod | `{}` `controller.config` | additional haproxy-ingress [ConfigMap entries](https://github.com/jcmoraisjr/haproxy-ingress/blob/v0.6/README.md#configmap) | `{}` diff --git a/incubator/haproxy-ingress/templates/clusterrole.yaml b/incubator/haproxy-ingress/templates/clusterrole.yaml index 9b05cf52617e..1cc5880c7369 100644 --- a/incubator/haproxy-ingress/templates/clusterrole.yaml +++ b/incubator/haproxy-ingress/templates/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.rbac.create -}} +{{- if .Values.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1beta1 kind: ClusterRole metadata: @@ -35,7 +35,7 @@ rules: - list - watch - apiGroups: - - "extensions" + - extensions resources: - ingresses verbs: @@ -50,7 +50,7 @@ rules: - create - patch - apiGroups: - - "extensions" + - extensions resources: - ingresses/status verbs: diff --git a/incubator/haproxy-ingress/templates/controller-daemonset.yaml b/incubator/haproxy-ingress/templates/controller-daemonset.yaml index f2e9a6236d74..0dd16818bc55 100644 --- a/incubator/haproxy-ingress/templates/controller-daemonset.yaml +++ b/incubator/haproxy-ingress/templates/controller-daemonset.yaml @@ -19,11 +19,11 @@ spec: release: {{ .Release.Name }} template: metadata: - {{- if .Values.controller.podAnnotations }} annotations: {{- if .Values.controller.template }} checksum/config: {{ include (print $.Template.BasePath "/controller-template.yaml") . | sha256sum }} {{- end }} + {{- if .Values.controller.podAnnotations }} {{ toYaml .Values.controller.podAnnotations | indent 8}} {{- end }} labels: @@ -34,7 +34,15 @@ spec: {{ toYaml .Values.controller.podLabels | indent 8 }} {{- end }} spec: + {{- if .Values.controller.podAffinity }} + affinity: +{{ toYaml .Values.controller.podAffinity | indent 8 }} + {{- end }} serviceAccountName: {{ template "haproxy-ingress.serviceAccountName" . }} + {{- if .Values.controller.initContainers }} + initContainers: +{{ toYaml .Values.controller.initContainers | indent 8 }} + {{- end }} containers: - name: haproxy-ingress image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" @@ -148,10 +156,10 @@ spec: - name: metrics containerPort: 9101 protocol: TCP - readinessProbe: + livenessProbe: httpGet: path: / - port: 9101 + port: metrics resources: limits: cpu: 200m @@ -182,6 +190,10 @@ spec: {{ toYaml .Values.controller.affinity | indent 8 }} {{- end }} {{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName | quote }} + {{- end }} + {{- if .Values.controller.securityContext }} + securityContext: +{{ toYaml .Values.controller.securityContext | indent 8 }} {{- end }} {{- end }} diff --git a/incubator/haproxy-ingress/templates/controller-deployment.yaml b/incubator/haproxy-ingress/templates/controller-deployment.yaml index 4898c0e5d135..0cd598f61be8 100644 --- a/incubator/haproxy-ingress/templates/controller-deployment.yaml +++ b/incubator/haproxy-ingress/templates/controller-deployment.yaml @@ -36,7 +36,15 @@ spec: {{ toYaml .Values.controller.podLabels | indent 8 }} {{- end }} spec: + {{- if .Values.controller.podAffinity }} + affinity: +{{ toYaml .Values.controller.podAffinity | indent 8 }} + {{- end }} serviceAccountName: {{ template "haproxy-ingress.serviceAccountName" . }} + {{- if .Values.controller.initContainers }} + initContainers: +{{ toYaml .Values.controller.initContainers | indent 8 }} + {{- end }} containers: - name: haproxy-ingress image: "{{ .Values.controller.image.repository }}:{{ .Values.controller.image.tag }}" @@ -137,10 +145,10 @@ spec: - name: metrics containerPort: 9101 protocol: TCP - readinessProbe: + livenessProbe: httpGet: path: / - port: 9101 + port: metrics resources: limits: cpu: 200m @@ -175,6 +183,6 @@ spec: {{ toYaml .Values.controller.securityContext | indent 8 }} {{- end }} {{- if .Values.controller.priorityClassName }} - priorityClassName: {{ .Values.controller.priorityClassName }} + priorityClassName: {{ .Values.controller.priorityClassName | quote }} {{- end }} {{- end }} diff --git a/incubator/haproxy-ingress/templates/psp.yaml b/incubator/haproxy-ingress/templates/psp.yaml new file mode 100644 index 000000000000..fbe95f11a239 --- /dev/null +++ b/incubator/haproxy-ingress/templates/psp.yaml @@ -0,0 +1,42 @@ +{{ if .Values.rbac.security.enable -}} +apiVersion: extensions/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "haproxy-ingress.fullname" . }} + labels: + app: {{ template "haproxy-ingress.name" . }} + chart: {{ template "haproxy-ingress.chart" . }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} + annotations: + seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'docker/default' + apparmor.security.beta.kubernetes.io/allowedProfileNames: 'runtime/default' + seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' +spec: + privileged: true + allowPrivilegeEscalation: true + defaultAllowPrivilegeEscalation: false + allowedCapabilities: + - SYS_RESOURCE + defaultAddCapabilities: + - SYS_RESOURCE + volumes: + - configMap + - secret + hostNetwork: false + hostPorts: + - min: 0 + max: 65535 + runAsUser: + rule: 'RunAsAny' + seLinux: + rule: 'RunAsAny' + supplementalGroups: + rule: 'RunAsAny' + fsGroup: + rule: 'RunAsAny' + allowedHostPaths: + - pathPrefix: /etc/haproxy/template + readOnly: false +{{ end -}} diff --git a/incubator/haproxy-ingress/templates/role.yaml b/incubator/haproxy-ingress/templates/role.yaml index 888a044bce40..059b41e1e17e 100644 --- a/incubator/haproxy-ingress/templates/role.yaml +++ b/incubator/haproxy-ingress/templates/role.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.rbac.create -}} +{{- if .Values.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1beta1 kind: Role metadata: @@ -12,7 +12,6 @@ rules: - apiGroups: - "" resources: - - configmaps - pods - secrets - namespaces @@ -22,21 +21,19 @@ rules: - "" resources: - configmaps + - endpoints verbs: - get - - update - - apiGroups: - - "" - resources: - - configmaps - verbs: - create + - update +{{- if .Values.rbac.security.enable }} - apiGroups: - - "" + - extensions resources: - - endpoints + - podsecuritypolicies + resourceNames: + - {{ template "haproxy-ingress.fullname" . }} verbs: - - get - - create - - update + - use +{{- end -}} {{- end -}} diff --git a/incubator/haproxy-ingress/templates/rolebinding.yaml b/incubator/haproxy-ingress/templates/rolebinding.yaml index 801e27634dc8..46a9ff8df063 100644 --- a/incubator/haproxy-ingress/templates/rolebinding.yaml +++ b/incubator/haproxy-ingress/templates/rolebinding.yaml @@ -1,4 +1,4 @@ -{{- if or .Values.rbac.create -}} +{{- if .Values.rbac.create -}} apiVersion: rbac.authorization.k8s.io/v1beta1 kind: RoleBinding metadata: diff --git a/incubator/haproxy-ingress/values.yaml b/incubator/haproxy-ingress/values.yaml index c6df5b73c043..d8de3bfaf133 100644 --- a/incubator/haproxy-ingress/values.yaml +++ b/incubator/haproxy-ingress/values.yaml @@ -1,6 +1,8 @@ # Enable RBAC rbac: create: true + security: + enable: false # Create ServiceAccount serviceAccount: @@ -14,7 +16,7 @@ controller: name: controller image: repository: quay.io/jcmoraisjr/haproxy-ingress - tag: "v0.7-beta.5" + tag: "v0.7-beta.7" pullPolicy: IfNotPresent ## Additional command line arguments to pass to haproxy-ingress-controller @@ -33,6 +35,9 @@ controller: # key: FOO # name: secret-resource + ## Additional containers that can initialize the pod. + initContainers: {} + # custom haproxy template template: "" @@ -75,6 +80,10 @@ controller: ## podLabels: {} + ## Affinity to be added to controller pods + ## + podAffinity: {} + ## Priority Class to be used ## priorityClassName: "" From 3b08f9b8e08a607f729b1231f6745ccc2535a7aa Mon Sep 17 00:00:00 2001 From: rayou Date: Tue, 26 Feb 2019 20:48:12 +1100 Subject: [PATCH 0303/1586] [stable/wordpress] Fixed typo in _helpers.tpl (#11697) Signed-off-by: Yu-Hung Ou --- stable/wordpress/Chart.yaml | 2 +- stable/wordpress/templates/_helpers.tpl | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/wordpress/Chart.yaml b/stable/wordpress/Chart.yaml index a5b7c42827aa..66cb33e33709 100644 --- a/stable/wordpress/Chart.yaml +++ b/stable/wordpress/Chart.yaml @@ -1,5 +1,5 @@ name: wordpress -version: 5.2.3 +version: 5.2.4 appVersion: 5.1.0 description: Web publishing platform for building blogs and websites. icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png diff --git a/stable/wordpress/templates/_helpers.tpl b/stable/wordpress/templates/_helpers.tpl index 7b0595efc7fb..ffa176a112f9 100644 --- a/stable/wordpress/templates/_helpers.tpl +++ b/stable/wordpress/templates/_helpers.tpl @@ -56,8 +56,8 @@ Create chart name and version as used by the chart label. {{/* Create chart name and version as used by the chart label. */}} -{{- define "wordpress.customHTAcessCM" -}} -{{- printf "%s" .Values.customHTAcessCM -}} +{{- define "wordpress.customHTAccessCM" -}} +{{- printf "%s" .Values.customHTAccessCM -}} {{- end -}} {{/* From 5bbf2df168a74ef5c901791871eda2461375c53b Mon Sep 17 00:00:00 2001 From: Jai Pradeesh Date: Tue, 26 Feb 2019 15:27:08 +0530 Subject: [PATCH 0304/1586] [stable/openvpn] Adds nodeSelector (#9965) Signed-off-by: Jai --- stable/openvpn/Chart.yaml | 2 +- stable/openvpn/README.md | 2 +- stable/openvpn/templates/openvpn-deployment.yaml | 4 ++++ stable/openvpn/values.yaml | 2 ++ 4 files changed, 8 insertions(+), 2 deletions(-) diff --git a/stable/openvpn/Chart.yaml b/stable/openvpn/Chart.yaml index 87013c7f4e7f..277122b43856 100755 --- a/stable/openvpn/Chart.yaml +++ b/stable/openvpn/Chart.yaml @@ -3,7 +3,7 @@ description: A Helm chart to install an openvpn server inside a kubernetes clust generation is also part of the deployment, and this chart will generate client keys as needed. name: openvpn -version: 3.11.0 +version: 3.12.0 appVersion: 1.1.0 maintainers: - name: jfelten diff --git a/stable/openvpn/README.md b/stable/openvpn/README.md index 797a0bad1a55..976a4ed43778 100644 --- a/stable/openvpn/README.md +++ b/stable/openvpn/README.md @@ -84,6 +84,7 @@ Parameter | Description | Default `openvpn.dhcpOptionDomain` | Push a `dhcp-option DOMAIN` config | `true` `openvpn.conf` | Arbitrary lines appended to the end of the server configuration file | `nil` `openvpn.redirectGateway` | Redirect all client traffic through VPN | `true` +`nodeSelector` | Node labels for pod assignment | `{}` This chart has been engineered to use kube-dns and route all network traffic to kubernetes pods and services, to disable this behaviour set `openvpn.OVPN_K8S_POD_NETWORK` and `openvpn.OVPN_K8S_POD_SUBNET` to `null`. @@ -112,4 +113,3 @@ Certificates can be found in openvpn pod in the following files: `/etc/openvpn/certs/pki/ca.crt` `/etc/openvpn/certs/pki/issued/server.crt` `/etc/openvpn/certs/pki/dh.pem` - diff --git a/stable/openvpn/templates/openvpn-deployment.yaml b/stable/openvpn/templates/openvpn-deployment.yaml index 51b656196c99..bea260715675 100644 --- a/stable/openvpn/templates/openvpn-deployment.yaml +++ b/stable/openvpn/templates/openvpn-deployment.yaml @@ -82,3 +82,7 @@ spec: {{- else }} emptyDir: {} {{- end -}} + {{- if .Values.nodeSelector }} + nodeSelector: + {{ toYaml .Values.nodeSelector }} + {{- end }} diff --git a/stable/openvpn/values.yaml b/stable/openvpn/values.yaml index 9f58b8bf9d0c..cd05a36fc6af 100644 --- a/stable/openvpn/values.yaml +++ b/stable/openvpn/values.yaml @@ -85,3 +85,5 @@ openvpn: # conf: | # max-clients 100 # client-to-client + +nodeSelector: {} From a758b0f2bb1c0ae9838ab650202f1a205bca075a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20R=2E=20de=20Miranda?= Date: Tue, 26 Feb 2019 07:13:02 -0300 Subject: [PATCH 0305/1586] [incubator/gogs] Features added in gogs (#11652) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Features added in gogs * Gogs version 0.11.86 * Added mailer * Added nodeSelector, affinity, tolerations * Added existing persistence volume Signed-off-by: André R. de Miranda * Fixed: Added the key existingClaim in values.yaml Signed-off-by: André R. de Miranda --- incubator/gogs/Chart.yaml | 4 +-- incubator/gogs/README.md | 2 +- incubator/gogs/templates/configmap.yaml | 12 +++++++ incubator/gogs/templates/deployment.yaml | 16 ++++++++++ incubator/gogs/templates/pvc.yaml | 2 +- incubator/gogs/values.yaml | 40 +++++++++++++++++++++++- 6 files changed, 71 insertions(+), 5 deletions(-) diff --git a/incubator/gogs/Chart.yaml b/incubator/gogs/Chart.yaml index cde1ac6d6655..778c1c3d4bd5 100644 --- a/incubator/gogs/Chart.yaml +++ b/incubator/gogs/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: 'Gogs: Go Git Service' name: gogs -version: 0.7.6 -appVersion: 0.11.79 +version: 0.7.7 +appVersion: 0.11.86 home: https://gogs.io/ icon: https://gogs.io/img/favicon.ico maintainers: diff --git a/incubator/gogs/README.md b/incubator/gogs/README.md index 2b88b6bde562..32f25fc22d81 100644 --- a/incubator/gogs/README.md +++ b/incubator/gogs/README.md @@ -44,7 +44,7 @@ chart and their default values. | Parameter | Description | Default | | ----------------------- | ---------------------------------- | ---------------------------------------------------------- | | `image.repository` | Gogs image | `gogs/gogs` | -| `image.tag` | Gogs image tag | `0.11.66` | +| `image.tag` | Gogs image tag | `0.11.86` | | `image.pullPolicy` | Gogs image pull policy | `Always` if `imageTag` is `latest`, else `IfNotPresent` | | `postgresql.install` | Weather or not to install PostgreSQL dependency | `true` | | `postgresql.postgresHost` | PostgreSQL host (if `postgresql.install == false`) | `nil` | diff --git a/incubator/gogs/templates/configmap.yaml b/incubator/gogs/templates/configmap.yaml index 56835e8ce3c6..d6148c4ef852 100644 --- a/incubator/gogs/templates/configmap.yaml +++ b/incubator/gogs/templates/configmap.yaml @@ -39,6 +39,18 @@ data: ENABLE_REVERSE_PROXY_AUTHENTICATION = false ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false + [mailer] + ENABLED = {{ .Values.service.gogs.mailerEnabled }} + HOST = {{ .Values.service.gogs.mailerHost }} + DISABLE_HELO = false + HELO_HOSTNAME = + SKIP_VERIFY = {{ .Values.service.gogs.mailerSkipVerify }} + SUBJECT_PREFIX = {{ .Values.service.gogs.mailerSubjectPrefix }} + FROM = {{ .Values.service.gogs.mailerFrom }} + USER = {{ .Values.service.gogs.mailerUser }} + PASSWD = {{ .Values.service.gogs.mailerPasswd }} + USE_PLAIN_TEXT = text/plain + [database] DB_TYPE = {{ .Values.service.gogs.databaseType | quote }} HOST = {{ template "gogs.database.host" . }} diff --git a/incubator/gogs/templates/deployment.yaml b/incubator/gogs/templates/deployment.yaml index d0cd87762791..e12601844306 100644 --- a/incubator/gogs/templates/deployment.yaml +++ b/incubator/gogs/templates/deployment.yaml @@ -19,6 +19,18 @@ spec: {{- with .Values.securityContext }} securityContext: {{ toYaml . | indent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} {{- end }} containers: - name: {{ .Chart.Name }} @@ -56,7 +68,11 @@ spec: - name: data {{- if .Values.persistence.enabled }} persistentVolumeClaim: + {{- if .Values.persistence.existingClaim }} + claimName: {{ .Values.persistence.existingClaim }} + {{- else }} claimName: {{ template "gogs.fullname" . }} + {{- end -}} {{- else }} emptyDir: {} {{- end -}} diff --git a/incubator/gogs/templates/pvc.yaml b/incubator/gogs/templates/pvc.yaml index 458bc40f43f1..56ccae800549 100644 --- a/incubator/gogs/templates/pvc.yaml +++ b/incubator/gogs/templates/pvc.yaml @@ -1,4 +1,4 @@ -{{- if .Values.persistence.enabled }} +{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} kind: PersistentVolumeClaim apiVersion: v1 metadata: diff --git a/incubator/gogs/values.yaml b/incubator/gogs/values.yaml index fb7ebe0dc56d..4dbf4fdc0725 100644 --- a/incubator/gogs/values.yaml +++ b/incubator/gogs/values.yaml @@ -11,7 +11,7 @@ replicaCount: 1 image: repository: gogs/gogs - tag: 0.11.79 + tag: 0.11.86 pullPolicy: IfNotPresent service: @@ -105,6 +105,34 @@ service: ## serviceEnableNotifyMail: false + ## Enable this to send mail with SMTP server. + ## + mailerEnabled: false + + ## SMTP server host. + ## + mailerHost: + + ## SMTP server user. + ## + mailerUser: + + ## SMTP server password. + ## + mailerPasswd: + + ## Mail from address. Format RFC 5322, email@example.com, or "Name" + ## + mailerFrom: + + ## Prefix prepended mail subject. + ## + mailerSubjectPrefix: + + ## Do not verify the self-signed certificates. + ## + mailerSkipVerify: false + ## Either "memory", "redis", or "memcache", default is "memory" ## cacheAdapter: memory @@ -294,6 +322,10 @@ persistence: ## enabled: true + ## If defined, PVC must be created manually before volume will be bound + ## + # existingClaim: "-" + ## gogs data Persistent Volume Storage Class ## If defined, storageClassName: ## If set to "-", storageClassName: "", which disables dynamic provisioning @@ -340,5 +372,11 @@ postgresql: ## Enable PostgreSQL persistence using Persistent Volume Claims. ## enabled: true + ## Security context securityContext: {} + +## Node, affinity and tolerations labels for pod assignment +nodeSelector: {} +affinity: {} +tolerations: [] From 7f7bf28e2853017c0f0b4809e36de70517c0bc64 Mon Sep 17 00:00:00 2001 From: Nicolas Maupu Date: Tue, 26 Feb 2019 11:33:48 +0100 Subject: [PATCH 0306/1586] [stable/minio] Make use of existingSecret for job (#11544) Signed-off-by: Nicolas Maupu --- stable/minio/Chart.yaml | 2 +- stable/minio/templates/post-install-create-bucket-job.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/minio/Chart.yaml b/stable/minio/Chart.yaml index 7deb5e0eef16..179840b56a3b 100755 --- a/stable/minio/Chart.yaml +++ b/stable/minio/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Minio is a high performance distributed object storage server, designed for large-scale private cloud infrastructure. name: minio -version: 2.4.3 +version: 2.4.4 appVersion: RELEASE.2019-02-12T21-58-47Z keywords: - storage diff --git a/stable/minio/templates/post-install-create-bucket-job.yaml b/stable/minio/templates/post-install-create-bucket-job.yaml index 4801a12ef694..c581338a2653 100755 --- a/stable/minio/templates/post-install-create-bucket-job.yaml +++ b/stable/minio/templates/post-install-create-bucket-job.yaml @@ -30,7 +30,7 @@ spec: - configMap: name: {{ template "minio.fullname" . }} - secret: - name: {{ template "minio.fullname" . }} + name: {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "minio.fullname" . }}{{ end }} {{- if .Values.tls.enabled }} - name: cert-secret-volume-mc secret: From bec3c60ed5df3700f9b6c79cc7618806d13eff59 Mon Sep 17 00:00:00 2001 From: jamesrobson-pio <43956559+jamesrobson-pio@users.noreply.github.com> Date: Tue, 26 Feb 2019 11:14:09 +0000 Subject: [PATCH 0307/1586] [stable/mongodb] Add loadBalancerIP setting (#11693) * [stable/mongodb] Add loadBalancerIP setting Signed-off-by: James Robson * Bump chart version Signed-off-by: James Robson * Fix review comments Signed-off-by: James Robson --- stable/mongodb/Chart.yaml | 2 +- stable/mongodb/README.md | 1 + stable/mongodb/templates/svc-primary-rs.yaml | 4 ++++ stable/mongodb/templates/svc-standalone.yaml | 4 ++++ stable/mongodb/values-production.yaml | 5 +++++ stable/mongodb/values.yaml | 5 +++++ 6 files changed, 20 insertions(+), 1 deletion(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index 465ccbc692b9..1bdcfa103e39 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,5 +1,5 @@ name: mongodb -version: 5.5.0 +version: 5.6.0 appVersion: 4.0.6 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: diff --git a/stable/mongodb/README.md b/stable/mongodb/README.md index 15d02f879bf6..9670845883d3 100644 --- a/stable/mongodb/README.md +++ b/stable/mongodb/README.md @@ -68,6 +68,7 @@ The following table lists the configurable parameters of the MongoDB chart and t | `service.type` | Kubernetes Service type | `ClusterIP` | | `service.clusterIP` | Static clusterIP or None for headless services | `nil` | | `service.nodePort` | Port to bind to for NodePort service type | `nil` | +| `service.loadBalancerIP` | Static IP Address to use for LoadBalancer service type | `nil` | | `port` | MongoDB service port | `27017` | | `replicaSet.enabled` | Switch to enable/disable replica set configuration | `false` | | `replicaSet.name` | Name of the replica set | `rs0` | diff --git a/stable/mongodb/templates/svc-primary-rs.yaml b/stable/mongodb/templates/svc-primary-rs.yaml index e514384900ba..b9205c91ffcd 100644 --- a/stable/mongodb/templates/svc-primary-rs.yaml +++ b/stable/mongodb/templates/svc-primary-rs.yaml @@ -17,6 +17,10 @@ spec: {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} clusterIP: {{ .Values.service.clusterIP }} {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: - name: mongodb port: 27017 diff --git a/stable/mongodb/templates/svc-standalone.yaml b/stable/mongodb/templates/svc-standalone.yaml index 55e8a351a702..4a21ec644883 100644 --- a/stable/mongodb/templates/svc-standalone.yaml +++ b/stable/mongodb/templates/svc-standalone.yaml @@ -17,6 +17,10 @@ spec: {{- if and (eq .Values.service.type "ClusterIP") .Values.service.clusterIP }} clusterIP: {{ .Values.service.clusterIP }} {{- end }} + {{- if and (eq .Values.service.type "LoadBalancer") .Values.service.loadBalancerIP }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: - name: mongodb port: 27017 diff --git a/stable/mongodb/values-production.yaml b/stable/mongodb/values-production.yaml index c3da0ec52147..5e12a5c8d865 100644 --- a/stable/mongodb/values-production.yaml +++ b/stable/mongodb/values-production.yaml @@ -92,6 +92,11 @@ service: ## # nodePort: + ## Specify the loadBalancerIP value for LoadBalancer service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + ## + # loadBalancerIP: + ## Setting up replication ## ref: https://github.com/bitnami/bitnami-docker-mongodb#setting-up-a-replication diff --git a/stable/mongodb/values.yaml b/stable/mongodb/values.yaml index fba5cda8cf62..d159b9e8c84f 100644 --- a/stable/mongodb/values.yaml +++ b/stable/mongodb/values.yaml @@ -93,6 +93,11 @@ service: ## # nodePort: + ## Specify the loadBalancerIP value for LoadBalancer service types. + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer + ## + # loadBalancerIP: + ## Setting up replication ## ref: https://github.com/bitnami/bitnami-docker-mongodb#setting-up-a-replication # From 38f7f0e144327e9a65e5c66d0d9b26f5f3b2bdb7 Mon Sep 17 00:00:00 2001 From: Rajeswari Krishnakumar Date: Tue, 26 Feb 2019 18:00:21 +0530 Subject: [PATCH 0308/1586] [stable/minio] Add support for s3 compatible service endpoint (#11732) * [stable/minio] Add support for s3 compatible service endpoint Signed-off-by: Rajeswari Krishnakumar * [stable/minio] Fix the braces in deployment yaml Signed-off-by: Rajeswari Krishnakumar * Bumping the chart version Signed-off-by: Rajeswari Krishnakumar --- stable/minio/Chart.yaml | 2 +- stable/minio/README.md | 1 + stable/minio/templates/deployment.yaml | 4 ++-- stable/minio/values.yaml | 1 + 4 files changed, 5 insertions(+), 3 deletions(-) diff --git a/stable/minio/Chart.yaml b/stable/minio/Chart.yaml index 179840b56a3b..c9a91c14ebb8 100755 --- a/stable/minio/Chart.yaml +++ b/stable/minio/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Minio is a high performance distributed object storage server, designed for large-scale private cloud infrastructure. name: minio -version: 2.4.4 +version: 2.4.5 appVersion: RELEASE.2019-02-12T21-58-47Z keywords: - storage diff --git a/stable/minio/README.md b/stable/minio/README.md index feb3452078ae..271f7996a6da 100755 --- a/stable/minio/README.md +++ b/stable/minio/README.md @@ -145,6 +145,7 @@ The following table lists the configurable parameters of the Minio chart and the | `buckets` | List of buckets to create after minio install | `[]` | | `s3gateway.enabled` | Use minio as a [s3 gateway](https://github.com/minio/minio/blob/master/docs/gateway/s3.md)| `false` | | `s3gateway.replicas` | Number of s3 gateway instances to run in parallel | `4` | +| `s3gateway.serviceEndpoint`| Endpoint to the S3 compatible service | `""` | | `azuregateway.enabled` | Use minio as an [azure gateway](https://docs.minio.io/docs/minio-gateway-for-azure)| `false` | | `gcsgateway.enabled` | Use minio as a [Google Cloud Storage gateway](https://docs.minio.io/docs/minio-gateway-for-gcs)| `false` | | `gcsgateway.gcsKeyJson` | credential json file of service account key | `""` | diff --git a/stable/minio/templates/deployment.yaml b/stable/minio/templates/deployment.yaml index a269c197bcf1..6f72676eb8f7 100644 --- a/stable/minio/templates/deployment.yaml +++ b/stable/minio/templates/deployment.yaml @@ -50,7 +50,7 @@ spec: {{- if .Values.s3gateway.enabled }} command: [ "/bin/sh", "-ce", - "/usr/bin/docker-entrypoint.sh minio -C {{ .Values.configPath }} gateway s3" ] + "/usr/bin/docker-entrypoint.sh minio -C {{ .Values.configPath }} gateway s3 {{ .Values.s3gateway.serviceEndpoint }}" ] {{- else }} {{- if .Values.azuregateway.enabled }} command: [ "/bin/sh", @@ -82,7 +82,7 @@ spec: {{- end }} {{- end }} volumeMounts: - {{- if and .Values.persistence.enabled ((not .Values.gcsgateway.enabled) (not .Values.azuregateway.enabled) (not .Values.s3gateway.enabled)) }} + {{- if and .Values.persistence.enabled (not .Values.gcsgateway.enabled) (not .Values.azuregateway.enabled) (not .Values.s3gateway.enabled) }} - name: export mountPath: {{ .Values.mountPath }} {{- if .Values.persistence.subPath }} diff --git a/stable/minio/values.yaml b/stable/minio/values.yaml index 7bdfb8d74ae5..41a42eedc59f 100755 --- a/stable/minio/values.yaml +++ b/stable/minio/values.yaml @@ -171,6 +171,7 @@ buckets: [] s3gateway: enabled: false replicas: 4 + serviceEndpoint: "" ## Use minio as an azure blob gateway, you should disable data persistence so no volume claim are created. ## https://docs.minio.io/docs/minio-gateway-for-azure From b097cc2e0a48fa053d75efbbecd02b888279e6d2 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Tue, 26 Feb 2019 15:12:35 +0100 Subject: [PATCH 0309/1586] stable/phabricator: update to 2019.8.0 (#11736) Signed-off-by: Bitnami Containers --- stable/phabricator/Chart.yaml | 4 ++-- stable/phabricator/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/phabricator/Chart.yaml b/stable/phabricator/Chart.yaml index a2df8dea1085..9bc9e0386dbd 100644 --- a/stable/phabricator/Chart.yaml +++ b/stable/phabricator/Chart.yaml @@ -1,6 +1,6 @@ name: phabricator -version: 4.0.12 -appVersion: 2019.6.0 +version: 4.0.13 +appVersion: 2019.8.0 description: Collection of open source web applications that help software companies build better software. keywords: - phabricator diff --git a/stable/phabricator/values.yaml b/stable/phabricator/values.yaml index 1b8369aab0b1..d29bb567bc92 100644 --- a/stable/phabricator/values.yaml +++ b/stable/phabricator/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/phabricator - tag: 2019.6.0 + tag: 2019.8.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From d51d65999ed35f62e3a29351d87568adbd5e77dc Mon Sep 17 00:00:00 2001 From: JoostC Date: Tue, 26 Feb 2019 15:21:57 +0100 Subject: [PATCH 0310/1586] [stable/wordpress] Fixed metrics resources templating. (#11733) (#11734) * Fixed wrong indenting when using limits and requests on metrics.resources * Bumped chart version Signed-off-by: JoostC --- stable/wordpress/Chart.yaml | 2 +- stable/wordpress/templates/deployment.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/wordpress/Chart.yaml b/stable/wordpress/Chart.yaml index 66cb33e33709..193c4a0f42d6 100644 --- a/stable/wordpress/Chart.yaml +++ b/stable/wordpress/Chart.yaml @@ -1,5 +1,5 @@ name: wordpress -version: 5.2.4 +version: 5.2.5 appVersion: 5.1.0 description: Web publishing platform for building blogs and websites. icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png diff --git a/stable/wordpress/templates/deployment.yaml b/stable/wordpress/templates/deployment.yaml index 2b0380e76117..f145a046235b 100644 --- a/stable/wordpress/templates/deployment.yaml +++ b/stable/wordpress/templates/deployment.yaml @@ -201,7 +201,7 @@ spec: initialDelaySeconds: 5 timeoutSeconds: 1 resources: - {{ toYaml .Values.metrics.resources | indent 10 }} +{{ toYaml .Values.metrics.resources | indent 10 }} {{- end }} volumes: {{- if and .Values.allowOverrideNone .Values.customHTAccessCM}} From 7f76e9695c1093628cfab0738ff53abeb005addf Mon Sep 17 00:00:00 2001 From: Tommy Situ Date: Tue, 26 Feb 2019 15:10:11 +0000 Subject: [PATCH 0311/1586] Add Hoverfly to incubator (#11365) * Initial commit for hoverfly chart Signed-off-by: Tommy Situ * Update version and owners Signed-off-by: Tommy Situ * Add README template Signed-off-by: Tommy Situ * Pass Hoverfly flags via args, update readme and notes Signed-off-by: Tommy Situ * Add missing appVersion, update Chart.yaml Signed-off-by: Tommy Situ * Fix linting error in values.yaml Signed-off-by: Tommy Situ * Update Hoverfly version Signed-off-by: Tommy Situ * Address review comments Signed-off-by: Tommy Situ * Fix linting error Signed-off-by: Tommy Situ * Add missing spec.selector field Signed-off-by: Tommy Situ --- incubator/hoverfly/.helmignore | 23 +++++++ incubator/hoverfly/Chart.yaml | 17 +++++ incubator/hoverfly/OWNERS | 4 ++ incubator/hoverfly/README.md | 72 ++++++++++++++++++++ incubator/hoverfly/templates/NOTES.txt | 17 +++++ incubator/hoverfly/templates/_helpers.tpl | 16 +++++ incubator/hoverfly/templates/deployment.yaml | 40 +++++++++++ incubator/hoverfly/templates/service.yaml | 19 ++++++ incubator/hoverfly/values.yaml | 22 ++++++ 9 files changed, 230 insertions(+) create mode 100644 incubator/hoverfly/.helmignore create mode 100644 incubator/hoverfly/Chart.yaml create mode 100644 incubator/hoverfly/OWNERS create mode 100644 incubator/hoverfly/README.md create mode 100644 incubator/hoverfly/templates/NOTES.txt create mode 100644 incubator/hoverfly/templates/_helpers.tpl create mode 100644 incubator/hoverfly/templates/deployment.yaml create mode 100644 incubator/hoverfly/templates/service.yaml create mode 100644 incubator/hoverfly/values.yaml diff --git a/incubator/hoverfly/.helmignore b/incubator/hoverfly/.helmignore new file mode 100644 index 000000000000..46fd89965620 --- /dev/null +++ b/incubator/hoverfly/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# OWNERS file for Kubernetes +OWNERS diff --git a/incubator/hoverfly/Chart.yaml b/incubator/hoverfly/Chart.yaml new file mode 100644 index 000000000000..33880e5605a4 --- /dev/null +++ b/incubator/hoverfly/Chart.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +appVersion: 1.0.0-rc.2 +description: Hoverfly is a lightweight, open source API simulation tool. Using Hoverfly, you can create realistic simulations of the APIs your application depends on. +name: hoverfly +version: 0.1.0 +keywords: + - hoverfly + - api-simulation + - mocking + - stubbing + - service-virtualization +home: https://hoverfly.io +sources: +- https://github.com/SpectoLabs/hoverfly +maintainers: +- name: tommysitu + email: tommy.situ@specto.io diff --git a/incubator/hoverfly/OWNERS b/incubator/hoverfly/OWNERS new file mode 100644 index 000000000000..00ba52f978a7 --- /dev/null +++ b/incubator/hoverfly/OWNERS @@ -0,0 +1,4 @@ +approvers: +- tommysitu +reviewers: +- tommysitu diff --git a/incubator/hoverfly/README.md b/incubator/hoverfly/README.md new file mode 100644 index 000000000000..8bd4f811a218 --- /dev/null +++ b/incubator/hoverfly/README.md @@ -0,0 +1,72 @@ +# Hoverfly + +[Hoverfly](https://hoverfly.io/) is a lightweight, open source API simulation tool. Using Hoverfly, you can create realistic simulations of the APIs your application depends on. + + +## TL;DR; + +```console +$ helm install incubator/hoverfly +``` + +## Introduction + +This chart bootstraps a [Hoverfly](https://hoverfly.io/) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +$ helm install --name my-release incubator/hoverfly +``` + +The command deploys Hoverfly on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```console +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the Hoverfly chart and their default values. + +| Parameter | Description | Default | +| --------------------------------- | ------------------------------------------ | --------------------------------------------------------- | +| `image.repository` | Hoverfly Image name | `docker.io/spectolabs/hoverfly` | +| `image.tag` | Hoverfly Image tag | `v1.0.0-rc.2` | +| `hoverflyFlags` | Flags to start Hoverfly with, eg. '-auth' | `""` | +| `healthcheckEndpoint` | Admin API path for Kubernetes healthcheck | `/api/health` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.adminPort` | Container Admin port | `8888` | +| `service.proxyPort` | Container Proxy port | `8500` | +| `service.externalAdminPort` | Service Admin port | `8888` | +| `service.externalProxyPort` | Service Proxy port | `8500` | +| `resources` | CPU/Memory resource requests/limits | Memory: `200Mi`, CPU: `0.2` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +$ helm install --name my-release \ + --set hoverflyFlags='-webserver -journal-size 0' \ + incubator/hoverfly +``` + +The above command starts Hoverfly in webserver mode and disable journal. You can find all the available flags [here](https://hoverfly.readthedocs.io/en/latest/pages/reference/hoverfly/hoverflycommands.html) + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +$ helm install --name my-release -f values.yaml incubator/hoverfly +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) diff --git a/incubator/hoverfly/templates/NOTES.txt b/incubator/hoverfly/templates/NOTES.txt new file mode 100644 index 000000000000..82d521d996e4 --- /dev/null +++ b/incubator/hoverfly/templates/NOTES.txt @@ -0,0 +1,17 @@ +1. Get the application URL by running these commands: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ template "fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo "Hoverfly Admin URL: http://$SERVICE_IP:{{ .Values.service.externalAdminPort }}" + echo "Hoverfly Proxy URL: http://$SERVICE_IP:{{ .Values.service.externalProxyPort }}" +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "fullname" . }}" -o jsonpath="{.items[0].metadata.name}") + kubectl port-forward $POD_NAME {{ .Values.service.externalAdminPort }} {{ .Values.service.externalProxyPort }} + echo "Hoverfly Admin URL http://127.0.0.1:{{ .Values.service.externalAdminPort }}" + echo "Hoverfly Proxy URL http://127.0.0.1:{{ .Values.service.externalProxyPort }}" +{{- end }} diff --git a/incubator/hoverfly/templates/_helpers.tpl b/incubator/hoverfly/templates/_helpers.tpl new file mode 100644 index 000000000000..f0d83d2edba6 --- /dev/null +++ b/incubator/hoverfly/templates/_helpers.tpl @@ -0,0 +1,16 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "fullname" -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/incubator/hoverfly/templates/deployment.yaml b/incubator/hoverfly/templates/deployment.yaml new file mode 100644 index 000000000000..2a184c5880a4 --- /dev/null +++ b/incubator/hoverfly/templates/deployment.yaml @@ -0,0 +1,40 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "fullname" . }} + labels: + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" +spec: + replicas: {{ .Values.replicaCount }} + selector: + matchLabels: + app: {{ template "fullname" . }} + template: + metadata: + labels: + app: {{ template "fullname" . }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + env: + - name: FLAGS + value: {{ .Values.hoverflyFlags }} + args: ["$(FLAGS)"] + ports: + - containerPort: {{ .Values.service.adminPort }} + - containerPort: {{ .Values.service.proxyPort }} + livenessProbe: + httpGet: + path: {{ .Values.healthcheckEndpoint }} + port: {{ .Values.service.adminPort }} + initialDelaySeconds: 5 + timeoutSeconds: 1 + readinessProbe: + httpGet: + path: {{ .Values.healthcheckEndpoint }} + port: {{ .Values.service.adminPort }} + initialDelaySeconds: 5 + timeoutSeconds: 1 + resources: +{{ toYaml .Values.resources | indent 12 }} diff --git a/incubator/hoverfly/templates/service.yaml b/incubator/hoverfly/templates/service.yaml new file mode 100644 index 000000000000..66967be5115e --- /dev/null +++ b/incubator/hoverfly/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "fullname" . }} + labels: + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.externalAdminPort }} + targetPort: {{ .Values.service.adminPort }} + protocol: TCP + name: admin + - port: {{ .Values.service.externalProxyPort }} + targetPort: {{ .Values.service.proxyPort }} + protocol: TCP + name: proxy + selector: + app: {{ template "fullname" . }} diff --git a/incubator/hoverfly/values.yaml b/incubator/hoverfly/values.yaml new file mode 100644 index 000000000000..7d729a21443b --- /dev/null +++ b/incubator/hoverfly/values.yaml @@ -0,0 +1,22 @@ +# Default values for hoverfly. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. +image: + repository: docker.io/spectolabs/hoverfly + tag: v1.0.0-rc.2 + pullPolicy: IfNotPresent +service: + type: ClusterIP + externalAdminPort: 8888 + adminPort: 8888 + externalProxyPort: 8500 + proxyPort: 8500 +healthcheckEndpoint: /api/health +hoverflyFlags: +# resources: +# limits: +# cpu: 0.2 +# memory: 200Mi +# requests: +# cpu: 0.1 +# memory: 100Mi From f8acff1fe61d2be905a3a57414dd8e713234da87 Mon Sep 17 00:00:00 2001 From: giddel Date: Tue, 26 Feb 2019 16:23:05 +0100 Subject: [PATCH 0312/1586] Add logging-section to InfluxDB configmap and values (#9967) * Add the logging-section to configmap and values Signed-off-by: Jens Puruckherr * Add logging-section to InfluxDB configmap and values Signed-off-by: Jens Puruckherr * influxdb chart version bump Signed-off-by: Jens Puruckherr * resolve conflict in influxdb chart version Signed-off-by: Jens Puruckherr * influxdb chart version bump Signed-off-by: Jens Puruckherr * influxdb chart version bump Signed-off-by: Jens Puruckherr * Update Chart.yaml Signed-off-by: Matt Farina --- stable/influxdb/Chart.yaml | 2 +- stable/influxdb/templates/config.yaml | 5 ++++- stable/influxdb/values.yaml | 4 ++++ 3 files changed, 9 insertions(+), 2 deletions(-) diff --git a/stable/influxdb/Chart.yaml b/stable/influxdb/Chart.yaml index 2412dc1c400d..0e86a17a950d 100755 --- a/stable/influxdb/Chart.yaml +++ b/stable/influxdb/Chart.yaml @@ -1,5 +1,5 @@ name: influxdb -version: 1.1.2 +version: 1.1.3 appVersion: 1.7.3 description: Scalable datastore for metrics, events, and real-time analytics. keywords: diff --git a/stable/influxdb/templates/config.yaml b/stable/influxdb/templates/config.yaml index 78ddef8df9dc..e997065e8545 100644 --- a/stable/influxdb/templates/config.yaml +++ b/stable/influxdb/templates/config.yaml @@ -154,4 +154,7 @@ data: enabled = {{ .Values.config.continuous_queries.enabled }} run-interval = "{{ .Values.config.continuous_queries.run_interval }}" - + [logging] + format = "{{ .Values.config.logging.format }}" + level = "{{ .Values.config.logging.level }}" + supress-logo = {{ .Values.config.logging.supress_logo }} diff --git a/stable/influxdb/values.yaml b/stable/influxdb/values.yaml index 32b625d74065..82d169ff3992 100644 --- a/stable/influxdb/values.yaml +++ b/stable/influxdb/values.yaml @@ -247,3 +247,7 @@ config: log_enabled: true enabled: true run_interval: 1s + logging: + format: auto + level: info + supress_logo: false From e86404038b82646f5b136a306296ca16297afe38 Mon Sep 17 00:00:00 2001 From: Johnny You Date: Wed, 27 Feb 2019 00:39:35 +0900 Subject: [PATCH 0313/1586] [stable/rabbitmq-ha] add readme about ingress (#11722) Signed-off-by: LittleWhiteYA --- stable/rabbitmq-ha/Chart.yaml | 2 +- stable/rabbitmq-ha/README.md | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/rabbitmq-ha/Chart.yaml b/stable/rabbitmq-ha/Chart.yaml index 8a6f8540b2ae..fcde0d358dee 100644 --- a/stable/rabbitmq-ha/Chart.yaml +++ b/stable/rabbitmq-ha/Chart.yaml @@ -1,7 +1,7 @@ name: rabbitmq-ha apiVersion: v1 appVersion: 3.7.8 -version: 1.20.0 +version: 1.20.1 description: Highly available RabbitMQ cluster, the open source message broker software that implements the Advanced Message Queuing Protocol (AMQP). keywords: diff --git a/stable/rabbitmq-ha/README.md b/stable/rabbitmq-ha/README.md index 013f7648e8a7..4118277f54cb 100644 --- a/stable/rabbitmq-ha/README.md +++ b/stable/rabbitmq-ha/README.md @@ -146,6 +146,12 @@ and their default values. | `service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | | `service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | | `service.type` | Type of service to create | `ClusterIP` | +| `ingress.enabled` | Enable Ingress | `false` | +| `ingress.path` | Ingress path | `/` | +| `ingress.hostName` | Ingress hostname | | +| `ingress.tls` | Enable Ingress TLS | `false` | +| `ingress.tlsSecret` | Ingress TLS secret name | `myTlsSecret` | +| `ingress.annotations` | Ingress annotations | `{}` | | `tolerations` | Toleration labels for pod assignment | `[]` | | `podAnnotations` | Extra annotations to add to pod | `{}` | | `terminationGracePeriodSeconds` | Duration pod needs to terminate gracefully | `10` | From efdf9fcf8e9b9a7f3408a0e02bcf6805f19bb36f Mon Sep 17 00:00:00 2001 From: Greg Hill Date: Tue, 26 Feb 2019 15:48:39 +0000 Subject: [PATCH 0314/1586] hoard symmetric & openpgp grant config (#11746) Signed-off-by: Gregory Hill --- stable/hoard/Chart.yaml | 4 ++-- stable/hoard/README.md | 18 +++++++++++++----- stable/hoard/templates/configmap.yaml | 20 +++++++++++++++++++- stable/hoard/templates/deployment.yaml | 20 +++++++++++++++----- stable/hoard/values.yaml | 11 +++++++++-- 5 files changed, 58 insertions(+), 15 deletions(-) diff --git a/stable/hoard/Chart.yaml b/stable/hoard/Chart.yaml index 86ae54f405d9..f962ed758062 100644 --- a/stable/hoard/Chart.yaml +++ b/stable/hoard/Chart.yaml @@ -1,6 +1,6 @@ name: hoard -version: 0.6.2 -appVersion: 2.0.0 +version: 0.6.5 +appVersion: 3.0.0 description: Hoard is a stateless, deterministically encrypted, content-addressed object store home: https://github.com/monax/hoard icon: https://pbs.twimg.com/profile_images/781959787856687105/76s1CJER_400x400.jpg diff --git a/stable/hoard/README.md b/stable/hoard/README.md index 6de4a2eea215..6bdde1bfa060 100644 --- a/stable/hoard/README.md +++ b/stable/hoard/README.md @@ -32,14 +32,14 @@ The following table lists the configurable parameters of the Hoard chart and its | --------- | ----------- | ------- | | `replicaCount` | number of daemons | `1` | | `image.repository` | docker image | `"quay.io/monax/hoard"` | -| `image.tag` | version | `"2.0.0"` | +| `image.tag` | version | `"3.0.0"` | | `image.pullPolicy` | pull policy | `"IfNotPresent"` | | `storage.type` | backend object store (aws, azure, filesystem, gcp, ipfs)| `"filesystem"` | | `storage.remote` | remote api location (ipfs only) | `""` | | `storage.region` | object store location (cloud only) | `""` | | `storage.bucket` | object storage container (cloud only) | `""` | | `storage.prefix` | bucket folder (cloud only) | `""` | -| `storage.credentialsSecret` | required secret for cloud providers | `""` | +| `storage.secret` | required secret for cloud providers | `""` | | `persistence.size` | size of local store | `"10Gi"` | | `persistence.storageClass` | pvc type | `"standard"` | | `persistence.accessMode` | pvc access | `"ReadWriteOnce"` | @@ -74,20 +74,28 @@ For each of the supported cloud back-ends, please ensure you have the appropriat ```bash kubectl create secret generic cloud-credentials --from-literal access-key-id=${AWS_ACCESS_KEY_ID} --from-literal secret-access-key=${AWS_SECRET_ACCESS_KEY} -helm install --name my-release stable/hoard --set storage.type=aws,storage.region="eu-central-1",storage.bucket="my-bucket",storage.prefix="folder",storage.credentialsSecret="cloud-credentials" +helm install --name my-release stable/hoard --set storage.type=aws,storage.region="eu-central-1",storage.bucket="my-bucket",storage.prefix="folder",storage.secret="cloud-credentials" ``` ### [Azure](https://docs.microsoft.com/en-us/azure/storage/common/storage-account-manage) ```bash kubectl create secret generic cloud-credentials --from-literal storage-account-name=${AZURE_STORAGE_ACCOUNT_NAME} --from-literal storage-account-key=${AZURE_STORAGE_ACCOUNT_KEY} -helm install --name my-release stable/hoard --set storage.type=azure,storage.bucket="my-bucket",storage.prefix="folder",storage.credentialsSecret="cloud-credentials" +helm install --name my-release stable/hoard --set storage.type=azure,storage.bucket="my-bucket",storage.prefix="folder",storage.secret="cloud-credentials" ``` ### [GCP](https://cloud.google.com/iam/docs/creating-managing-service-account-keys) ```bash kubectl create secret generic cloud-credentials --from-literal service-key=${GCLOUD_SERVICE_KEY} -helm install --name my-release stable/hoard --set storage.type=gcp,storage.bucket="my-bucket",storage.prefix="folder",storage.credentialsSecret="cloud-credentials" +helm install --name my-release stable/hoard --set storage.type=gcp,storage.bucket="my-bucket",storage.prefix="folder",storage.secret="cloud-credentials" ``` +## OpenPGP Grants + +Once configured, hoard can share access to a secret file by encrypting it with the public key of the recipient: + +``` +kubectl create secret generic private-keyring --from-file ${GOPATH}/src/github.com/monax/hoard/grant/private.key.asc +helm install --name my-release stable/hoard --set openpgp.id="10449759736975846181",openpgp.secret=private-keyring +``` \ No newline at end of file diff --git a/stable/hoard/templates/configmap.yaml b/stable/hoard/templates/configmap.yaml index 75616546f103..ea8b01b0553c 100644 --- a/stable/hoard/templates/configmap.yaml +++ b/stable/hoard/templates/configmap.yaml @@ -22,4 +22,22 @@ data: [Logging] LoggingType = "{{ .Values.logging.type }}" - Channels = [{{- range .Values.logging.channels }}{{ . | quote }},{{- end }}] \ No newline at end of file + Channels = [{{- range .Values.logging.channels }}{{ . | quote }},{{- end }}] + +{{- if .Values.openpgp }} + + [Secrets.OpenPGP] + ID = "{{ .Values.openpgp.id }}" + File = "/secrets/keyring" + +{{- end }} + +{{- range $key, $val := .Values.secrets }} + + [[Secrets.Symmetric]] + ID = {{ $key | quote }} + Passphrase = {{ $val | quote }} + +{{- end }} + + diff --git a/stable/hoard/templates/deployment.yaml b/stable/hoard/templates/deployment.yaml index 87ae79e4cc96..2206b04d2fe1 100644 --- a/stable/hoard/templates/deployment.yaml +++ b/stable/hoard/templates/deployment.yaml @@ -30,6 +30,11 @@ spec: {{- if eq .Values.storage.type "filesystem" }} - mountPath: /data name: data-dir +{{- end }} +{{- if .Values.openpgp }} + - mountPath: /secrets + subPath: keyring + name: key-ring {{- end }} ports: - containerPort: {{ .Values.service.port }} @@ -39,31 +44,31 @@ spec: - name: AWS_ACCESS_KEY_ID valueFrom: secretKeyRef: - name: {{ required "A valid storage credential is required." .Values.storage.credentialsSecret }} + name: {{ required "A valid storage credential is required." .Values.storage.secret }} key: access-key-id - name: AWS_SECRET_ACCESS_KEY valueFrom: secretKeyRef: - name: {{ required "A valid storage credential is required." .Values.storage.credentialsSecret }} + name: {{ required "A valid storage credential is required." .Values.storage.secret }} key: secret-access-key {{- end }} {{- if eq .Values.storage.type "azure" }} - name: AZURE_STORAGE_ACCOUNT_NAME valueFrom: secretKeyRef: - name: {{ required "A valid storage credential is required." .Values.storage.credentialsSecret }} + name: {{ required "A valid storage credential is required." .Values.storage.secret }} key: storage-account-name - name: AZURE_STORAGE_ACCOUNT_KEY valueFrom: secretKeyRef: - name: {{ required "A valid storage credential is required." .Values.storage.credentialsSecret }} + name: {{ required "A valid storage credential is required." .Values.storage.secret }} key: storage-account-key {{- end }} {{- if eq .Values.storage.type "gcp" }} - name: GCLOUD_SERVICE_KEY valueFrom: secretKeyRef: - name: {{ required "A valid storage credential is required." .Values.storage.credentialsSecret }} + name: {{ required "A valid storage credential is required." .Values.storage.secret }} key: service-key {{- end }} livenessProbe: @@ -85,6 +90,11 @@ spec: persistentVolumeClaim: claimName: {{ template "hoard.fullname" $ }} {{- end }} +{{- if .Values.openpgp }} + - name: key-ring + secret: + secretName: {{ required "A valid keyring is required." .Values.openpgp.secret }} +{{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} diff --git a/stable/hoard/values.yaml b/stable/hoard/values.yaml index 48f131ac6012..d902619efaba 100644 --- a/stable/hoard/values.yaml +++ b/stable/hoard/values.yaml @@ -2,7 +2,7 @@ replicaCount: 1 image: repository: quay.io/monax/hoard - tag: 2.0.0 + tag: 3.0.0 pullPolicy: IfNotPresent storage: @@ -12,7 +12,7 @@ storage: bucket: "" prefix: "" region: "" - credentialsSecret: "" + secret: "" encoding: base64 logging: @@ -30,6 +30,13 @@ persistence: annotations: "helm.sh/resource-policy": keep +# openpgp: +# id: "10449759736975846181" +# secret: "private-keyring" +# secrets: +# key1: passphrase1 +# key2: passphrase2 + service: type: ClusterIP port: 53431 From e35c068431bb0a65acc8eef48c6eb7f4c5625c9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 26 Feb 2019 17:54:48 +0100 Subject: [PATCH 0315/1586] [stable/odoo] Update postgresql as dependency (#11748) Signed-off-by: Carlos Rodriguez Hernandez --- stable/odoo/Chart.yaml | 2 +- stable/odoo/requirements.lock | 6 +++--- stable/odoo/requirements.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/odoo/Chart.yaml b/stable/odoo/Chart.yaml index ff77f9592923..d2d3c59dd9ad 100644 --- a/stable/odoo/Chart.yaml +++ b/stable/odoo/Chart.yaml @@ -1,5 +1,5 @@ name: odoo -version: 5.0.5 +version: 6.0.0 appVersion: 11.0.20190215 description: A suite of web based open source business apps. home: https://www.odoo.com/ diff --git a/stable/odoo/requirements.lock b/stable/odoo/requirements.lock index 78864c2403c8..f73a50c7d29e 100644 --- a/stable/odoo/requirements.lock +++ b/stable/odoo/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: postgresql repository: https://kubernetes-charts.storage.googleapis.com/ - version: 2.7.10 -digest: sha256:972c7085960fbe4a3f530f726f5a1cc6fe038f0ab84df632f6427c3a49f3f366 -generated: 2018-12-17T05:16:55.480186185Z + version: 3.11.6 +digest: sha256:454baf77387930526a6d42f7682836637450a33676e30723dfb544e8efb78851 +generated: 2019-02-26T16:36:39.678047061Z diff --git a/stable/odoo/requirements.yaml b/stable/odoo/requirements.yaml index 8b19b44566f9..d3f45cf507cd 100644 --- a/stable/odoo/requirements.yaml +++ b/stable/odoo/requirements.yaml @@ -1,4 +1,4 @@ dependencies: - name: postgresql - version: 2.x.x + version: 3.x.x repository: https://kubernetes-charts.storage.googleapis.com/ From 06530e5b9b0da3a6a0a36ab0efe1ef0b5a21a4ea Mon Sep 17 00:00:00 2001 From: "Sasha (Alejandro Vicente Grabovetsky)" Date: Tue, 26 Feb 2019 19:11:18 +0200 Subject: [PATCH 0316/1586] [HLF-Peer] Update Peer address to allow correct functioning on Minikube (#11743) Signed-off-by: Alejandro Vicente Grabovetsky --- stable/hlf-peer/Chart.yaml | 2 +- stable/hlf-peer/templates/configmap--peer.yaml | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/hlf-peer/Chart.yaml b/stable/hlf-peer/Chart.yaml index 984582a6a724..79ffa8b50c95 100644 --- a/stable/hlf-peer/Chart.yaml +++ b/stable/hlf-peer/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Hyperledger Fabric Peer chart (these charts are created by AID:Tech and are currently not directly associated with the Hyperledger project) name: hlf-peer -version: 1.2.4 +version: 1.2.6 appVersion: 1.3.0 keywords: - blockchain diff --git a/stable/hlf-peer/templates/configmap--peer.yaml b/stable/hlf-peer/templates/configmap--peer.yaml index 652ba5d5969d..172d7d859941 100644 --- a/stable/hlf-peer/templates/configmap--peer.yaml +++ b/stable/hlf-peer/templates/configmap--peer.yaml @@ -6,12 +6,13 @@ metadata: {{ include "labels.standard" . | indent 4 }} data: CORE_PEER_ADDRESSAUTODETECT: "true" + CORE_PEER_ID: {{ .Release.Name }} CORE_PEER_NETWORKID: nid1 # If we have an ingress, we set hostname to it {{- if .Values.ingress.enabled }} CORE_PEER_ADDRESS: {{ index .Values.ingress.hosts 0 }}:443 {{- else }} - CORE_PEER_ADDRESS: {{ include "hlf-peer.fullname" . }}:7051 + # Otherwise we use CORE_PEER_ADDRESSAUTODETECT to auto-detect its address {{- end }} CORE_PEER_LISTENADDRESS: 0.0.0.0:7051 CORE_PEER_EVENTS_ADDRESS: 0.0.0.0:7053 From 8831fb5cf75498a27e42fcc0a71ed7910f5d319b Mon Sep 17 00:00:00 2001 From: "Sasha (Alejandro Vicente Grabovetsky)" Date: Tue, 26 Feb 2019 19:11:29 +0200 Subject: [PATCH 0317/1586] [HLF-CA] Update CA address to allow correct functioning on Minikube (#11744) Signed-off-by: Alejandro Vicente Grabovetsky --- stable/hlf-ca/Chart.yaml | 2 +- stable/hlf-ca/templates/configmap--ca.yaml | 2 +- stable/hlf-ca/templates/deployment.yaml | 4 ++++ stable/hlf-ca/tests/README.md | 4 +--- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/stable/hlf-ca/Chart.yaml b/stable/hlf-ca/Chart.yaml index 4e280e7f5b4b..78ab43d3018b 100644 --- a/stable/hlf-ca/Chart.yaml +++ b/stable/hlf-ca/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Hyperledger Fabric Certificate Authority chart (these charts are created by AID:Tech and are currently not directly associated with the Hyperledger project) name: hlf-ca -version: 1.1.4 +version: 1.1.6 appVersion: 1.3.0 keywords: - blockchain diff --git a/stable/hlf-ca/templates/configmap--ca.yaml b/stable/hlf-ca/templates/configmap--ca.yaml index 340e6aae68fa..94793fa9a5f0 100644 --- a/stable/hlf-ca/templates/configmap--ca.yaml +++ b/stable/hlf-ca/templates/configmap--ca.yaml @@ -8,4 +8,4 @@ data: GODEBUG: "netdns=go" FABRIC_CA_HOME: /var/hyperledger/fabric-ca FABRIC_CA_SERVER_CA_NAME: {{ .Values.caName | quote }} - SERVICE_DNS: {{ include "hlf-ca.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local + SERVICE_DNS: 0.0.0.0 # Point to itself diff --git a/stable/hlf-ca/templates/deployment.yaml b/stable/hlf-ca/templates/deployment.yaml index 6d2998276d91..ea9a81847e75 100644 --- a/stable/hlf-ca/templates/deployment.yaml +++ b/stable/hlf-ca/templates/deployment.yaml @@ -10,6 +10,10 @@ spec: matchLabels: app: {{ include "hlf-ca.name" . }} release: {{ .Release.Name }} + # Ensure we allow our pod to be unavailable, so we can upgrade + strategy: + rollingUpdate: + maxUnavailable: 1 template: metadata: labels: diff --git a/stable/hlf-ca/tests/README.md b/stable/hlf-ca/tests/README.md index 4617812d1a44..84753c85d7a5 100644 --- a/stable/hlf-ca/tests/README.md +++ b/stable/hlf-ca/tests/README.md @@ -10,9 +10,7 @@ Commands should be run from the root folder of the repository. Due to presence of dependencies, please run inside the chart dir: -``` -helm dependency update -``` + helm dependency update ### Install From 6cea8f2cea99ae2fba0996662d2fe8e8482d3f90 Mon Sep 17 00:00:00 2001 From: "Sasha (Alejandro Vicente Grabovetsky)" Date: Tue, 26 Feb 2019 19:11:39 +0200 Subject: [PATCH 0318/1586] [HLF-CouchDB] Update Rolling update strategy to allow correct updating (#11745) Signed-off-by: Alejandro Vicente Grabovetsky --- stable/hlf-couchdb/Chart.yaml | 4 ++-- stable/hlf-couchdb/templates/deployment.yaml | 4 ++++ stable/hlf-couchdb/values.yaml | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/stable/hlf-couchdb/Chart.yaml b/stable/hlf-couchdb/Chart.yaml index 2fdabe95a574..bbff40a85502 100644 --- a/stable/hlf-couchdb/Chart.yaml +++ b/stable/hlf-couchdb/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: CouchDB instance for Hyperledger Fabric (these charts are created by AID:Tech and are currently not directly associated with the Hyperledger project) name: hlf-couchdb -version: 1.0.5 -appVersion: 0.4.9 +version: 1.0.6 +appVersion: 0.4.10 keywords: - blockchain - hyperledger diff --git a/stable/hlf-couchdb/templates/deployment.yaml b/stable/hlf-couchdb/templates/deployment.yaml index e2c01961b24e..3fd0019ff1ef 100644 --- a/stable/hlf-couchdb/templates/deployment.yaml +++ b/stable/hlf-couchdb/templates/deployment.yaml @@ -10,6 +10,10 @@ spec: matchLabels: app: {{ include "hlf-couchdb.name" . }} release: {{ .Release.Name }} + # Ensure we allow our pod to be unavailable, so we can upgrade + strategy: + rollingUpdate: + maxUnavailable: 1 template: metadata: labels: diff --git a/stable/hlf-couchdb/values.yaml b/stable/hlf-couchdb/values.yaml index 992db7de18d9..0df6410ca0b5 100644 --- a/stable/hlf-couchdb/values.yaml +++ b/stable/hlf-couchdb/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 image: repository: hyperledger/fabric-couchdb - tag: 0.4.9 + tag: 0.4.10 pullPolicy: IfNotPresent service: From d5d1fbe5366c86ca18db53c6857c787c4658069c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Tue, 26 Feb 2019 18:22:42 +0100 Subject: [PATCH 0319/1586] [stable/redmine] Update postgresql as dependency (#11749) Signed-off-by: Carlos Rodriguez Hernandez --- stable/redmine/Chart.yaml | 2 +- stable/redmine/requirements.lock | 8 ++++---- stable/redmine/requirements.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/redmine/Chart.yaml b/stable/redmine/Chart.yaml index abaa52a335f7..ad2ec3e47403 100644 --- a/stable/redmine/Chart.yaml +++ b/stable/redmine/Chart.yaml @@ -1,5 +1,5 @@ name: redmine -version: 8.0.4 +version: 9.0.0 appVersion: 4.0.2 description: A flexible project management web application. keywords: diff --git a/stable/redmine/requirements.lock b/stable/redmine/requirements.lock index dd72317e0038..71f801834ff6 100644 --- a/stable/redmine/requirements.lock +++ b/stable/redmine/requirements.lock @@ -1,9 +1,9 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 5.2.4 + version: 5.5.3 - name: postgresql repository: https://kubernetes-charts.storage.googleapis.com/ - version: 2.7.10 -digest: sha256:0634de3cb0459ae2959df51ccac306fff4ae4618410bf6fae996ab085dbad62f -generated: 2018-12-19T08:53:19.871425097Z + version: 3.11.6 +digest: sha256:19ad4a1dfc87350474e1cff5293e0e613ebe7378ee9e530423a04fb8be5bf186 +generated: 2019-02-26T16:39:44.746904219Z diff --git a/stable/redmine/requirements.yaml b/stable/redmine/requirements.yaml index 23f9773609c9..7253b277f333 100644 --- a/stable/redmine/requirements.yaml +++ b/stable/redmine/requirements.yaml @@ -4,6 +4,6 @@ dependencies: repository: https://kubernetes-charts.storage.googleapis.com/ condition: databaseType.mariadb - name: postgresql - version: 2.x.x + version: 3.x.x repository: https://kubernetes-charts.storage.googleapis.com/ condition: databaseType.postgresql From 33d98eaa3e944ff8bb25b9912ad152178c274a56 Mon Sep 17 00:00:00 2001 From: kfox1111 Date: Tue, 26 Feb 2019 09:37:20 -0800 Subject: [PATCH 0320/1586] Add kube-mgmt to OPA (#10860) * Initial attempt at adding kube-mgmt to the chart Signed-off-by: Kevin Fox * Updated to add auth/imagePullPolicy/rbac Signed-off-by: Kevin Fox * Fix linting issues Signed-off-by: Kevin Fox * Update kube-mgmt image to 0.8. Signed-off-by: Kevin Fox * Add the ability to turn off authz Signed-off-by: Kevin Fox * Add note about authz. Signed-off-by: Kevin Fox * Add in fixes from tsandall Signed-off-by: Kevin Fox --- stable/opa/Chart.yaml | 4 +- stable/opa/templates/NOTES.txt | 20 +++--- stable/opa/templates/_helpers.tpl | 5 ++ stable/opa/templates/deployment.yaml | 68 +++++++++++++++++++ stable/opa/templates/mgmt-clusterrole.yaml | 14 ++++ .../templates/mgmt-clusterrolebinding.yaml | 20 ++++++ stable/opa/values.yaml | 41 ++++++++++- 7 files changed, 160 insertions(+), 12 deletions(-) create mode 100644 stable/opa/templates/mgmt-clusterrole.yaml create mode 100644 stable/opa/templates/mgmt-clusterrolebinding.yaml diff --git a/stable/opa/Chart.yaml b/stable/opa/Chart.yaml index 0d451dc83230..254b32c55aab 100644 --- a/stable/opa/Chart.yaml +++ b/stable/opa/Chart.yaml @@ -1,12 +1,12 @@ apiVersion: v1 -appVersion: 0.10.1 +appVersion: 0.10.2 description: Open source, general-purpose policy engine. Enforce fine-grained invariants over arbitrary Kubernetes resources. name: opa keywords: - opa - admission control - policy -version: 0.2.0 +version: 0.3.0 home: https://www.openpolicyagent.org icon: https://raw.githubusercontent.com/open-policy-agent/opa/master/logo/logo.png sources: diff --git a/stable/opa/templates/NOTES.txt b/stable/opa/templates/NOTES.txt index 1264bb6da2c8..c3a596db5355 100644 --- a/stable/opa/templates/NOTES.txt +++ b/stable/opa/templates/NOTES.txt @@ -2,14 +2,6 @@ Please wait while the OPA is deployed on your cluster. For example policies that you can enforce with OPA see https://www.openpolicyagent.org. -You can query OPA to see the policies it has loaded: - -export OPA_POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "opa.fullname" . }}" -o jsonpath="{.items[0].metadata.name}") - -kubectl port-forward $OPA_POD_NAME 8080:443 - -curl -k -s https://localhost:8080/v1/policies | jq -r '.result[].raw' - If you installed this chart with the default values, you can exercise the sample policy. # 1. Create a namespace called "opa-example" @@ -53,3 +45,15 @@ spec: EOF kubectl -n opa-example create -f ingress-bad.yaml + +If you want to turn off authz for debugging purposes, you can do so by upgrading the chart like so: +helm upgrade {{ .Release.Name }} stable/opa --reuse-values --set authz.enabled=false + +You can query OPA to see the policies it has loaded (you will need to turn off authz as described above): + +export OPA_POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "opa.fullname" . }}" -o jsonpath="{.items[0].metadata.name}") + +kubectl port-forward $OPA_POD_NAME 8080:443 + +curl -k -s https://localhost:8080/v1/policies | jq -r '.result[].raw' + diff --git a/stable/opa/templates/_helpers.tpl b/stable/opa/templates/_helpers.tpl index 99cdea89e482..69b91ba71bff 100644 --- a/stable/opa/templates/_helpers.tpl +++ b/stable/opa/templates/_helpers.tpl @@ -29,6 +29,11 @@ If release name contains chart name it will be used as a full name. {{- printf "%s-sar" $name -}} {{- end -}} +{{- define "opa.mgmtfullname" -}} +{{- $name := (include "opa.fullname" . | trunc 58 | trimSuffix "-") -}} +{{- printf "%s-mgmt" $name -}} +{{- end -}} + {{/* Create chart name and version as used by the chart label. */}} diff --git a/stable/opa/templates/deployment.yaml b/stable/opa/templates/deployment.yaml index 7bea7c6c39ab..940f3736d1e6 100644 --- a/stable/opa/templates/deployment.yaml +++ b/stable/opa/templates/deployment.yaml @@ -15,9 +15,32 @@ spec: app: {{ template "opa.fullname" . }} name: {{ template "opa.fullname" . }} spec: +{{- if .Values.authz.enabled }} + initContainers: + - name: initpolicy + image: {{ .Values.mgmt.image }}:{{ .Values.mgmt.imageTag }} + imagePullPolicy: {{ .Values.mgmt.imagePullPolicy }} + command: + - /bin/sh + - -c + - | + tr -dc 'A-F0-9' < /dev/urandom | dd bs=1 count=32 2>/dev/null > /authz/mgmt-token + TOKEN=`cat /authz/mgmt-token` + cat > /authz/authz.rego < Date: Tue, 26 Feb 2019 18:54:21 +0100 Subject: [PATCH 0321/1586] [incubator/sparkoperator] Use webhook port from values in svc (#11752) Signed-off-by: Grzegorz Lyczba --- incubator/sparkoperator/Chart.yaml | 2 +- incubator/sparkoperator/templates/webhook-service.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/incubator/sparkoperator/Chart.yaml b/incubator/sparkoperator/Chart.yaml index 289f036b0228..d07d859beaf5 100644 --- a/incubator/sparkoperator/Chart.yaml +++ b/incubator/sparkoperator/Chart.yaml @@ -1,6 +1,6 @@ name: sparkoperator description: A Helm chart for Spark on Kubernetes operator -version: 0.1.9 +version: 0.1.10 appVersion: v1beta1-0.7-2.4.0 kubeVersion: ">=1.8.0-0" keywords: diff --git a/incubator/sparkoperator/templates/webhook-service.yaml b/incubator/sparkoperator/templates/webhook-service.yaml index 42c5bc62e112..2237ff6a7352 100644 --- a/incubator/sparkoperator/templates/webhook-service.yaml +++ b/incubator/sparkoperator/templates/webhook-service.yaml @@ -11,7 +11,7 @@ metadata: spec: ports: - port: 443 - targetPort: 8080 + targetPort: {{ .Values.webhookPort }} name: webhook selector: app.kubernetes.io/name: {{ include "sparkoperator.name" . }} From 3a09161982aadaade44b641023414675078497af Mon Sep 17 00:00:00 2001 From: Prateek Pandey Date: Tue, 26 Feb 2019 23:52:36 +0530 Subject: [PATCH 0322/1586] [stable/openebs]: update NDM image tag to 0.3.1 (#11754) - Updated Chart.yaml - Updated README - Updated values.yaml Signed-off-by: prateekpandey14 --- stable/openebs/Chart.yaml | 2 +- stable/openebs/README.md | 2 +- stable/openebs/values.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/openebs/Chart.yaml b/stable/openebs/Chart.yaml index 9b08797ad5a2..7aa9d56004fe 100644 --- a/stable/openebs/Chart.yaml +++ b/stable/openebs/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v1 -version: 0.8.2 +version: 0.8.3 name: openebs appVersion: 0.8.1 description: Containerized Storage for Containers diff --git a/stable/openebs/README.md b/stable/openebs/README.md index 61bc7ad91b0e..de9617c62b5c 100644 --- a/stable/openebs/README.md +++ b/stable/openebs/README.md @@ -51,7 +51,7 @@ The following table lists the configurable parameters of the OpenEBS chart and t | `snapshotOperator.controller.imageTag` | Image Tag for Snapshot Controller | `0.8.1` | | `snapshotOperator.replicas` | Number of Snapshot Operator Replicas | `1` | | `ndm.image` | Image for Node Disk Manager | `quay.io/openebs/openebs/node-disk-manager-amd64` | -| `ndm.imageTag` | Image Tag for Node Disk Manager | `v0.3.0` | +| `ndm.imageTag` | Image Tag for Node Disk Manager | `v0.3.1` | | `ndm.sparse.enabled` | Create Sparse files and cStor Sparse Pool | `true` | | `ndm.sparse.path` | Directory where Sparse files are created | `/var/openebs/sparse` | | `ndm.sparse.size` | Size of the sparse file in bytes | `10737418240` | diff --git a/stable/openebs/values.yaml b/stable/openebs/values.yaml index 6b1e16964ac2..85e88f08ffd7 100644 --- a/stable/openebs/values.yaml +++ b/stable/openebs/values.yaml @@ -56,7 +56,7 @@ snapshotOperator: ndm: image: "quay.io/openebs/node-disk-manager-amd64" - imageTag: "v0.3.0" + imageTag: "v0.3.1" sparse: enabled: "true" path: "/var/openebs/sparse" From 6c75d84e7309d604604257a320638ed8cf8d4be6 Mon Sep 17 00:00:00 2001 From: Jeff Bachtel Date: Tue, 26 Feb 2019 16:16:29 -0500 Subject: [PATCH 0323/1586] Update to latest opa image release (#11756) Signed-off-by: Jeff Bachtel --- stable/opa/Chart.yaml | 2 +- stable/opa/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/opa/Chart.yaml b/stable/opa/Chart.yaml index 254b32c55aab..bfe6e126b8a2 100644 --- a/stable/opa/Chart.yaml +++ b/stable/opa/Chart.yaml @@ -6,7 +6,7 @@ keywords: - opa - admission control - policy -version: 0.3.0 +version: 0.4.0 home: https://www.openpolicyagent.org icon: https://raw.githubusercontent.com/open-policy-agent/opa/master/logo/logo.png sources: diff --git a/stable/opa/values.yaml b/stable/opa/values.yaml index ad8219726db7..0ab76dea976c 100644 --- a/stable/opa/values.yaml +++ b/stable/opa/values.yaml @@ -51,7 +51,7 @@ authz: # Docker image and tag to deploy. image: openpolicyagent/opa -imageTag: 0.10.4 +imageTag: 0.10.5 imagePullPolicy: IfNotPresent mgmt: From 71530eb172393a66bc5079d393fc081bf2eb62c7 Mon Sep 17 00:00:00 2001 From: Ryan Greget Date: Tue, 26 Feb 2019 16:47:58 -0700 Subject: [PATCH 0324/1586] Airflow role fix (#11762) * Update to stable/airflow role.yaml to grant permissions needed for airflow xcom_push to stream out of the sidecar. Signed-off-by: Ryan Greget * Version bump. Signed-off-by: Ryan Greget --- stable/airflow/Chart.yaml | 2 +- stable/airflow/templates/role.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index b769e17fb116..bfa6b9ec5fc4 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,6 +1,6 @@ description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 2.0.1 +version: 2.0.2 appVersion: 1.10.0 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/templates/role.yaml b/stable/airflow/templates/role.yaml index d049c1f922b2..a1b671467799 100644 --- a/stable/airflow/templates/role.yaml +++ b/stable/airflow/templates/role.yaml @@ -17,4 +17,8 @@ rules: resources: - "pods/log" verbs: ["get", "list"] +- apiGroups: [""] + resources: + - "pods/exec" + verbs: ["create", "get"] {{ end }} \ No newline at end of file From f5b7f44e3d7a998b754274cb87eeba93e9f37985 Mon Sep 17 00:00:00 2001 From: Jeff Bachtel Date: Tue, 26 Feb 2019 19:05:27 -0500 Subject: [PATCH 0325/1586] Set readOnly on consuming containers for authz/n (#11759) Signed-off-by: Jeff Bachtel --- stable/opa/Chart.yaml | 2 +- stable/opa/templates/deployment.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/opa/Chart.yaml b/stable/opa/Chart.yaml index bfe6e126b8a2..f6de0e21cf82 100644 --- a/stable/opa/Chart.yaml +++ b/stable/opa/Chart.yaml @@ -6,7 +6,7 @@ keywords: - opa - admission control - policy -version: 0.4.0 +version: 0.5.0 home: https://www.openpolicyagent.org icon: https://raw.githubusercontent.com/open-policy-agent/opa/master/logo/logo.png sources: diff --git a/stable/opa/templates/deployment.yaml b/stable/opa/templates/deployment.yaml index 940f3736d1e6..f4929e29bad5 100644 --- a/stable/opa/templates/deployment.yaml +++ b/stable/opa/templates/deployment.yaml @@ -66,6 +66,7 @@ spec: mountPath: /config {{- if .Values.authz.enabled }} - name: authz + readOnly: true mountPath: /authz {{- end }} {{- if .Values.mgmt.enabled }} @@ -92,6 +93,7 @@ spec: {{- if .Values.authz.enabled }} volumeMounts: - name: authz + readOnly: true mountPath: /authz {{- end }} {{- end }} From bb384f61b34db95171bc2e9a6eabb2cbbd70fd44 Mon Sep 17 00:00:00 2001 From: Heiko Nickerl Date: Wed, 27 Feb 2019 02:18:39 +0100 Subject: [PATCH 0326/1586] [stable/minio] Make pod annotations configurable (#11588) Signed-off-by: Heiko Nickerl --- stable/minio/Chart.yaml | 2 +- stable/minio/README.md | 1 + stable/minio/templates/deployment.yaml | 4 ++++ stable/minio/templates/statefulset.yaml | 4 ++++ stable/minio/values.yaml | 3 +++ 5 files changed, 13 insertions(+), 1 deletion(-) diff --git a/stable/minio/Chart.yaml b/stable/minio/Chart.yaml index c9a91c14ebb8..aefd56291a59 100755 --- a/stable/minio/Chart.yaml +++ b/stable/minio/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Minio is a high performance distributed object storage server, designed for large-scale private cloud infrastructure. name: minio -version: 2.4.5 +version: 2.4.6 appVersion: RELEASE.2019-02-12T21-58-47Z keywords: - storage diff --git a/stable/minio/README.md b/stable/minio/README.md index 271f7996a6da..1b101647798b 100755 --- a/stable/minio/README.md +++ b/stable/minio/README.md @@ -126,6 +126,7 @@ The following table lists the configurable parameters of the Minio chart and the | `nodeSelector` | Node labels for pod assignment | `{}` | | `affinity` | Affinity settings for pod assignment | `{}` | | `tolerations` | Toleration labels for pod assignment | `[]` | +| `podAnnotations` | Pod annotations | `{}` | | `tls.enabled` | Enable TLS for Minio server | `false` | | `tls.certSecret` | Kubernetes Secret with `public.crt` and `private.key` files. | `""` | | `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `5` | diff --git a/stable/minio/templates/deployment.yaml b/stable/minio/templates/deployment.yaml index 6f72676eb8f7..af335b2debdd 100644 --- a/stable/minio/templates/deployment.yaml +++ b/stable/minio/templates/deployment.yaml @@ -39,6 +39,10 @@ spec: labels: app: {{ template "minio.name" . }} release: {{ .Release.Name }} + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} spec: {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" diff --git a/stable/minio/templates/statefulset.yaml b/stable/minio/templates/statefulset.yaml index 2c0d01790532..447b671db36d 100644 --- a/stable/minio/templates/statefulset.yaml +++ b/stable/minio/templates/statefulset.yaml @@ -24,6 +24,10 @@ spec: labels: app: {{ template "minio.name" . }} release: {{ .Release.Name }} + {{- if .Values.podAnnotations }} + annotations: +{{ toYaml .Values.podAnnotations | indent 8 }} + {{- end }} spec: {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" diff --git a/stable/minio/values.yaml b/stable/minio/values.yaml index 41a42eedc59f..488569cbe62f 100755 --- a/stable/minio/values.yaml +++ b/stable/minio/values.yaml @@ -123,6 +123,9 @@ nodeSelector: {} tolerations: [] affinity: {} +# Additational pod annotations +podAnnotations: {} + ## Liveness and Readiness probe values. ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/ livenessProbe: From 872c10b47037cd2a39f9c63f8385974bb749e812 Mon Sep 17 00:00:00 2001 From: Ismail Alidzhikov Date: Wed, 27 Feb 2019 05:49:42 +0200 Subject: [PATCH 0327/1586] [stable/filebeat] Update filebeat to 6.6.1 (#11666) Signed-off-by: ialidzhikov --- stable/filebeat/Chart.yaml | 4 ++-- stable/filebeat/README.md | 2 +- stable/filebeat/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/filebeat/Chart.yaml b/stable/filebeat/Chart.yaml index 8ce01f4c549c..d22766366c72 100644 --- a/stable/filebeat/Chart.yaml +++ b/stable/filebeat/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v1 description: A Helm chart to collect Kubernetes logs with filebeat icon: https://www.elastic.co/assets/blt47799dcdcf08438d/logo-elastic-beats-lt.svg name: filebeat -version: 1.4.0 -appVersion: 6.6.0 +version: 1.4.1 +appVersion: 6.6.1 home: https://www.elastic.co/products/beats/filebeat sources: - https://www.elastic.co/guide/en/beats/filebeat/current/index.html diff --git a/stable/filebeat/README.md b/stable/filebeat/README.md index caa61f37c243..184eecbce5f5 100644 --- a/stable/filebeat/README.md +++ b/stable/filebeat/README.md @@ -25,7 +25,7 @@ The following table lists the configurable parameters of the filebeat chart and | Parameter | Description | Default | | -------------------------------------------------------- | -------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | | `image.repository` | Docker image repo | `docker.elastic.co/beats/filebeat-oss` | -| `image.tag` | Docker image tag | `6.6.0` | +| `image.tag` | Docker image tag | `6.6.1` | | `image.pullPolicy` | Docker image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `nil` | | `config.filebeat.config.prospectors.path` | Mounted `filebeat-prospectors` configmap | `${path.config}/prospectors.d/*.yml` | diff --git a/stable/filebeat/values.yaml b/stable/filebeat/values.yaml index 5d8606c2b177..0993388ef92f 100644 --- a/stable/filebeat/values.yaml +++ b/stable/filebeat/values.yaml @@ -1,6 +1,6 @@ image: repository: docker.elastic.co/beats/filebeat-oss - tag: 6.6.0 + tag: 6.6.1 pullPolicy: IfNotPresent config: From 20bfe4ef58a856f74f6ba92a6c946812fddda6b4 Mon Sep 17 00:00:00 2001 From: Matthew Fisher Date: Tue, 26 Feb 2019 23:08:22 -0800 Subject: [PATCH 0328/1586] fix DCO link (#11765) Signed-off-by: Matthew Fisher --- .github/PULL_REQUEST_TEMPLATE.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md index a728453a0a61..8cfb0e58be71 100644 --- a/.github/PULL_REQUEST_TEMPLATE.md +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -35,6 +35,6 @@ even continue reviewing your changes. #### Checklist [Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.] -- [ ] [DCO](https://www.helm.sh/blog/helm-dco/index.html) signed +- [ ] [DCO](https://github.com/helm/charts/blob/master/CONTRIBUTING.md#sign-your-work) signed - [ ] Chart Version bumped - [ ] Variables are documented in the README.md From a1ba46424f6f221bf5dca26300140b56f801b8e6 Mon Sep 17 00:00:00 2001 From: Tim Head Date: Wed, 27 Feb 2019 11:15:39 +0100 Subject: [PATCH 0329/1586] Add security context config to logstash chart (#11498) Signed-off-by: Tim Head --- stable/logstash/Chart.yaml | 2 +- stable/logstash/README.md | 2 ++ stable/logstash/templates/statefulset.yaml | 4 ++-- stable/logstash/values.yaml | 4 ++++ 4 files changed, 9 insertions(+), 3 deletions(-) diff --git a/stable/logstash/Chart.yaml b/stable/logstash/Chart.yaml index 017461ebc51e..70694924e8d8 100644 --- a/stable/logstash/Chart.yaml +++ b/stable/logstash/Chart.yaml @@ -3,7 +3,7 @@ description: Logstash is an open source, server-side data processing pipeline icon: https://www.elastic.co/assets/blt86e4472872eed314/logo-elastic-logstash-lt.svg home: https://www.elastic.co/products/logstash name: logstash -version: 1.5.0 +version: 1.5.1 appVersion: 6.6.0 sources: - https://www.docker.elastic.co diff --git a/stable/logstash/README.md b/stable/logstash/README.md index e1a00cf7c5d0..ba04e336bd02 100644 --- a/stable/logstash/README.md +++ b/stable/logstash/README.md @@ -115,3 +115,5 @@ The following table lists the configurable parameters of the chart and its defau | `inputs` | Logstash inputs configuration | beats | | `filters` | Logstash filters configuration | `nil` | | `outputs` | Logstash outputs configuration | elasticsearch | +| `securityContext.fsGroup` | Group ID for the container | `1000` | +| `securityContext.runAsUser` | User ID for the container | `1000` | diff --git a/stable/logstash/templates/statefulset.yaml b/stable/logstash/templates/statefulset.yaml index 7008286ae539..5f2c389b1850 100644 --- a/stable/logstash/templates/statefulset.yaml +++ b/stable/logstash/templates/statefulset.yaml @@ -39,8 +39,8 @@ spec: priorityClassName: "{{ .Values.priorityClassName }}" {{- end }} securityContext: - runAsUser: 1000 - fsGroup: 1000 + runAsUser: {{ .Values.securityContext.runAsUser }} + fsGroup: {{ .Values.securityContext.fsGroup }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{ toYaml .Values.image.pullSecrets | indent 8 }} diff --git a/stable/logstash/values.yaml b/stable/logstash/values.yaml index 380041ab0d72..d0bb6dc2708b 100644 --- a/stable/logstash/values.yaml +++ b/stable/logstash/values.yaml @@ -90,6 +90,10 @@ nodeSelector: {} tolerations: [] +securityContext: + fsGroup: 1000 + runAsUser: 1000 + affinity: {} # podAntiAffinity: # requiredDuringSchedulingIgnoredDuringExecution: From bb0fb8eb01cb8358c516b1b73db3db637597bb75 Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Wed, 27 Feb 2019 11:42:21 +0100 Subject: [PATCH 0330/1586] [stable/mongodb] Fix Readiness/Liveness probes on MongoDB Metrics Exporter (#11772) * [stable/mongodb] Fix Readiness/Liveness probes on MongoDB Metrics Exporter Signed-off-by: juan131 * Bump fix version Signed-off-by: juan131 --- stable/mongodb/Chart.yaml | 2 +- stable/mongodb/README.md | 14 ++++++++++---- .../templates/statefulset-secondary-rs.yaml | 14 ++++++++++---- stable/mongodb/values-production.yaml | 14 ++++++++++++++ stable/mongodb/values.yaml | 14 ++++++++++++++ 5 files changed, 49 insertions(+), 9 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index 1bdcfa103e39..80a258f68252 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,5 +1,5 @@ name: mongodb -version: 5.6.0 +version: 5.6.1 appVersion: 4.0.6 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: diff --git a/stable/mongodb/README.md b/stable/mongodb/README.md index 9670845883d3..f779bcf6027c 100644 --- a/stable/mongodb/README.md +++ b/stable/mongodb/README.md @@ -95,11 +95,13 @@ The following table lists the configurable parameters of the MongoDB chart and t | `persistence.size` | Size of data volume | `8Gi` | | `persistence.annotations` | Persistent Volume annotations | `{}` | | `persistence.existingClaim` | Name of an existing PVC to use (avoids creating one if this is given) | `nil` | +| `livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | | `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | | `livenessProbe.periodSeconds` | How often to perform the probe | `10` | | `livenessProbe.timeoutSeconds` | When the probe times out | `5` | | `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | | `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | +| `readinessProbe.enabled` | Enable/disable the Readiness probe | `true` | | `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `5` | | `readinessProbe.periodSeconds` | How often to perform the probe | `10` | | `readinessProbe.timeoutSeconds` | When the probe times out | `5` | @@ -120,10 +122,14 @@ The following table lists the configurable parameters of the MongoDB chart and t | `metrics.serviceMonitor.relabellings` | Specify Metric Relabellings to add to the scrape endpoint | `nil` | | `metrics.serviceMonitor.alerting.rules` | Define individual alerting rules as required | {} | | `metrics.serviceMonitor.alerting.additionalLabels` | Used to pass Labels that are required by the Installed Prometheus Operator | {} | -| `metrics.livenessProbe.initialDelaySeconds` | Iniitial Delay for Liveness Check of Prometheus metrics exporter | 15 | -| `metrics.livenessProbe.timeoutSeconds` | Timeout for Liveness Check of Prometheus metrics exporter | 5 | -| `metrics.readinessProbe.initialDelaySeconds` | Iniitial Delay for Readiness Check of Prometheus metrics exporter | 5 | -| `metrics.readinessProbe.timeoutSeconds` | Timeout for Readiness Check of Prometheus metrics exporter | 1 | +| `metrics.livenessProbe.enabled` | Enable/disable the Liveness Check of Prometheus metrics exporter | `false` | +| `metrics.livenessProbe.initialDelaySeconds` | Initial Delay for Liveness Check of Prometheus metrics exporter | `15` | +| `metrics.livenessProbe.periodSeconds` | How often to perform Liveness Check of Prometheus metrics exporter | `10` | +| `metrics.livenessProbe.timeoutSeconds` | Timeout for Liveness Check of Prometheus metrics exporter | `5` | +| `metrics.readinessProbe.enabled` | Enable/disable the Readiness Check of Prometheus metrics exporter | `false` | +| `metrics.readinessProbe.initialDelaySeconds` | Initial Delay for Readiness Check of Prometheus metrics exporter | `5` | +| `metrics.readinessProbe.periodSeconds` | How often to perform Readiness Check of Prometheus metrics exporter | `10` | +| `metrics.readinessProbe.timeoutSeconds` | Timeout for Readiness Check of Prometheus metrics exporter | `1` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/mongodb/templates/statefulset-secondary-rs.yaml b/stable/mongodb/templates/statefulset-secondary-rs.yaml index bdcc8fda9d99..3ee8d327c823 100644 --- a/stable/mongodb/templates/statefulset-secondary-rs.yaml +++ b/stable/mongodb/templates/statefulset-secondary-rs.yaml @@ -177,18 +177,24 @@ spec: ports: - name: metrics containerPort: 9216 + {{- if .Values.metrics.livenessProbe.enabled }} livenessProbe: httpGet: path: /metrics port: metrics - initialDelaySeconds: {{ default 15 .Values.metrics.livenessProbe.initialDelaySeconds }} - timeoutSeconds: {{ default 5 .Values.metrics.livenessProbe.timeoutSeconds }} + initialDelaySeconds: {{ .Values.metrics.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.livenessProbe.timeoutSeconds }} + {{- end }} + {{- if .Values.metrics.readinessProbe.enabled }} readinessProbe: httpGet: path: /metrics port: metrics - initialDelaySeconds: {{ default 5 .Values.metrics.readinessProbe.initialDelaySeconds }} - timeoutSeconds: {{ default 1 .Values.metrics.readinessProbe.timeoutSeconds }} + initialDelaySeconds: {{ .Values.metrics.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.metrics.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} + {{- end }} resources: {{ toYaml .Values.metrics.resources | indent 12 }} {{- end }} diff --git a/stable/mongodb/values-production.yaml b/stable/mongodb/values-production.yaml index 5e12a5c8d865..b6bae9123463 100644 --- a/stable/mongodb/values-production.yaml +++ b/stable/mongodb/values-production.yaml @@ -256,11 +256,25 @@ metrics: ## String with extra arguments to the metrics exporter ## ref: https://github.com/dcu/mongodb_exporter/blob/master/mongodb_exporter.go extraArgs: "" + ## Metrics exporter resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## # resources: {} + ## Metrics exporter liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + livenessProbe: + enabled: true + initialDelaySeconds: 15 + periodSeconds: 5 + timeoutSeconds: 5 + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + ## Metrics exporter pod Annotation podAnnotations: prometheus.io/scrape: "true" diff --git a/stable/mongodb/values.yaml b/stable/mongodb/values.yaml index d159b9e8c84f..3b7b81142321 100644 --- a/stable/mongodb/values.yaml +++ b/stable/mongodb/values.yaml @@ -256,11 +256,25 @@ metrics: ## String with extra arguments to the metrics exporter ## ref: https://github.com/dcu/mongodb_exporter/blob/master/mongodb_exporter.go extraArgs: "" + ## Metrics exporter resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## # resources: {} + ## Metrics exporter liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) + livenessProbe: + enabled: false + initialDelaySeconds: 15 + periodSeconds: 5 + timeoutSeconds: 5 + readinessProbe: + enabled: false + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 1 + ## Metrics exporter pod Annotation podAnnotations: prometheus.io/scrape: "true" From 2dabf16fbcaa570e872a0ae20ed82a084012167f Mon Sep 17 00:00:00 2001 From: Andrew Starr-Bochicchio Date: Wed, 27 Feb 2019 09:52:55 -0500 Subject: [PATCH 0331/1586] [stable/external-dns] Support DigitalOcean (Fixes #10923). (#11257) * [stable/external-dns] Support DigitalOcean (Fixes #10923). Signed-off-by: Andrew Starr-Bochicchio * [stable/external-dns] Bump chart version. Signed-off-by: Andrew Starr-Bochicchio * [stable/external-dns] Bump chart version again. Signed-off-by: Andrew Starr-Bochicchio --- stable/external-dns/Chart.yaml | 2 +- stable/external-dns/README.md | 1 + stable/external-dns/templates/deployment.yaml | 7 +++++++ stable/external-dns/templates/secret.yaml | 5 ++++- stable/external-dns/values.yaml | 4 ++++ 5 files changed, 17 insertions(+), 2 deletions(-) diff --git a/stable/external-dns/Chart.yaml b/stable/external-dns/Chart.yaml index 8bffb85df304..5fd512c3d7ac 100644 --- a/stable/external-dns/Chart.yaml +++ b/stable/external-dns/Chart.yaml @@ -3,7 +3,7 @@ description: | Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services name: external-dns -version: 1.6.1 +version: 1.6.2 appVersion: 0.5.9 home: https://github.com/kubernetes-incubator/external-dns sources: diff --git a/stable/external-dns/README.md b/stable/external-dns/README.md index 5193512b01f6..ea26d8039352 100644 --- a/stable/external-dns/README.md +++ b/stable/external-dns/README.md @@ -41,6 +41,7 @@ The following table lists the configurable parameters of the external-dns chart | `designate.customCA.directory` | Directory in which to mount the Designate provider's custom CA | "/config/designate" | | `designate.customCA.filename` | Filename of Designate provider's custom CA | "designate-ca.pem" | | `domainFilters` | Limit possible target zones by domain suffixes (optional). | `[]` | +| `digitalocean.apiToken` | When using the DigitalOcean provider, sets `DO_TOKEN` in the environment (optional). | `""` | | `dryRun` | When enabled, prints DNS record changes rather than actually performing them (optional). | `false` | | `extraArgs` | Optional object of extra args, as `name`: `value` pairs. Where the name is the command line arg to external-dns. | `{}` | | `extraEnv` | Optional array of extra environment variables. Supply a `name` property and either `value` of `valueFrom` for each. | `[]` | diff --git a/stable/external-dns/templates/deployment.yaml b/stable/external-dns/templates/deployment.yaml index 474788ffcce7..42e890991c65 100755 --- a/stable/external-dns/templates/deployment.yaml +++ b/stable/external-dns/templates/deployment.yaml @@ -137,6 +137,13 @@ spec: - name: CF_API_EMAIL value: "{{ .Values.cloudflare.email }}" {{- end }} + {{- if .Values.digitalocean.apiToken }} + - name: DO_TOKEN + valueFrom: + secretKeyRef: + name: {{ template "external-dns.fullname" . }} + key: digitalocean_api_token + {{- end }} {{- if .Values.infoblox.wapiConnectionPoolSize }} - name: EXTERNAL_DNS_INFOBLOX_HTTP_POOL_CONNECTIONS value: "{{ .Values.infoblox.wapiConnectionPoolSize }}" diff --git a/stable/external-dns/templates/secret.yaml b/stable/external-dns/templates/secret.yaml index 190c5dda8e49..4f5fbfbd2f2d 100644 --- a/stable/external-dns/templates/secret.yaml +++ b/stable/external-dns/templates/secret.yaml @@ -1,4 +1,4 @@ -{{- if or (and .Values.aws.secretKey .Values.aws.accessKey) .Values.cloudflare.apiKey (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) .Values.extraEnv .Values.google.serviceAccountKey -}} +{{- if or (and .Values.aws.secretKey .Values.aws.accessKey) .Values.cloudflare.apiKey .Values.digitalocean.apiToken (and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword) .Values.extraEnv .Values.google.serviceAccountKey -}} apiVersion: v1 kind: Secret metadata: @@ -17,6 +17,9 @@ data: {{- if .Values.cloudflare.apiKey }} cloudflare_api_key: {{ .Values.cloudflare.apiKey | b64enc | quote }} {{- end }} +{{- if .Values.digitalocean.apiToken }} + digitalocean_api_token: {{ .Values.digitalocean.apiToken | b64enc | quote }} +{{- end }} {{- if and .Values.infoblox.wapiUsername .Values.infoblox.wapiPassword }} infoblox_wapi_username: {{ .Values.infoblox.wapiUsername | b64enc | quote }} infoblox_wapi_password: {{ .Values.infoblox.wapiPassword | b64enc | quote }} diff --git a/stable/external-dns/values.yaml b/stable/external-dns/values.yaml index 1dae610aaaac..2a08cc99fde5 100644 --- a/stable/external-dns/values.yaml +++ b/stable/external-dns/values.yaml @@ -51,6 +51,10 @@ designate: # Filename of the custom CA filename: "designate-ca.pem" +# DigitalOcean API token to inject as environment variable +digitalocean: + apiToken: "" + # When using the Google provider, specify the Google project (required when provider=google) google: project: "" From 7a36806df4b50d573932c4fe316fa236f5a4874e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 16:21:34 +0100 Subject: [PATCH 0332/1586] [stable/osclass] Add apiVersion in Chart.yaml and add test info to README.md (#11784) Signed-off-by: Carlos Rodriguez Hernandez --- stable/osclass/Chart.yaml | 3 ++- stable/osclass/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/osclass/Chart.yaml b/stable/osclass/Chart.yaml index c716778738b7..153ce0af3d57 100644 --- a/stable/osclass/Chart.yaml +++ b/stable/osclass/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: osclass -version: 4.0.3 +version: 4.0.4 appVersion: 3.7.4 description: Osclass is a php script that allows you to quickly create and manage your own free classifieds site. diff --git a/stable/osclass/README.md b/stable/osclass/README.md index c40138f9870f..f6b4fca384f7 100644 --- a/stable/osclass/README.md +++ b/stable/osclass/README.md @@ -14,7 +14,7 @@ This chart bootstraps an [Osclass](https://github.com/bitnami/bitnami-docker-osc It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the Osclass application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From e1bfb42f277b78b27dbf491fda44dd14b22be9a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 16:54:43 +0100 Subject: [PATCH 0333/1586] [stable/phpmyadmin] Add apiVersion in Chart.yaml and add test info to README.md (#11792) Signed-off-by: Carlos Rodriguez Hernandez --- stable/phpmyadmin/Chart.yaml | 3 ++- stable/phpmyadmin/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/phpmyadmin/Chart.yaml b/stable/phpmyadmin/Chart.yaml index 6ede7fbef54b..a924bdd512cc 100644 --- a/stable/phpmyadmin/Chart.yaml +++ b/stable/phpmyadmin/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: phpmyadmin -version: 2.0.4 +version: 2.0.5 appVersion: 4.8.5 description: phpMyAdmin is an mysql administration frontend keywords: diff --git a/stable/phpmyadmin/README.md b/stable/phpmyadmin/README.md index 24f6bf329c76..d0e6b271f15e 100644 --- a/stable/phpmyadmin/README.md +++ b/stable/phpmyadmin/README.md @@ -12,7 +12,7 @@ $ helm install stable/phpmyadmin This chart bootstraps a [phpMyAdmin](https://github.com/bitnami/bitnami-docker-phpmyadmin) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 6b6d4daf3a2d321f86ce387f7df6b8945e072468 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 16:54:53 +0100 Subject: [PATCH 0334/1586] [stable/postgresql] Add apiVersion in Chart.yaml and add test info to README.md (#11793) Signed-off-by: Carlos Rodriguez Hernandez --- stable/postgresql/Chart.yaml | 3 ++- stable/postgresql/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 9f061410e7bc..0705ed0a7257 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: postgresql -version: 3.11.6 +version: 3.11.7 appVersion: 10.7.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index 6b4bd64f225e..2c70c44e3c5b 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -12,7 +12,7 @@ $ helm install stable/postgresql This chart bootstraps a [PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From f19115bb9cc4653519c32496ed168702b18f1490 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 16:55:04 +0100 Subject: [PATCH 0335/1586] [stable/prestashop] Add apiVersion in Chart.yaml and add test info to README.md (#11794) Signed-off-by: Carlos Rodriguez Hernandez --- stable/prestashop/Chart.yaml | 3 ++- stable/prestashop/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/prestashop/Chart.yaml b/stable/prestashop/Chart.yaml index ce49fa32e042..5de64bd03d6f 100644 --- a/stable/prestashop/Chart.yaml +++ b/stable/prestashop/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: prestashop -version: 6.2.0 +version: 6.2.1 appVersion: 1.7.5-1 description: A popular open source ecommerce solution. Professional tools are easily accessible to increase online sales including instant guest checkout, abandoned cart reminders and automated Email marketing. keywords: diff --git a/stable/prestashop/README.md b/stable/prestashop/README.md index f867893eb77f..de384fa7cf3a 100644 --- a/stable/prestashop/README.md +++ b/stable/prestashop/README.md @@ -14,7 +14,7 @@ This chart bootstraps a [PrestaShop](https://github.com/bitnami/bitnami-docker-p It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the PrestaShop application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 7404c9f2a65155206500c7a2f67897819fa97366 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 16:55:14 +0100 Subject: [PATCH 0336/1586] [stable/parse] Add apiVersion in Chart.yaml and add test info to README.md (#11795) Signed-off-by: Carlos Rodriguez Hernandez --- stable/parse/Chart.yaml | 3 ++- stable/parse/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/parse/Chart.yaml b/stable/parse/Chart.yaml index 23822855f8c1..b056af05e591 100644 --- a/stable/parse/Chart.yaml +++ b/stable/parse/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: parse -version: 6.0.2 +version: 6.0.3 appVersion: 3.1.3 description: Parse is a platform that enables users to add a scalable and powerful backend to launch a full-featured app for iOS, Android, JavaScript, Windows, Unity, and more. keywords: diff --git a/stable/parse/README.md b/stable/parse/README.md index 5694f150551b..70868a9831d3 100644 --- a/stable/parse/README.md +++ b/stable/parse/README.md @@ -12,7 +12,7 @@ $ helm install stable/parse This chart bootstraps a [Parse](https://github.com/bitnami/bitnami-docker-parse) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From eede152bd24cfbb0542d8437755facc10ea7ffbd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 16:55:24 +0100 Subject: [PATCH 0337/1586] [stable/phabricator] Add apiVersion in Chart.yaml and add test info to README.md (#11796) Signed-off-by: Carlos Rodriguez Hernandez --- stable/phabricator/Chart.yaml | 3 ++- stable/phabricator/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/phabricator/Chart.yaml b/stable/phabricator/Chart.yaml index 9bc9e0386dbd..c94b3da5e9f5 100644 --- a/stable/phabricator/Chart.yaml +++ b/stable/phabricator/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: phabricator -version: 4.0.13 +version: 4.0.14 appVersion: 2019.8.0 description: Collection of open source web applications that help software companies build better software. keywords: diff --git a/stable/phabricator/README.md b/stable/phabricator/README.md index 9d46956fd25d..0a04f10acfd0 100644 --- a/stable/phabricator/README.md +++ b/stable/phabricator/README.md @@ -14,7 +14,7 @@ This chart bootstraps a [Phabricator](https://github.com/bitnami/bitnami-docker- It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the Phabricator application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 3efc7cd260c4323f44306937a085ce5f162ba0f1 Mon Sep 17 00:00:00 2001 From: Artem Pastukhov Date: Wed, 27 Feb 2019 19:18:39 +0300 Subject: [PATCH 0338/1586] Add prometheus annotations for filebeat metrics service (#11646) * Add prometheus annotations for filebeat metrics service Signed-off-by: Artem Pastukhov * Add condition for prometheus annotationd if monitorinfg enabled Signed-off-by: Artem Pastukhov * Bump docker image version Signed-off-by: Artem Pastukhov * Bump chart version Signed-off-by: Artem Pastukhov * Add condition for annotation if servicemonitor not enabled Signed-off-by: Artem Pastukhov * Fix some logic Signed-off-by: Artem Pastukhov * Add much more logic to define telemetry path and port Signed-off-by: Artem Pastukhov --- stable/filebeat/Chart.yaml | 2 +- stable/filebeat/templates/service.yaml | 12 +++++++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/stable/filebeat/Chart.yaml b/stable/filebeat/Chart.yaml index d22766366c72..a8497b182326 100644 --- a/stable/filebeat/Chart.yaml +++ b/stable/filebeat/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: A Helm chart to collect Kubernetes logs with filebeat icon: https://www.elastic.co/assets/blt47799dcdcf08438d/logo-elastic-beats-lt.svg name: filebeat -version: 1.4.1 +version: 1.4.2 appVersion: 6.6.1 home: https://www.elastic.co/products/beats/filebeat sources: diff --git a/stable/filebeat/templates/service.yaml b/stable/filebeat/templates/service.yaml index 6b151dba71d7..b42fb258a3b3 100644 --- a/stable/filebeat/templates/service.yaml +++ b/stable/filebeat/templates/service.yaml @@ -2,6 +2,16 @@ kind: Service apiVersion: v1 metadata: +{{- if not .Values.monitoring.serviceMonitor.enabled }} + annotations: +{{- if .Values.monitoring.telemetryPath }} + prometheus.io/path: {{ .Values.monitoring.telemetryPath }} +{{- else }} + prometheus.io/path: /metrics +{{- end }} + prometheus.io/port: "{{ .Values.monitoring.exporterPort }}" + prometheus.io/scrape: "true" +{{- end }} name: {{ template "filebeat.fullname" . }}-metrics namespace: {{ .Release.Namespace }} labels: @@ -17,4 +27,4 @@ spec: port: {{ .Values.monitoring.exporterPort }} targetPort: {{ .Values.monitoring.targetPort }} protocol: TCP -{{ end }} \ No newline at end of file +{{ end }} From cfdc2bded76dbccd1065d779077de7a626984dcd Mon Sep 17 00:00:00 2001 From: Steve Larkin Date: Wed, 27 Feb 2019 17:18:49 +0100 Subject: [PATCH 0339/1586] [stable/airflow] Add container and volume extension points (#11775) * [stable/airflow] Add extraContainers/VolumeMounts/Volumes Signed-off-by: Steve Larkin * [stable/airflow] Step version Signed-off-by: Steve Larkin --- stable/airflow/Chart.yaml | 2 +- stable/airflow/README.md | 3 +++ .../airflow/templates/deployments-scheduler.yaml | 9 +++++++++ stable/airflow/templates/deployments-web.yaml | 11 ++++++++++- .../airflow/templates/statefulsets-workers.yaml | 9 +++++++++ stable/airflow/values.yaml | 16 ++++++++++++++++ 6 files changed, 48 insertions(+), 2 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index bfa6b9ec5fc4..b230eb43605a 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,6 +1,6 @@ description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 2.0.2 +version: 2.1.0 appVersion: 1.10.0 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/README.md b/stable/airflow/README.md index 3a2230d4c042..e910a5f6f436 100644 --- a/stable/airflow/README.md +++ b/stable/airflow/README.md @@ -277,6 +277,9 @@ The following table lists the configurable parameters of the Airflow chart and t | `airflow.secretsMapping` | override any environment variable with a secret | | | `airflow.extraConfigmapMounts` | Additional configMap volume mounts on the airflow pods. | `[]` | | `airflow.podAnnotations` | annotations for scheduler, worker and web pods | `{}` | +| `airflow.extraContainers` | additional containers to run in the scheduler, worker & web pods | `[]` | +| `airflow.extraVolumeMounts` | additional volumeMounts to the main container in scheduler, worker & web pods | `[]`| +| `airflow.extraVolumes` | additional volumes for the scheduler, worker & web pods | `[]` | | `workers.enabled` | enable workers | `true` | | `workers.replicas` | number of workers pods to launch | `1` | | `workers.resources` | custom resource configuration for worker pod | `{}` | diff --git a/stable/airflow/templates/deployments-scheduler.yaml b/stable/airflow/templates/deployments-scheduler.yaml index 3e8432c9ef61..0103b7fbe8b0 100755 --- a/stable/airflow/templates/deployments-scheduler.yaml +++ b/stable/airflow/templates/deployments-scheduler.yaml @@ -94,6 +94,9 @@ spec: mountPath: {{ .mountPath }} readOnly: {{ .readOnly }} {{- end }} +{{- if .Values.airflow.extraVolumeMounts }} +{{ toYaml .Values.airflow.extraVolumeMounts | indent 12 }} +{{- end }} args: - "bash" - "-c" @@ -128,6 +131,9 @@ spec: echo "executing scheduler" && airflow scheduler -n {{ .Values.airflow.schedulerNumRuns }} {{- end }} +{{- if .Values.airflow.extraContainers }} +{{ toYaml .Values.airflow.extraContainers | indent 8 }} +{{- end }} volumes: - name: scripts configMap: @@ -168,3 +174,6 @@ spec: configMap: name: {{ .configMap }} {{- end }} +{{- if .Values.airflow.extraVolumes }} +{{ toYaml .Values.airflow.extraVolumes | indent 8 }} +{{- end }} diff --git a/stable/airflow/templates/deployments-web.yaml b/stable/airflow/templates/deployments-web.yaml index 52a1998faf9e..262eb1b8fff4 100644 --- a/stable/airflow/templates/deployments-web.yaml +++ b/stable/airflow/templates/deployments-web.yaml @@ -93,6 +93,9 @@ spec: mountPath: {{ .mountPath }} readOnly: {{ .readOnly }} {{- end }} +{{- if .Values.airflow.extraVolumeMounts }} +{{ toYaml .Values.airflow.extraVolumeMounts | indent 12 }} +{{- end }} args: - "bash" - "-c" @@ -125,6 +128,9 @@ spec: timeoutSeconds: 1 successThreshold: 1 failureThreshold: 5 +{{- if .Values.airflow.extraContainers }} +{{ toYaml .Values.airflow.extraContainers | indent 8 }} +{{- end }} volumes: - name: scripts configMap: @@ -158,4 +164,7 @@ spec: - name: {{ .name }} configMap: name: {{ .configMap }} - {{- end }} \ No newline at end of file + {{- end }} +{{- if .Values.airflow.extraVolumes }} +{{ toYaml .Values.airflow.extraVolumes | indent 8 }} +{{- end }} diff --git a/stable/airflow/templates/statefulsets-workers.yaml b/stable/airflow/templates/statefulsets-workers.yaml index bccb1e4fb200..407be6a71b4d 100644 --- a/stable/airflow/templates/statefulsets-workers.yaml +++ b/stable/airflow/templates/statefulsets-workers.yaml @@ -101,6 +101,9 @@ spec: mountPath: {{ .mountPath }} readOnly: {{ .readOnly }} {{- end }} +{{- if .Values.airflow.extraVolumeMounts }} +{{ toYaml .Values.airflow.extraVolumeMounts | indent 12 }} +{{- end }} args: - "bash" - "-c" @@ -129,6 +132,9 @@ spec: protocol: TCP resources: {{ toYaml .Values.workers.resources | indent 12 }} +{{- if .Values.airflow.extraContainers }} +{{ toYaml .Values.airflow.extraContainers | indent 8 }} +{{- end }} volumes: - name: scripts configMap: @@ -163,4 +169,7 @@ spec: configMap: name: {{ .configMap }} {{- end }} +{{- if .Values.airflow.extraVolumes }} +{{ toYaml .Values.airflow.extraVolumes | indent 8 }} +{{- end }} {{- end }} diff --git a/stable/airflow/values.yaml b/stable/airflow/values.yaml index cac81f3ca085..88532e078d1f 100644 --- a/stable/airflow/values.yaml +++ b/stable/airflow/values.yaml @@ -137,6 +137,22 @@ airflow: podAnnotations: {} ## Example: ## iam.amazonaws.com/role: airflow-Role + extraContainers: [] + ## Additional containers to run alongside the Scheduler, Worker and Web pods + ## This could, for example, be used to run a sidecar that syncs DAGs from object storage. + # - name: s3-sync + # image: my-user/s3sync:latest + # volumeMounts: + # - name: synchronised-dags + # mountPath: /dags + extraVolumeMounts: [] + ## Additional volumeMounts to the main containers in the Scheduler, Worker and Web pods. + # - name: synchronised-dags + # mountPath: /usr/local/airflow/dags + extraVolumes: [] + ## Additional volumes for the Scheduler, Worker and Web pods. + # - name: synchronised-dags + # emptyDir: {} ## ## Workers configuration workers: From 23e0aceef0d7c5873090e61574ff594e79db08a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 17:18:59 +0100 Subject: [PATCH 0340/1586] [stable/dokuwiki] Add apiVersion in Chart.yaml and add test info to README.md (#11782) Signed-off-by: Carlos Rodriguez Hernandez --- stable/dokuwiki/Chart.yaml | 3 ++- stable/dokuwiki/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/dokuwiki/Chart.yaml b/stable/dokuwiki/Chart.yaml index 2b6e67459042..52f43be95f7b 100644 --- a/stable/dokuwiki/Chart.yaml +++ b/stable/dokuwiki/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: dokuwiki -version: 4.0.1 +version: 4.0.2 appVersion: 0.20180422.201805030840 description: DokuWiki is a standards-compliant, simple to use wiki optimized for creating documentation. It is targeted at developer teams, workgroups, and small companies. diff --git a/stable/dokuwiki/README.md b/stable/dokuwiki/README.md index 5bbba7986282..0a3d6c83fc6e 100644 --- a/stable/dokuwiki/README.md +++ b/stable/dokuwiki/README.md @@ -12,7 +12,7 @@ $ helm install stable/dokuwiki This chart bootstraps a [DokuWiki](https://github.com/bitnami/bitnami-docker-dokuwiki) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From cbbbbe5bc9ea9fbf7e0db166620097e83242b849 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 17:19:09 +0100 Subject: [PATCH 0341/1586] [stable/owncloud] Add apiVersion in Chart.yaml and add test info to README.md (#11785) Signed-off-by: Carlos Rodriguez Hernandez --- stable/owncloud/Chart.yaml | 3 ++- stable/owncloud/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/owncloud/Chart.yaml b/stable/owncloud/Chart.yaml index 2286c104ce03..f1602f971309 100644 --- a/stable/owncloud/Chart.yaml +++ b/stable/owncloud/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: owncloud -version: 4.0.3 +version: 4.0.4 appVersion: 10.1.0 description: A file sharing server that puts the control and security of your own data back into your hands. keywords: diff --git a/stable/owncloud/README.md b/stable/owncloud/README.md index 75c002c10ef4..77cb10b08c5d 100644 --- a/stable/owncloud/README.md +++ b/stable/owncloud/README.md @@ -14,7 +14,7 @@ This chart bootstraps an [ownCloud](https://github.com/bitnami/bitnami-docker-ow It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the ownCloud application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From a0b94a46fef8ce09cc068046813efca7d141780e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 17:19:19 +0100 Subject: [PATCH 0342/1586] [stable/rabbitmq] Add apiVersion in Chart.yaml and add test info to README.md (#11789) Signed-off-by: Carlos Rodriguez Hernandez --- stable/rabbitmq/Chart.yaml | 3 ++- stable/rabbitmq/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/rabbitmq/Chart.yaml b/stable/rabbitmq/Chart.yaml index 7869fd23d02a..31246faf5594 100644 --- a/stable/rabbitmq/Chart.yaml +++ b/stable/rabbitmq/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: rabbitmq -version: 4.3.0 +version: 4.3.1 appVersion: 3.7.12 description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) keywords: diff --git a/stable/rabbitmq/README.md b/stable/rabbitmq/README.md index 984868204fe0..81a3b0eb07e9 100644 --- a/stable/rabbitmq/README.md +++ b/stable/rabbitmq/README.md @@ -12,7 +12,7 @@ $ helm install stable/rabbitmq This chart bootstraps a [RabbitMQ](https://github.com/bitnami/bitnami-docker-rabbitmq) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 128b81e0a14e14dccba9b5ad00681f54c8a5c1be Mon Sep 17 00:00:00 2001 From: Jacob Magnusson Date: Wed, 27 Feb 2019 17:54:34 +0100 Subject: [PATCH 0343/1586] Ability to add arbitrary Secrets and ConfigMaps (#5618) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Google Cloud DNS is configured differently from all other ACME DNS providers in that it expects a file to be available inside the container (because of how the underlying lego library is set up). This didn’t map well to how helm packages are expected to be provided with configuration/secrets. To support this the ability to specify any number of Secrets and ConfigMaps from the values.yaml file has been added. Signed-off-by: Jacob Magnusson --- stable/traefik/Chart.yaml | 2 +- stable/traefik/README.md | 30 +++++++++++++++++++--- stable/traefik/templates/config-files.yaml | 16 ++++++++++++ stable/traefik/templates/deployment.yaml | 18 +++++++++++++ stable/traefik/templates/secret-files.yaml | 16 ++++++++++++ stable/traefik/values.yaml | 16 ++++++++++++ 6 files changed, 94 insertions(+), 4 deletions(-) create mode 100644 stable/traefik/templates/config-files.yaml create mode 100644 stable/traefik/templates/secret-files.yaml diff --git a/stable/traefik/Chart.yaml b/stable/traefik/Chart.yaml index e70c2ca4be80..a186f8f2ea30 100644 --- a/stable/traefik/Chart.yaml +++ b/stable/traefik/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: traefik -version: 1.61.1 +version: 1.62.0 appVersion: 1.7.9 description: A Traefik based Kubernetes ingress controller with Let's Encrypt support keywords: diff --git a/stable/traefik/README.md b/stable/traefik/README.md index 9289a4f33a45..50b0a28022b9 100644 --- a/stable/traefik/README.md +++ b/stable/traefik/README.md @@ -133,7 +133,7 @@ The following table lists the configurable parameters of the Traefik chart and t | `acme.challengeType` | Type of ACME challenge to perform domain validation. `tls-sni-01` (deprecated), `tls-alpn-01` (recommended), `http-01` or `dns-01` | `tls-sni-01` | | `acme.delayBeforeCheck` | By default, the provider will verify the TXT DNS challenge record before letting ACME verify. If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds. Useful when Traefik cannot resolve external DNS queries. | `0` | | `acme.dnsProvider.name` | Which DNS provider to use. See [here](https://github.com/xenolf/lego/tree/master/providers/dns) for the list of possible values. | `nil` | -| `acme.dnsProvider.$name` | The configuration environment variables (encoded as a secret) needed for the DNS provider to do DNS challenge. See [here](#example-aws-route-53). | `{}` | +| `acme.dnsProvider.$name` | The configuration environment variables (encoded as a secret) needed for the DNS provider to do DNS challenge. Example configuration: [AWS Route 53](#example-aws-route-53), [Google Cloud DNS](#example-gcloud). | `{}` | | `acme.email` | Email address to be used in certificates obtained from Let's Encrypt | `admin@example.com` | | `acme.onHostRule` | Whether to generate a certificate for each frontend with Host rule | `true` | | `acme.staging` | Whether to get certs from Let's Encrypt's staging environment | `true` | @@ -219,6 +219,8 @@ The following table lists the configurable parameters of the Traefik chart and t | `tracing.datadog.debug` | Enables Datadog debugging | `false` | | `tracing.datadog.globalTag` | Apply shared tag in a form of Key:Value to all the traces | `""` | | `autoscaling` | HorizontalPodAutoscaler for the traefik Deployment | `{}` | +| `configFiles` | Config files to make available in the deployment. key=filename, value=file contents | `{}` | +| `secretFiles` | Secret files to make available in the deployment. key=filename, value=file contents | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: @@ -354,12 +356,12 @@ acme: #### Example: AWS Route 53 -Route 53 requires the [following configuration variables to be set](values.yaml#L98-L101): +Using `route53` as DNS provider requires the following configuration variables to be set: - `AWS_ACCESS_KEY_ID` - `AWS_SECRET_ACCESS_KEY` - `AWS_REGION` -The configuration for the DNS provider would look like this: +The configuration would look like this: ```yaml acme: @@ -372,6 +374,28 @@ acme: AWS_REGION: us-east-1 ``` +#### Example: Google Cloud DNS + +Using `gcloud` as DNS provider requires the following configuration variables to be set: +- `GCE_PROJECT` +- `GCE_SERVICE_ACCOUNT_FILE` + +The configuration would look like this: + +```yaml + +secretFiles: + gcloud-credentials.json: '{"type":"service_account","project_id":"","private_key_id":"",...}' + +acme: + enabled: true + dnsProvider: + name: gcloud + gcloud: + GCE_PROJECT: + GCE_SERVICE_ACCOUNT_FILE: /secrets/gcloud-credentials.json +``` + ### Proxy Protocol In situations where Traefik lives behind an Internet-facing loadbalancer (like an AWS ELB) and you still want it to see the actual source IP of the visitor instead of the internal IP of the loadbalancer, you can enable the loadbalancer to use the Proxy protocol to talk to Traefik. This effectively makes the loadbalancer transparent, as Traefik will still get the actual visitor IP address for each request. This only works if Traefik knows it's receiving traffic via the Proxy Protocol and the loadbalancer IP addresses need to be whitelisted as well. diff --git a/stable/traefik/templates/config-files.yaml b/stable/traefik/templates/config-files.yaml new file mode 100644 index 000000000000..de2217eb5d7c --- /dev/null +++ b/stable/traefik/templates/config-files.yaml @@ -0,0 +1,16 @@ +{{- if .Values.configFiles }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "traefik.fullname" . }}-configs + labels: + app: {{ template "traefik.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: +{{- range $filename, $fileContents := .Values.configFiles }} + {{ $filename }}: |- +{{ $fileContents | indent 4 }} +{{- end }} +{{- end }} diff --git a/stable/traefik/templates/deployment.yaml b/stable/traefik/templates/deployment.yaml index 60f6d048fa36..4f562c731a9b 100644 --- a/stable/traefik/templates/deployment.yaml +++ b/stable/traefik/templates/deployment.yaml @@ -114,6 +114,14 @@ spec: - mountPath: /acme name: acme {{- end }} + {{- if .Values.configFiles }} + - mountPath: /configs + name: {{ template "traefik.fullname" $ }}-configs + {{ end }} + {{- if .Values.secretFiles }} + - mountPath: /secrets + name: {{ template "traefik.fullname" $ }}-secrets + {{- end }} ports: - name: http containerPort: 80 @@ -162,6 +170,16 @@ spec: emptyDir: {} {{- end }} {{- end }} + {{- if .Values.configFiles }} + - name: {{ template "traefik.fullname" $ }}-configs + configMap: + name: {{ template "traefik.fullname" $ }}-configs + {{ end }} + {{- if .Values.secretFiles }} + - name: {{ template "traefik.fullname" $ }}-secrets + secret: + secretName: {{ template "traefik.fullname" $ }}-secrets + {{- end }} {{- if and (.Values.tolerations) (semverCompare "^1.6-0" .Capabilities.KubeVersion.GitVersion) }} tolerations: {{ toYaml .Values.tolerations | indent 6 }} diff --git a/stable/traefik/templates/secret-files.yaml b/stable/traefik/templates/secret-files.yaml new file mode 100644 index 000000000000..65498880ea7d --- /dev/null +++ b/stable/traefik/templates/secret-files.yaml @@ -0,0 +1,16 @@ +{{- if .Values.secretFiles }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ template "traefik.fullname" . }}-secrets + labels: + app: {{ template "traefik.name" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +type: Opaque +data: +{{- range $filename, $fileContents := .Values.secretFiles }} + {{ $filename }}: {{ $fileContents | b64enc | quote }} +{{- end }} +{{- end }} diff --git a/stable/traefik/values.yaml b/stable/traefik/values.yaml index e1db01583150..5e41b74f8e49 100644 --- a/stable/traefik/values.yaml +++ b/stable/traefik/values.yaml @@ -63,6 +63,22 @@ forwardedHeaders: # trustedIPs is required when enabled trustedIPs: [] # - 10.0.0.0/8 + +## Add arbitrary ConfigMaps to deployment +## Will be mounted to /configs/, i.e. myconfig.json would +## be mounted to /configs/myconfig.json. +configFiles: {} + # myconfig.json: | + # filecontents... + +## Add arbitrary Secrets to deployment +## Will be mounted to /secrets/, i.e. file.name would +## be mounted to /secrets/mysecret.txt. +## The contents will be base64 encoded when added +secretFiles: {} + # mysecret.txt: | + # filecontents... + ssl: enabled: false enforced: false From 5b3f02972b46003ff297d6545e4370c02c0bd31d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 17:54:45 +0100 Subject: [PATCH 0344/1586] [stable/redis] Add apiVersion in Chart.yaml and add test info to README.md (#11790) Signed-off-by: Carlos Rodriguez Hernandez --- stable/redis/Chart.yaml | 3 ++- stable/redis/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index 9199ae89d881..5c4165458e5e 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: redis -version: 6.1.3 +version: 6.1.4 appVersion: 4.0.13 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/README.md b/stable/redis/README.md index 7290f48e57b2..749c3600cddd 100644 --- a/stable/redis/README.md +++ b/stable/redis/README.md @@ -18,7 +18,7 @@ $ helm install stable/redis --values values-production.yaml This chart bootstraps a [Redis](https://github.com/bitnami/bitnami-docker-redis) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 4886b9cb261bed3466b6194e867eda7084957e73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 17:54:54 +0100 Subject: [PATCH 0345/1586] [stable/phpbb] Add apiVersion in Chart.yaml and add test info to README.md (#11797) Signed-off-by: Carlos Rodriguez Hernandez --- stable/phpbb/Chart.yaml | 3 ++- stable/phpbb/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/phpbb/Chart.yaml b/stable/phpbb/Chart.yaml index 4ae3d6befbc4..2fc0906af231 100644 --- a/stable/phpbb/Chart.yaml +++ b/stable/phpbb/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: phpbb -version: 4.0.3 +version: 4.0.4 appVersion: 3.2.5 description: Community forum that supports the notion of users and groups, file attachments, full-text search, notifications and more. keywords: diff --git a/stable/phpbb/README.md b/stable/phpbb/README.md index 041addd216d3..210e1c340b98 100644 --- a/stable/phpbb/README.md +++ b/stable/phpbb/README.md @@ -14,7 +14,7 @@ This chart bootstraps a [phpBB](https://github.com/bitnami/bitnami-docker-phpbb) It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the phpBB application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From ca854965b35efd57bcc11b8c0229f4548e413ac0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 17:55:04 +0100 Subject: [PATCH 0346/1586] [stable/nats] Add apiVersion in Chart.yaml and add test info to README.md (#11798) Signed-off-by: Carlos Rodriguez Hernandez --- stable/nats/Chart.yaml | 3 ++- stable/nats/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/nats/Chart.yaml b/stable/nats/Chart.yaml index bc1a5b453c3f..97f0d33da0dc 100644 --- a/stable/nats/Chart.yaml +++ b/stable/nats/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: nats -version: 2.0.5 +version: 2.0.6 appVersion: 1.4.1 description: An open-source, cloud-native messaging system keywords: diff --git a/stable/nats/README.md b/stable/nats/README.md index 6a056ce68a59..a0b89b5e2543 100644 --- a/stable/nats/README.md +++ b/stable/nats/README.md @@ -12,7 +12,7 @@ $ helm install stable/nats This chart bootstraps a [NATS](https://github.com/bitnami/bitnami-docker-nats) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From b3f7958c6707042283e9b0536506f761699cd3af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 17:55:14 +0100 Subject: [PATCH 0347/1586] [stable/odoo] Add apiVersion in Chart.yaml and add test info to README.md (#11799) Signed-off-by: Carlos Rodriguez Hernandez --- stable/odoo/Chart.yaml | 3 ++- stable/odoo/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/odoo/Chart.yaml b/stable/odoo/Chart.yaml index d2d3c59dd9ad..846b0e423459 100644 --- a/stable/odoo/Chart.yaml +++ b/stable/odoo/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: odoo -version: 6.0.0 +version: 6.0.1 appVersion: 11.0.20190215 description: A suite of web based open source business apps. home: https://www.odoo.com/ diff --git a/stable/odoo/README.md b/stable/odoo/README.md index 26439a61136f..4cd258247078 100644 --- a/stable/odoo/README.md +++ b/stable/odoo/README.md @@ -14,7 +14,7 @@ $ helm install stable/odoo This chart bootstraps a [Odoo](https://github.com/bitnami/bitnami-docker-odoo) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 3bb1843412ab89959b6af6aa0449ddb41e4471cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 18:22:24 +0100 Subject: [PATCH 0348/1586] [stable/orangehrm] Add apiVersion in Chart.yaml and add test info to README.md (#11783) Signed-off-by: Carlos Rodriguez Hernandez --- stable/orangehrm/Chart.yaml | 3 ++- stable/orangehrm/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/orangehrm/Chart.yaml b/stable/orangehrm/Chart.yaml index 7adbb70e382f..150443678840 100644 --- a/stable/orangehrm/Chart.yaml +++ b/stable/orangehrm/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: orangehrm -version: 4.0.1 +version: 4.0.2 appVersion: 4.2.0-1 description: OrangeHRM is a free HR management system that offers a wealth of modules to suit the needs of your business. diff --git a/stable/orangehrm/README.md b/stable/orangehrm/README.md index 3d08634bfb51..3686d8a5f14b 100644 --- a/stable/orangehrm/README.md +++ b/stable/orangehrm/README.md @@ -14,7 +14,7 @@ This chart bootstraps an [OrangeHRM](https://github.com/bitnami/bitnami-docker-o It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the OrangeHRM application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 9ae4a1cabf02707d332ddc7a5a940a4e372d6518 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 18:22:34 +0100 Subject: [PATCH 0349/1586] [stable/suitecrm] Add apiVersion in Chart.yaml and add test info to README.md (#11786) Signed-off-by: Carlos Rodriguez Hernandez --- stable/suitecrm/Chart.yaml | 3 ++- stable/suitecrm/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/suitecrm/Chart.yaml b/stable/suitecrm/Chart.yaml index f4c339ce458c..ba3a02822a6e 100644 --- a/stable/suitecrm/Chart.yaml +++ b/stable/suitecrm/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: suitecrm -version: 5.0.6 +version: 5.0.7 appVersion: 7.11.2 description: SuiteCRM is a completely open source enterprise-grade Customer Relationship Management (CRM) application. SuiteCRM is a software fork of the popular customer relationship management (CRM) system SugarCRM. keywords: diff --git a/stable/suitecrm/README.md b/stable/suitecrm/README.md index 3152fe947556..795c207e5605 100644 --- a/stable/suitecrm/README.md +++ b/stable/suitecrm/README.md @@ -14,7 +14,7 @@ This chart bootstraps a [SuiteCRM](https://github.com/bitnami/bitnami-docker-sui It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the SuiteCRM application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From fbc3a9e202fdc926c0225c0a2a5ed6e3765b1fb7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 18:22:44 +0100 Subject: [PATCH 0350/1586] [stable/testlink] Add apiVersion in Chart.yaml and add test info to README.md (#11787) Signed-off-by: Carlos Rodriguez Hernandez --- stable/testlink/Chart.yaml | 3 ++- stable/testlink/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/testlink/Chart.yaml b/stable/testlink/Chart.yaml index 253368afc346..ae9a5df514fd 100644 --- a/stable/testlink/Chart.yaml +++ b/stable/testlink/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: testlink -version: 4.0.3 +version: 4.0.4 appVersion: 1.9.19 description: Web-based test management system that facilitates software quality assurance. icon: https://bitnami.com/assets/stacks/testlink/img/testlink-stack-220x234.png diff --git a/stable/testlink/README.md b/stable/testlink/README.md index f411dbbcd74b..3d22da827ce6 100644 --- a/stable/testlink/README.md +++ b/stable/testlink/README.md @@ -14,7 +14,7 @@ This chart bootstraps a [TestLink](https://github.com/bitnami/bitnami-docker-tes It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the TestLink application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 832df6f20c9feab138c060c035c243a3f458733b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 18:22:53 +0100 Subject: [PATCH 0351/1586] [stable/wordpress] Add apiVersion in Chart.yaml and add test info to README.md (#11788) Signed-off-by: Carlos Rodriguez Hernandez --- stable/wordpress/Chart.yaml | 3 ++- stable/wordpress/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/wordpress/Chart.yaml b/stable/wordpress/Chart.yaml index 193c4a0f42d6..20e63a33c0d3 100644 --- a/stable/wordpress/Chart.yaml +++ b/stable/wordpress/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: wordpress -version: 5.2.5 +version: 5.2.6 appVersion: 5.1.0 description: Web publishing platform for building blogs and websites. icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png diff --git a/stable/wordpress/README.md b/stable/wordpress/README.md index 5ae6bb124b49..7ad6e3fa8f1f 100644 --- a/stable/wordpress/README.md +++ b/stable/wordpress/README.md @@ -14,7 +14,7 @@ This chart bootstraps a [WordPress](https://github.com/bitnami/bitnami-docker-wo It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the WordPress application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 6c295585f4d772b3e0293d995eb2f4e616ce9811 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 18:23:03 +0100 Subject: [PATCH 0352/1586] [stable/redmine] Add apiVersion in Chart.yaml and add test info to README.md (#11791) Signed-off-by: Carlos Rodriguez Hernandez --- stable/redmine/Chart.yaml | 3 ++- stable/redmine/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/redmine/Chart.yaml b/stable/redmine/Chart.yaml index ad2ec3e47403..b1cbad2e763c 100644 --- a/stable/redmine/Chart.yaml +++ b/stable/redmine/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: redmine -version: 9.0.0 +version: 9.0.1 appVersion: 4.0.2 description: A flexible project management web application. keywords: diff --git a/stable/redmine/README.md b/stable/redmine/README.md index e71de6c0f67a..229792128a3d 100644 --- a/stable/redmine/README.md +++ b/stable/redmine/README.md @@ -14,7 +14,7 @@ This chart bootstraps a [Redmine](https://github.com/bitnami/bitnami-docker-redm It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) and the [PostgreSQL chart](https://github.com/kubernetes/charts/tree/master/stable/postgresql) which are required for bootstrapping a MariaDB/PostgreSQL deployment for the database requirements of the Redmine application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From fbcd441101c7fdcfb4c7d5cbea3e88d2f8158236 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 18:43:33 +0100 Subject: [PATCH 0353/1586] [stable/opencart] Add apiVersion in Chart.yaml and add test info to README.md (#11800) Signed-off-by: Carlos Rodriguez Hernandez --- stable/opencart/Chart.yaml | 3 ++- stable/opencart/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/opencart/Chart.yaml b/stable/opencart/Chart.yaml index 89cfba90532f..b4eec89cbe0f 100644 --- a/stable/opencart/Chart.yaml +++ b/stable/opencart/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: opencart -version: 4.0.4 +version: 4.0.5 appVersion: 3.0.3-1 description: A free and open source e-commerce platform for online merchants. It provides a professional and reliable foundation for a successful online store. keywords: diff --git a/stable/opencart/README.md b/stable/opencart/README.md index 28534f00546c..012c4a7e4db1 100644 --- a/stable/opencart/README.md +++ b/stable/opencart/README.md @@ -14,7 +14,7 @@ This chart bootstraps an [OpenCart](https://github.com/bitnami/bitnami-docker-op It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the OpenCart application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 5e3ac44c585920d6c4108164d9a190c740c9cd14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 19:07:33 +0100 Subject: [PATCH 0354/1586] [stable/mediawiki] Add apiVersion in Chart.yaml and add test info to README.md (#11801) Signed-off-by: Carlos Rodriguez Hernandez --- stable/mediawiki/Chart.yaml | 3 ++- stable/mediawiki/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/mediawiki/Chart.yaml b/stable/mediawiki/Chart.yaml index 22d271f85e1f..4c792ce39ecf 100644 --- a/stable/mediawiki/Chart.yaml +++ b/stable/mediawiki/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: mediawiki -version: 6.0.2 +version: 6.0.3 appVersion: 1.32.0 description: Extremely powerful, scalable software and a feature-rich wiki implementation that uses PHP to process and display data stored in a database. home: http://www.mediawiki.org/ diff --git a/stable/mediawiki/README.md b/stable/mediawiki/README.md index a4cfc004e60f..9c292a819ff2 100644 --- a/stable/mediawiki/README.md +++ b/stable/mediawiki/README.md @@ -14,7 +14,7 @@ This chart bootstraps a [MediaWiki](https://github.com/bitnami/bitnami-docker-me It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the MediaWiki application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 164f40b0b8e67b59a1292a2140254a20f76b0a88 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 19:07:43 +0100 Subject: [PATCH 0355/1586] [stable/mongodb] Add apiVersion in Chart.yaml and add test info to README.md (#11802) Signed-off-by: Carlos Rodriguez Hernandez --- stable/mongodb/Chart.yaml | 3 ++- stable/mongodb/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index 80a258f68252..be912d8844a8 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: mongodb -version: 5.6.1 +version: 5.6.2 appVersion: 4.0.6 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: diff --git a/stable/mongodb/README.md b/stable/mongodb/README.md index f779bcf6027c..082ab56ee940 100644 --- a/stable/mongodb/README.md +++ b/stable/mongodb/README.md @@ -12,7 +12,7 @@ $ helm install stable/mongodb This chart bootstraps a [MongoDB](https://github.com/bitnami/bitnami-docker-mongodb) deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 41a7e1923f1f1131db28f8b9fd70b5e92c6a8f24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 19:07:53 +0100 Subject: [PATCH 0356/1586] [stable/moodle] Add apiVersion in Chart.yaml and add test info to README.md (#11803) Signed-off-by: Carlos Rodriguez Hernandez --- stable/moodle/Chart.yaml | 3 ++- stable/moodle/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/moodle/Chart.yaml b/stable/moodle/Chart.yaml index 93fddb9f6af0..c4d844725cbd 100644 --- a/stable/moodle/Chart.yaml +++ b/stable/moodle/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: moodle -version: 4.0.4 +version: 4.0.5 appVersion: 3.6.2 description: Moodle is a learning platform designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalised learning environments keywords: diff --git a/stable/moodle/README.md b/stable/moodle/README.md index 1185169fbf5f..e17c6990bca0 100644 --- a/stable/moodle/README.md +++ b/stable/moodle/README.md @@ -14,7 +14,7 @@ This chart bootstraps a [Moodle](https://github.com/bitnami/bitnami-docker-moodl It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the Moodle application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From f548c22f53382c76e9cf4540f1f131102885c4a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 19:08:02 +0100 Subject: [PATCH 0357/1586] [stable/magento] Add apiVersion in Chart.yaml and add test info to README.md (#11805) Signed-off-by: Carlos Rodriguez Hernandez --- stable/magento/Chart.yaml | 3 ++- stable/magento/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/magento/Chart.yaml b/stable/magento/Chart.yaml index 177297924be0..f3bb4eedeee2 100644 --- a/stable/magento/Chart.yaml +++ b/stable/magento/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: magento -version: 4.1.4 +version: 4.1.5 appVersion: 2.3.0 description: A feature-rich flexible e-commerce solution. It includes transaction options, multi-store functionality, loyalty programs, product categorization and shopper filtering, promotion rules, and more. keywords: diff --git a/stable/magento/README.md b/stable/magento/README.md index 1053f3a0261b..2c52c949132a 100644 --- a/stable/magento/README.md +++ b/stable/magento/README.md @@ -14,7 +14,7 @@ This chart bootstraps a [Magento](https://github.com/bitnami/bitnami-docker-mage It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment as a database for the Magento application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From d83990e46fe3ec7b55611038817d0b678622b686 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 19:08:12 +0100 Subject: [PATCH 0358/1586] [stable/mariadb] Add apiVersion in Chart.yaml and add test info to README.md (#11806) Signed-off-by: Carlos Rodriguez Hernandez --- stable/mariadb/Chart.yaml | 3 ++- stable/mariadb/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/mariadb/Chart.yaml b/stable/mariadb/Chart.yaml index 1ece7bbd8c54..d313eac49db5 100644 --- a/stable/mariadb/Chart.yaml +++ b/stable/mariadb/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: mariadb -version: 5.5.3 +version: 5.5.4 appVersion: 10.1.38 description: Fast, reliable, scalable, and easy to use open-source relational database system. MariaDB Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. Highly available MariaDB cluster. keywords: diff --git a/stable/mariadb/README.md b/stable/mariadb/README.md index 705437cd2893..5a5cd4c05a52 100644 --- a/stable/mariadb/README.md +++ b/stable/mariadb/README.md @@ -14,7 +14,7 @@ $ helm install stable/mariadb This chart bootstraps a [MariaDB](https://github.com/bitnami/bitnami-docker-mariadb) replication cluster deployment on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 53d277bf546d3f54727bf385fc64c36593689aa0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 19:32:13 +0100 Subject: [PATCH 0359/1586] [stable/ghost] Add apiVersion in Chart.yaml and add test info to README.md (#11807) Signed-off-by: Carlos Rodriguez Hernandez --- stable/ghost/Chart.yaml | 3 ++- stable/ghost/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index 9b54debbf908..674614d61a89 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: ghost -version: 6.3.12 +version: 6.3.13 appVersion: 2.15.0 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: diff --git a/stable/ghost/README.md b/stable/ghost/README.md index 491dd0b45cef..9750e90c3ab2 100644 --- a/stable/ghost/README.md +++ b/stable/ghost/README.md @@ -14,7 +14,7 @@ This chart bootstraps a [Ghost](https://github.com/bitnami/bitnami-docker-ghost) It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment for the database requirements of the Ghost application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 2973181550ffd0d0691041812472c361805803a4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 19:32:23 +0100 Subject: [PATCH 0360/1586] [stable/jasperreports] Add apiVersion in Chart.yaml and add test info to README.md (#11808) Signed-off-by: Carlos Rodriguez Hernandez --- stable/jasperreports/Chart.yaml | 3 ++- stable/jasperreports/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/jasperreports/Chart.yaml b/stable/jasperreports/Chart.yaml index c3eec72cc1f7..038382423c1a 100644 --- a/stable/jasperreports/Chart.yaml +++ b/stable/jasperreports/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: jasperreports -version: 4.0.2 +version: 4.0.3 appVersion: 7.1.0 description: The JasperReports server can be used as a stand-alone or embedded reporting and BI server that offers web-based reporting, analytic tools and visualization, diff --git a/stable/jasperreports/README.md b/stable/jasperreports/README.md index 6914453fe6ef..017eebffcd5b 100644 --- a/stable/jasperreports/README.md +++ b/stable/jasperreports/README.md @@ -14,7 +14,7 @@ This chart bootstraps a [JasperReports](https://github.com/bitnami/bitnami-docke It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which bootstraps a MariaDB deployment required by the JasperReports application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 1a2381465a1f5df2fbdabeb040df4ad6865a0238 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 19:32:32 +0100 Subject: [PATCH 0361/1586] [stable/joomla] Add apiVersion in Chart.yaml and add test info to README.md (#11809) Signed-off-by: Carlos Rodriguez Hernandez --- stable/joomla/Chart.yaml | 3 ++- stable/joomla/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/joomla/Chart.yaml b/stable/joomla/Chart.yaml index 2e0972376573..8917b99ccb6b 100644 --- a/stable/joomla/Chart.yaml +++ b/stable/joomla/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: joomla -version: 4.0.4 +version: 4.0.5 appVersion: 3.9.3 description: PHP content management system (CMS) for publishing web content keywords: diff --git a/stable/joomla/README.md b/stable/joomla/README.md index 3b6abd2a696e..edd95de6c547 100644 --- a/stable/joomla/README.md +++ b/stable/joomla/README.md @@ -14,7 +14,7 @@ This chart bootstraps a [Joomla!](https://github.com/bitnami/bitnami-docker-joom It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which bootstraps a MariaDB deployment required by the Joomla! application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 0d210a5fe7e544317cca3efc8566d42da3757545 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 27 Feb 2019 19:32:42 +0100 Subject: [PATCH 0362/1586] [stable/drupal] Add apiVersion in Chart.yaml and add test info to README.md (#11810) Signed-off-by: Carlos Rodriguez Hernandez --- stable/drupal/Chart.yaml | 3 ++- stable/drupal/README.md | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/drupal/Chart.yaml b/stable/drupal/Chart.yaml index 79cd1eb5914d..f5a86d8aaa63 100644 --- a/stable/drupal/Chart.yaml +++ b/stable/drupal/Chart.yaml @@ -1,5 +1,6 @@ +apiVersion: v1 name: drupal -version: 3.0.7 +version: 3.0.8 appVersion: 8.6.10 description: One of the most versatile open source content management systems. keywords: diff --git a/stable/drupal/README.md b/stable/drupal/README.md index 20bcc606af21..ab833f08f88c 100644 --- a/stable/drupal/README.md +++ b/stable/drupal/README.md @@ -14,7 +14,7 @@ This chart bootstraps a [Drupal](https://github.com/bitnami/bitnami-docker-drupa It also packages the [Bitnami MariaDB chart](https://github.com/kubernetes/charts/tree/master/stable/mariadb) which is required for bootstrapping a MariaDB deployment as a database for the Drupal application. -Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. +Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment and management of Helm Charts in clusters. This chart has been tested to work with NGINX Ingress, cert-manager, fluentd and Prometheus on top of the [BKPR](https://kubeprod.io/). ## Prerequisites From 0fbf39899b1b57c002c2a02a293211891fc0d897 Mon Sep 17 00:00:00 2001 From: Craig Rueda Date: Wed, 27 Feb 2019 16:13:55 -0800 Subject: [PATCH 0363/1586] Allow for overriding of proxy/admin listen (#11362) * Allow for overriding of proxy/admin listen Signed-off-by: Craig * Updated README Signed-off-by: Craig * Version bump Signed-off-by: Craig * Added note on container ports Signed-off-by: Craig * Version bump Signed-off-by: Craig --- stable/kong/Chart.yaml | 2 +- stable/kong/README.md | 15 +++++++++++++++ stable/kong/templates/deployment.yaml | 4 ++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/stable/kong/Chart.yaml b/stable/kong/Chart.yaml index c6fb11f59641..7c8be81ed170 100644 --- a/stable/kong/Chart.yaml +++ b/stable/kong/Chart.yaml @@ -10,5 +10,5 @@ maintainers: name: kong sources: - https://github.com/Kong/kong -version: 0.9.3 +version: 0.9.4 appVersion: 1.0.2 diff --git a/stable/kong/README.md b/stable/kong/README.md index 964841a8cf13..787c839ebf7f 100644 --- a/stable/kong/README.md +++ b/stable/kong/README.md @@ -96,6 +96,21 @@ and their default values. | resources | Pod resource requests & limits | `{}` | | tolerations | List of node taints to tolerate | `[]` | +### Admin/Proxy listener override + +If you specify `env.admin_listen` or `env.proxy_listen`, this chart will use +the value provided by you as opposed to constructing a listen variable +from fields like `proxy.http.containerPort` and `proxy.http.enabled`. This allows +you to be more prescriptive when defining listen directives. + +**Note:** Overriding `env.proxy_listen` and `env.admin_listen` will potentially cause +`admin.containerPort`, `proxy.http.containerPort` and `proxy.tls.containerPort` to become out of sync, +and therefore must be updated accordingly. + +I.E. updatating to `env.proxy_listen: 0.0.0.0:4444, 0.0.0.0:4443 ssl` will need +`proxy.http.containerPort: 4444` and `proxy.tls.containerPort: 4443` to be set in order +for the service definition to work properly. + ### Kong-specific parameters Kong has a choice of either Postgres or Cassandra as a backend datatstore. diff --git a/stable/kong/templates/deployment.yaml b/stable/kong/templates/deployment.yaml index cd097c554310..6115b531e4d7 100644 --- a/stable/kong/templates/deployment.yaml +++ b/stable/kong/templates/deployment.yaml @@ -69,6 +69,7 @@ spec: image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: + {{- if not .Values.env.admin_listen }} {{- if .Values.admin.useTLS }} - name: KONG_ADMIN_LISTEN value: "0.0.0.0:{{ .Values.admin.containerPort }} ssl" @@ -76,8 +77,11 @@ spec: - name: KONG_ADMIN_LISTEN value: 0.0.0.0:{{ .Values.admin.containerPort }} {{- end }} + {{- end }} + {{- if not .Values.env.proxy_listen }} - name: KONG_PROXY_LISTEN value: {{ template "kong.kongProxyListenValue" . }} + {{- end }} - name: KONG_NGINX_DAEMON value: "off" - name: KONG_PROXY_ACCESS_LOG From fbc9f1d3654ee8bd2f29dac1e7035a2e24600b5a Mon Sep 17 00:00:00 2001 From: Nik Voss Date: Thu, 28 Feb 2019 01:31:15 +0100 Subject: [PATCH 0364/1586] [stable/cockroachdb] Additional parameters for cockroachdb (#11747) * Add ExtraArgs and ExtraSecretMounts for additional configurability. Signed-off-by: Niklas Voss * Bump version. Signed-off-by: Niklas Voss * Updated README to include new values. Signed-off-by: Niklas Voss * Removed blank line to avoid linting errors. Signed-off-by: Niklas Voss --- stable/cockroachdb/Chart.yaml | 2 +- stable/cockroachdb/README.md | 2 ++ .../templates/cockroachdb-statefulset.yaml | 12 +++++++++++- stable/cockroachdb/values.yaml | 4 ++++ 4 files changed, 18 insertions(+), 2 deletions(-) diff --git a/stable/cockroachdb/Chart.yaml b/stable/cockroachdb/Chart.yaml index 61ce124fbfa3..b2650cbd8ac3 100755 --- a/stable/cockroachdb/Chart.yaml +++ b/stable/cockroachdb/Chart.yaml @@ -1,6 +1,6 @@ name: cockroachdb home: https://www.cockroachlabs.com -version: 2.0.11 +version: 2.1.0 appVersion: 2.1.5 description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png diff --git a/stable/cockroachdb/README.md b/stable/cockroachdb/README.md index 18a41b5fbe79..c6477446aed1 100644 --- a/stable/cockroachdb/README.md +++ b/stable/cockroachdb/README.md @@ -102,6 +102,8 @@ The following table lists the configurable parameters of the CockroachDB chart a | `Secure.ServiceAccount.Name` | Name of RBAC service account to use | `""` | | `JoinExisting` | List of already-existing cockroach instances | `[]` | | `Locality` | Locality attribute for this deployment | `""` | +| `ExtraArgs` | Additional command-line arguments | `[]` | +| `ExtraSecretMounts` | Additional secrets to mount at cluster members | `[]` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/stable/cockroachdb/templates/cockroachdb-statefulset.yaml b/stable/cockroachdb/templates/cockroachdb-statefulset.yaml index b7102db8959b..a7f505413aff 100644 --- a/stable/cockroachdb/templates/cockroachdb-statefulset.yaml +++ b/stable/cockroachdb/templates/cockroachdb-statefulset.yaml @@ -289,13 +289,18 @@ spec: {{- if .Values.Secure.Enabled }} - name: certs mountPath: /cockroach/cockroach-certs +{{- end }} +{{- range .Values.ExtraSecretMounts }} + - name: extra-secret-{{ . }} + mountPath: /etc/cockroach/secrets/{{ . }} + readOnly: true {{- end }} command: - "/bin/bash" - "-ecx" # The use of qualified `hostname -f` is crucial: # Other nodes aren't able to look up the unqualified hostname. - - "exec /cockroach/cockroach start --logtostderr {{ if .Values.Secure.Enabled }}--certs-dir /cockroach/cockroach-certs{{ else }}--insecure{{ end }} --advertise-host $(hostname).${STATEFULSET_FQDN} --http-host 0.0.0.0 --http-port {{ .Values.InternalHttpPort }} --port {{ .Values.InternalGrpcPort }} --cache {{ .Values.CacheSize }} --max-sql-memory {{ .Values.MaxSQLMemory }} {{ if .Values.Locality }}--locality={{.Values.Locality }}{{ end }} --join {{ if .Values.JoinExisting }}{{ join "," .Values.JoinExisting }}{{ else }}${STATEFULSET_NAME}-0.${STATEFULSET_FQDN}:{{ .Values.InternalGrpcPort }},${STATEFULSET_NAME}-1.${STATEFULSET_FQDN}:{{ .Values.InternalGrpcPort }},${STATEFULSET_NAME}-2.${STATEFULSET_FQDN}:{{ .Values.InternalGrpcPort }}{{ end }}" + - "exec /cockroach/cockroach start --logtostderr {{ if .Values.Secure.Enabled }}--certs-dir /cockroach/cockroach-certs{{ else }}--insecure{{ end }} --advertise-host $(hostname).${STATEFULSET_FQDN} --http-host 0.0.0.0 --http-port {{ .Values.InternalHttpPort }} --port {{ .Values.InternalGrpcPort }} --cache {{ .Values.CacheSize }} --max-sql-memory {{ .Values.MaxSQLMemory }} {{ if .Values.Locality }}--locality={{.Values.Locality }}{{ end }} --join {{ if .Values.JoinExisting }}{{ join "," .Values.JoinExisting }}{{ else }}${STATEFULSET_NAME}-0.${STATEFULSET_FQDN}:{{ .Values.InternalGrpcPort }},${STATEFULSET_NAME}-1.${STATEFULSET_FQDN}:{{ .Values.InternalGrpcPort }},${STATEFULSET_NAME}-2.${STATEFULSET_FQDN}:{{ .Values.InternalGrpcPort }}{{ end }}{{ range .Values.ExtraArgs }} {{ . }}{{ end }}" # No pre-stop hook is required, a SIGTERM plus some time is all that's # needed for graceful shutdown of a node. terminationGracePeriodSeconds: 60 @@ -306,6 +311,11 @@ spec: {{- if .Values.Secure.Enabled }} - name: certs emptyDir: {} +{{- end }} +{{- range .Values.ExtraSecretMounts }} + - name: extra-secret-{{ . }} + secret: + secretName: {{ . }} {{- end }} podManagementPolicy: {{ .Values.PodManagementPolicy }} updateStrategy: diff --git a/stable/cockroachdb/values.yaml b/stable/cockroachdb/values.yaml index a49fcb65660d..611d4ab68c9b 100644 --- a/stable/cockroachdb/values.yaml +++ b/stable/cockroachdb/values.yaml @@ -68,3 +68,7 @@ Secure: JoinExisting: [] # Set a locality (e.g. "region=us-central1,datacenter=us-centra1-a") if you're doing multi-cluster so data is distributed properly Locality: "" +# Additional command-line arguments you want to pass to the `cockroach start` commands +ExtraArgs: [] +# ExtraSecretMounts is a list of names from secrets in the same namespace as the cockroachdb cluster, which shall be mounted into /etc/cockroach/secrets/ for every cluster member. +ExtraSecretMounts: [] From 6b73423633702c1341da1aa705dadd8a956cfc94 Mon Sep 17 00:00:00 2001 From: "David J. M. Karlsen" Date: Thu, 28 Feb 2019 10:25:28 +0100 Subject: [PATCH 0365/1586] fixes for https://github.com/Comcast/kuberhealthy/issues/121 (#11829) Signed-off-by: David J. M. Karlsen --- stable/kuberhealthy/Chart.yaml | 4 ++-- stable/kuberhealthy/README.md | 8 +++++++- stable/kuberhealthy/templates/deployment.yaml | 5 +++++ stable/kuberhealthy/values.yaml | 9 +++++++-- 4 files changed, 21 insertions(+), 5 deletions(-) diff --git a/stable/kuberhealthy/Chart.yaml b/stable/kuberhealthy/Chart.yaml index b16db4893bfb..9cfd04170106 100644 --- a/stable/kuberhealthy/Chart.yaml +++ b/stable/kuberhealthy/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v1 -appVersion: "v1.0.1" +appVersion: "v1.0.2" home: https://comcast.github.io/kuberhealthy/ description: The official Helm chart for Kuberhealthy. name: kuberhealthy -version: 1.1.2 +version: 1.2.0 maintainers: - name: integrii email: eric.greer@comcast.com diff --git a/stable/kuberhealthy/README.md b/stable/kuberhealthy/README.md index b1b20078035d..24b3cdff0e48 100644 --- a/stable/kuberhealthy/README.md +++ b/stable/kuberhealthy/README.md @@ -37,7 +37,7 @@ app: name: "kuberhealthy" # what to name the kuberhealthy deployment image: repository: quay.io/comcast/kuberhealthy - tag: v1.0.1 + tag: v1.0.2 resources: requests: cpu: 100m @@ -54,6 +54,12 @@ deployment: maxUnavailable: 1 imagePullPolicy: IfNotPresent namespace: kuberhealthy + command: + - /app/kuberhealthy + # use this to override location of the test-image, see: https://github.com/Comcast/kuberhealthy/blob/master/docs/FLAGS.md + # args: + # - -dsPauseContainerImageOverride + # - your-repo/google_containers/pause:0.8.0 securityContext: # default container security context runAsNonRoot: true runAsUser: 999 diff --git a/stable/kuberhealthy/templates/deployment.yaml b/stable/kuberhealthy/templates/deployment.yaml index 27456c274912..09e0215728a9 100644 --- a/stable/kuberhealthy/templates/deployment.yaml +++ b/stable/kuberhealthy/templates/deployment.yaml @@ -30,6 +30,11 @@ spec: automountServiceAccountToken: true containers: - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + command: {{ .Values.deployment.command }} + {{- if .Values.deployment.args }} + args: +{{ toYaml .Values.deployment.args | nindent 8 }} + {{- end }} securityContext: {{- toYaml .Values.securityContext | nindent 10 -}} imagePullPolicy: {{ .Values.deployment.imagePullPolicy }} diff --git a/stable/kuberhealthy/values.yaml b/stable/kuberhealthy/values.yaml index 4cba092154e0..b838f8d9a887 100644 --- a/stable/kuberhealthy/values.yaml +++ b/stable/kuberhealthy/values.yaml @@ -11,7 +11,7 @@ prometheus: image: repository: quay.io/comcast/kuberhealthy - tag: v1.0.1 + tag: v1.0.2 resources: requests: @@ -30,7 +30,12 @@ deployment: maxSurge: 0 maxUnavailable: 1 imagePullPolicy: IfNotPresent - + command: + - /app/kuberhealthy + # use this to override location of the test-image, see: https://github.com/Comcast/kuberhealthy/blob/master/docs/FLAGS.md + # args: + # - -dsPauseContainerImageOverride + # - your-repo/google_containers/pause:0.8.0 securityContext: runAsNonRoot: true runAsUser: 999 From 5a1a7b2c5054d68b06651d237ae93ca195c20d72 Mon Sep 17 00:00:00 2001 From: hareku Date: Thu, 28 Feb 2019 18:38:22 +0900 Subject: [PATCH 0366/1586] Add efs-provisioner mountOptions (#11821) Signed-off-by: Masato Kureha --- stable/efs-provisioner/Chart.yaml | 2 +- stable/efs-provisioner/README.md | 3 +++ stable/efs-provisioner/templates/storageclass.yaml | 1 + stable/efs-provisioner/values.yaml | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/stable/efs-provisioner/Chart.yaml b/stable/efs-provisioner/Chart.yaml index fc52a83b682b..667eb0d8a4fc 100644 --- a/stable/efs-provisioner/Chart.yaml +++ b/stable/efs-provisioner/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: efs-provisioner description: A Helm chart for the AWS EFS external storage provisioner -version: 0.2.0 +version: 0.3.0 appVersion: v2.1.0-k8s1.11 home: https://github.com/kubernetes-incubator/external-storage/tree/master/aws/efs sources: diff --git a/stable/efs-provisioner/README.md b/stable/efs-provisioner/README.md index e8e8c9918f39..1b1fb413dbef 100644 --- a/stable/efs-provisioner/README.md +++ b/stable/efs-provisioner/README.md @@ -88,6 +88,9 @@ efsProvisioner: gidMin: 40000 gidMax: 50000 reclaimPolicy: Delete + mountOptions: [] + # - acregmin=3 + # - acregmax=60 ## Enable RBAC ## Leave serviceAccountName blank for the default name diff --git a/stable/efs-provisioner/templates/storageclass.yaml b/stable/efs-provisioner/templates/storageclass.yaml index f6822f03b431..0b35356e6dee 100644 --- a/stable/efs-provisioner/templates/storageclass.yaml +++ b/stable/efs-provisioner/templates/storageclass.yaml @@ -25,3 +25,4 @@ parameters: gidAllocate: "false" {{- end }} reclaimPolicy: {{ .Values.efsProvisioner.storageClass.reclaimPolicy }} +mountOptions: {{ .Values.efsProvisioner.storageClass.mountOptions }} diff --git a/stable/efs-provisioner/values.yaml b/stable/efs-provisioner/values.yaml index 394a9195bd1e..422183885ba7 100644 --- a/stable/efs-provisioner/values.yaml +++ b/stable/efs-provisioner/values.yaml @@ -38,6 +38,7 @@ efsProvisioner: gidMin: 40000 gidMax: 50000 reclaimPolicy: Delete + mountOptions: [] ## Enable RBAC ## From 44e09add335f81cd3a260b1b5326830ed75f5cee Mon Sep 17 00:00:00 2001 From: Yoon Date: Thu, 28 Feb 2019 18:45:39 +0900 Subject: [PATCH 0367/1586] [stable/auto-scaler] Add explicit awsRegion step in README (#11822) Prevent from missing `awsRegion` setting since the auto-discovery step was not explicitly documented about it. Signed-off-by: Yoonian --- stable/cluster-autoscaler/Chart.yaml | 2 +- stable/cluster-autoscaler/README.md | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/stable/cluster-autoscaler/Chart.yaml b/stable/cluster-autoscaler/Chart.yaml index bbe57b23862b..00cecac691b0 100644 --- a/stable/cluster-autoscaler/Chart.yaml +++ b/stable/cluster-autoscaler/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: Scales worker nodes within autoscaling groups. icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png name: cluster-autoscaler -version: 0.11.2 +version: 0.11.3 appVersion: 1.13.1 home: https://github.com/kubernetes/autoscaler sources: diff --git a/stable/cluster-autoscaler/README.md b/stable/cluster-autoscaler/README.md index 9fa9a9518600..a69fcb3baf3a 100644 --- a/stable/cluster-autoscaler/README.md +++ b/stable/cluster-autoscaler/README.md @@ -40,6 +40,7 @@ Auto-discovery finds ASGs tags as below and automatically manages them based on 1) tag the ASGs with _key_ `k8s.io/cluster-autoscaler/enabled` and _key_ `kubernetes.io/cluster/` 2) verify the [IAM Permissions](#iam) 3) set `autoDiscovery.clusterName=` +4) set `awsRegion=` ```console $ helm install stable/cluster-autoscaler --name my-release --set autoDiscovery.clusterName= From b4d174da9d460366468aad63891929e6fb78e2c1 Mon Sep 17 00:00:00 2001 From: leigh schrandt Date: Thu, 28 Feb 2019 02:54:48 -0700 Subject: [PATCH 0368/1586] [stable/prometheus-operator] Update deps for grafana v6 (#11824) Signed-off-by: leigh schrandt --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/requirements.lock | 6 +++--- stable/prometheus-operator/requirements.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index 2198963b1bd7..acb36e5da3be 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 4.1.1 +version: 4.2.0 appVersion: 0.29.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/requirements.lock b/stable/prometheus-operator/requirements.lock index e95322e3e92e..3774b6657518 100644 --- a/stable/prometheus-operator/requirements.lock +++ b/stable/prometheus-operator/requirements.lock @@ -7,6 +7,6 @@ dependencies: version: 1.3.0 - name: grafana repository: https://kubernetes-charts.storage.googleapis.com/ - version: 2.0.2 -digest: sha256:c3746232f84904ce907eaf0f886e2a076e75d766e81a7c12140c41890d9985f5 -generated: 2019-02-21T22:20:40.7283+03:00 + version: 2.2.0 +digest: sha256:6e9375439679814f0e01aa0eb840f7e332f2ba22c468539689bd462f356d6e50 +generated: 2019-02-27T22:56:03.708807073-07:00 diff --git a/stable/prometheus-operator/requirements.yaml b/stable/prometheus-operator/requirements.yaml index 076e5513b096..226f803257f2 100644 --- a/stable/prometheus-operator/requirements.yaml +++ b/stable/prometheus-operator/requirements.yaml @@ -11,6 +11,6 @@ dependencies: condition: nodeExporter.enabled - name: grafana - version: 2.0.* + version: 2.2.* repository: https://kubernetes-charts.storage.googleapis.com/ condition: grafana.enabled From 42e184926c7bda751454fedda96db19035960e27 Mon Sep 17 00:00:00 2001 From: Aditya Sundaramurthy Date: Thu, 28 Feb 2019 12:01:42 +0100 Subject: [PATCH 0369/1586] Feature/kuberhealthy pod annotations (#11651) * Allow addition of pod annotations Signed-off-by: Aditya Sundaramurthy * document and bump chart Signed-off-by: Aditya Sundaramurthy --- stable/kuberhealthy/Chart.yaml | 2 +- stable/kuberhealthy/README.md | 1 + stable/kuberhealthy/templates/deployment.yaml | 6 ++++++ stable/kuberhealthy/values.yaml | 1 + 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/kuberhealthy/Chart.yaml b/stable/kuberhealthy/Chart.yaml index 9cfd04170106..fd9570699691 100644 --- a/stable/kuberhealthy/Chart.yaml +++ b/stable/kuberhealthy/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "v1.0.2" home: https://comcast.github.io/kuberhealthy/ description: The official Helm chart for Kuberhealthy. name: kuberhealthy -version: 1.2.0 +version: 1.2.1 maintainers: - name: integrii email: eric.greer@comcast.com diff --git a/stable/kuberhealthy/README.md b/stable/kuberhealthy/README.md index 24b3cdff0e48..61d935794867 100644 --- a/stable/kuberhealthy/README.md +++ b/stable/kuberhealthy/README.md @@ -54,6 +54,7 @@ deployment: maxUnavailable: 1 imagePullPolicy: IfNotPresent namespace: kuberhealthy + podAnnotations: {} # Annotations to be added to pods created by the deployment command: - /app/kuberhealthy # use this to override location of the test-image, see: https://github.com/Comcast/kuberhealthy/blob/master/docs/FLAGS.md diff --git a/stable/kuberhealthy/templates/deployment.yaml b/stable/kuberhealthy/templates/deployment.yaml index 09e0215728a9..5b798c46fc9b 100644 --- a/stable/kuberhealthy/templates/deployment.yaml +++ b/stable/kuberhealthy/templates/deployment.yaml @@ -20,6 +20,12 @@ spec: type: RollingUpdate template: metadata: + {{- if .Values.deployment.podAnnotations }} + annotations: + {{- range $key, $value := .Values.deployment.podAnnotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} + {{- end }} labels: app: {{ template "kuberhealthy.name" . }} chart: {{ .Chart.Name }} diff --git a/stable/kuberhealthy/values.yaml b/stable/kuberhealthy/values.yaml index b838f8d9a887..2d9a9081edd2 100644 --- a/stable/kuberhealthy/values.yaml +++ b/stable/kuberhealthy/values.yaml @@ -30,6 +30,7 @@ deployment: maxSurge: 0 maxUnavailable: 1 imagePullPolicy: IfNotPresent + podAnnotations: {} command: - /app/kuberhealthy # use this to override location of the test-image, see: https://github.com/Comcast/kuberhealthy/blob/master/docs/FLAGS.md From bcdcbf5e6dbe753a0ca6d882186f1b1567109b19 Mon Sep 17 00:00:00 2001 From: "David J. M. Karlsen" Date: Thu, 28 Feb 2019 12:40:01 +0100 Subject: [PATCH 0370/1586] expose container port so it can be scraped (#11831) Signed-off-by: David J. M. Karlsen --- stable/kuberhealthy/Chart.yaml | 2 +- stable/kuberhealthy/templates/deployment.yaml | 3 +++ stable/kuberhealthy/templates/service.yaml | 3 +-- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/stable/kuberhealthy/Chart.yaml b/stable/kuberhealthy/Chart.yaml index fd9570699691..a759fa047458 100644 --- a/stable/kuberhealthy/Chart.yaml +++ b/stable/kuberhealthy/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "v1.0.2" home: https://comcast.github.io/kuberhealthy/ description: The official Helm chart for Kuberhealthy. name: kuberhealthy -version: 1.2.1 +version: 1.2.2 maintainers: - name: integrii email: eric.greer@comcast.com diff --git a/stable/kuberhealthy/templates/deployment.yaml b/stable/kuberhealthy/templates/deployment.yaml index 5b798c46fc9b..a60b57f4a200 100644 --- a/stable/kuberhealthy/templates/deployment.yaml +++ b/stable/kuberhealthy/templates/deployment.yaml @@ -41,6 +41,9 @@ spec: args: {{ toYaml .Values.deployment.args | nindent 8 }} {{- end }} + ports: + - containerPort: 8080 + name: http securityContext: {{- toYaml .Values.securityContext | nindent 10 -}} imagePullPolicy: {{ .Values.deployment.imagePullPolicy }} diff --git a/stable/kuberhealthy/templates/service.yaml b/stable/kuberhealthy/templates/service.yaml index 85c80ba273d5..a21ddd13e4d9 100644 --- a/stable/kuberhealthy/templates/service.yaml +++ b/stable/kuberhealthy/templates/service.yaml @@ -8,7 +8,6 @@ metadata: {{ if .Values.prometheus.enableScraping -}} annotations: prometheus.io/scrape: "true" - prometheus.io/port: {{ .Values.service.externalPort | quote }} prometheus.io/path: "/metrics" {{ end -}} {{ end -}} @@ -18,7 +17,7 @@ spec: ports: - port: {{ .Values.service.externalPort }} name: http - targetPort: 8080 + targetPort: http selector: app: {{ template "kuberhealthy.name" . }} release: {{ .Release.Name }} From 6f32c932717d03447d5bac5a9d7e37d3c7260371 Mon Sep 17 00:00:00 2001 From: Vladimir Date: Thu, 28 Feb 2019 13:55:42 +0200 Subject: [PATCH 0371/1586] fix: add missed template for serviceaccount and add basic RBAC resources (#11742) * fix: add missed template for serviceaccount and add basic RBAC resources Signed-off-by: Vladimir Syromyatnikov * requested fixes Signed-off-by: Vladimir Syromyatnikov --- stable/mariadb/Chart.yaml | 2 +- stable/mariadb/README.md | 1 + .../templates/initialization-configmap.yaml | 4 ++-- stable/mariadb/templates/master-configmap.yaml | 4 ++-- .../mariadb/templates/master-statefulset.yaml | 6 +++--- stable/mariadb/templates/master-svc.yaml | 2 +- stable/mariadb/templates/role.yaml | 18 ++++++++++++++++++ stable/mariadb/templates/rolebinding.yaml | 18 ++++++++++++++++++ stable/mariadb/templates/secrets.yaml | 4 ++-- stable/mariadb/templates/serviceaccount.yaml | 11 +++++++++++ stable/mariadb/templates/slave-configmap.yaml | 4 ++-- .../mariadb/templates/slave-statefulset.yaml | 6 +++--- stable/mariadb/templates/slave-svc.yaml | 2 +- stable/mariadb/values-production.yaml | 7 +++++++ stable/mariadb/values.yaml | 7 +++++++ 15 files changed, 79 insertions(+), 17 deletions(-) create mode 100644 stable/mariadb/templates/role.yaml create mode 100644 stable/mariadb/templates/rolebinding.yaml create mode 100644 stable/mariadb/templates/serviceaccount.yaml diff --git a/stable/mariadb/Chart.yaml b/stable/mariadb/Chart.yaml index d313eac49db5..8f07969ec270 100644 --- a/stable/mariadb/Chart.yaml +++ b/stable/mariadb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mariadb -version: 5.5.4 +version: 5.6.0 appVersion: 10.1.38 description: Fast, reliable, scalable, and easy to use open-source relational database system. MariaDB Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. Highly available MariaDB cluster. keywords: diff --git a/stable/mariadb/README.md b/stable/mariadb/README.md index 5a5cd4c05a52..8436896c449c 100644 --- a/stable/mariadb/README.md +++ b/stable/mariadb/README.md @@ -61,6 +61,7 @@ The following table lists the configurable parameters of the MariaDB chart and t | `service.port` | MySQL service port | `3306` | | `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `false` | | `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the mariadb.fullname template | +| `rbac.create` | Create and use RBAC resources | `false` | | `securityContext.enabled` | Enable security context | `true` | | `securityContext.fsGroup` | Group ID for the container | `1001` | | `securityContext.runAsUser` | User ID for the container | `1001` | diff --git a/stable/mariadb/templates/initialization-configmap.yaml b/stable/mariadb/templates/initialization-configmap.yaml index f7380aff77ed..172e6ae07e5b 100644 --- a/stable/mariadb/templates/initialization-configmap.yaml +++ b/stable/mariadb/templates/initialization-configmap.yaml @@ -4,8 +4,8 @@ kind: ConfigMap metadata: name: {{ template "master.fullname" . }}-init-scripts labels: - app: {{ template "mariadb.name" . }} - chart: {{ template "mariadb.chart" . }} + app: "{{ template "mariadb.name" . }}" + chart: "{{ template "mariadb.chart" . }}" release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} component: "master" diff --git a/stable/mariadb/templates/master-configmap.yaml b/stable/mariadb/templates/master-configmap.yaml index 880a10198da9..08bc10c28921 100644 --- a/stable/mariadb/templates/master-configmap.yaml +++ b/stable/mariadb/templates/master-configmap.yaml @@ -4,9 +4,9 @@ kind: ConfigMap metadata: name: {{ template "master.fullname" . }} labels: - app: {{ template "mariadb.name" . }} + app: "{{ template "mariadb.name" . }}" component: "master" - chart: {{ template "mariadb.chart" . }} + chart: "{{ template "mariadb.chart" . }}" release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} data: diff --git a/stable/mariadb/templates/master-statefulset.yaml b/stable/mariadb/templates/master-statefulset.yaml index c077a3b6089e..695d7c4ac98c 100644 --- a/stable/mariadb/templates/master-statefulset.yaml +++ b/stable/mariadb/templates/master-statefulset.yaml @@ -4,7 +4,7 @@ metadata: name: {{ template "master.fullname" . }} labels: app: "{{ template "mariadb.name" . }}" - chart: {{ template "mariadb.chart" . }} + chart: "{{ template "mariadb.chart" . }}" component: "master" release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} @@ -13,7 +13,7 @@ spec: matchLabels: release: "{{ .Release.Name }}" component: "master" - app: {{ template "mariadb.name" . }} + app: "{{ template "mariadb.name" . }}" serviceName: "{{ template "master.fullname" . }}" replicas: 1 updateStrategy: @@ -30,7 +30,7 @@ spec: app: "{{ template "mariadb.name" . }}" component: "master" release: "{{ .Release.Name }}" - chart: {{ template "mariadb.chart" . }} + chart: "{{ template "mariadb.chart" . }}" spec: serviceAccountName: "{{ template "mariadb.serviceAccountName" . }}" {{- if .Values.securityContext.enabled }} diff --git a/stable/mariadb/templates/master-svc.yaml b/stable/mariadb/templates/master-svc.yaml index 56810b44b735..4e138ad1414a 100644 --- a/stable/mariadb/templates/master-svc.yaml +++ b/stable/mariadb/templates/master-svc.yaml @@ -5,7 +5,7 @@ metadata: labels: app: "{{ template "mariadb.name" . }}" component: "master" - chart: {{ template "mariadb.chart" . }} + chart: "{{ template "mariadb.chart" . }}" release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} {{- if .Values.metrics.enabled }} diff --git a/stable/mariadb/templates/role.yaml b/stable/mariadb/templates/role.yaml new file mode 100644 index 000000000000..f34b32bb1c46 --- /dev/null +++ b/stable/mariadb/templates/role.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "master.fullname" . }} + labels: + app: "{{ template "mariadb.name" . }}" + chart: "{{ template "mariadb.chart" . }}" + release: "{{ .Release.Name | quote }}" + heritage: "{{ .Release.Service | quote }}" +rules: +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get +{{- end }} diff --git a/stable/mariadb/templates/rolebinding.yaml b/stable/mariadb/templates/rolebinding.yaml new file mode 100644 index 000000000000..98c03bb9c65b --- /dev/null +++ b/stable/mariadb/templates/rolebinding.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.serviceAccount.create .Values.rbac.create }} +kind: RoleBinding +apiVersion: rbac.authorization.k8s.io/v1 +metadata: + name: {{ template "master.fullname" . }} + labels: + app: "{{ template "mariadb.name" . }}" + chart: "{{ template "mariadb.chart" . }}" + release: "{{ .Release.Name | quote }}" + heritage: "{{ .Release.Service | quote }}" +subjects: +- kind: ServiceAccount + name: {{ template "mariadb.serviceAccountName" . }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "master.fullname" . }} +{{- end }} diff --git a/stable/mariadb/templates/secrets.yaml b/stable/mariadb/templates/secrets.yaml index 401691c1035d..0f8d545e02fc 100644 --- a/stable/mariadb/templates/secrets.yaml +++ b/stable/mariadb/templates/secrets.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "mariadb.fullname" . }} labels: app: "{{ template "mariadb.name" . }}" - chart: {{ template "mariadb.chart" . }} + chart: "{{ template "mariadb.chart" . }}" release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} type: Opaque @@ -35,4 +35,4 @@ data: mariadb-replication-password: {{ required "A MariaDB Replication Password is required!" .Values.replication.password }} {{- end }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/mariadb/templates/serviceaccount.yaml b/stable/mariadb/templates/serviceaccount.yaml new file mode 100644 index 000000000000..7ed0950acec0 --- /dev/null +++ b/stable/mariadb/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "mariadb.serviceAccountName" . }} + labels: + app: "{{ template "mariadb.name" . }}" + chart: "{{ template "mariadb.chart" . }}" + release: "{{ .Release.Name | quote }}" + heritage: "{{ .Release.Service | quote }}" +{{- end }} diff --git a/stable/mariadb/templates/slave-configmap.yaml b/stable/mariadb/templates/slave-configmap.yaml index 056cf5c0700d..074568c66f51 100644 --- a/stable/mariadb/templates/slave-configmap.yaml +++ b/stable/mariadb/templates/slave-configmap.yaml @@ -4,9 +4,9 @@ kind: ConfigMap metadata: name: {{ template "slave.fullname" . }} labels: - app: {{ template "mariadb.name" . }} + app: "{{ template "mariadb.name" . }}" component: "slave" - chart: {{ template "mariadb.chart" . }} + chart: "{{ template "mariadb.chart" . }}" release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} data: diff --git a/stable/mariadb/templates/slave-statefulset.yaml b/stable/mariadb/templates/slave-statefulset.yaml index bc8786acded8..5574a0dd3779 100644 --- a/stable/mariadb/templates/slave-statefulset.yaml +++ b/stable/mariadb/templates/slave-statefulset.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "slave.fullname" . }} labels: app: "{{ template "mariadb.name" . }}" - chart: {{ template "mariadb.chart" . }} + chart: "{{ template "mariadb.chart" . }}" component: "slave" release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} @@ -14,7 +14,7 @@ spec: matchLabels: release: "{{ .Release.Name }}" component: "slave" - app: {{ template "mariadb.name" . }} + app: "{{ template "mariadb.name" . }}" serviceName: "{{ template "slave.fullname" . }}" replicas: {{ .Values.slave.replicas }} updateStrategy: @@ -31,7 +31,7 @@ spec: app: "{{ template "mariadb.name" . }}" component: "slave" release: "{{ .Release.Name }}" - chart: {{ template "mariadb.chart" . }} + chart: "{{ template "mariadb.chart" . }}" spec: serviceAccountName: "{{ template "mariadb.serviceAccountName" . }}" {{- if .Values.securityContext.enabled }} diff --git a/stable/mariadb/templates/slave-svc.yaml b/stable/mariadb/templates/slave-svc.yaml index c41ecb7524a4..a4773bd0d22e 100644 --- a/stable/mariadb/templates/slave-svc.yaml +++ b/stable/mariadb/templates/slave-svc.yaml @@ -5,7 +5,7 @@ metadata: name: {{ template "slave.fullname" . }} labels: app: "{{ template "mariadb.name" . }}" - chart: {{ template "mariadb.chart" . }} + chart: "{{ template "mariadb.chart" . }}" component: "slave" release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} diff --git a/stable/mariadb/values-production.yaml b/stable/mariadb/values-production.yaml index 25e09842e25a..8ea111eed681 100644 --- a/stable/mariadb/values-production.yaml +++ b/stable/mariadb/values-production.yaml @@ -50,6 +50,13 @@ serviceAccount: ## If not set and create is true, a name is generated using the mariadb.fullname template # name: +## Role Based Access +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## + +rbac: + create: false + ## Pod Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## diff --git a/stable/mariadb/values.yaml b/stable/mariadb/values.yaml index 15ee10f27879..17d7e92a31a9 100644 --- a/stable/mariadb/values.yaml +++ b/stable/mariadb/values.yaml @@ -50,6 +50,13 @@ serviceAccount: ## If not set and create is true, a name is generated using the mariadb.fullname template # name: +## Role Based Access +## Ref: https://kubernetes.io/docs/admin/authorization/rbac/ +## + +rbac: + create: false + ## Pod Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## From 1f18aa5822f8c2927640705963a566241e2f54bb Mon Sep 17 00:00:00 2001 From: Greg Hill Date: Thu, 28 Feb 2019 12:20:54 +0000 Subject: [PATCH 0372/1586] fix hoard secrets id (#11835) Signed-off-by: Gregory Hill --- stable/hoard/Chart.yaml | 2 +- stable/hoard/templates/configmap.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/hoard/Chart.yaml b/stable/hoard/Chart.yaml index f962ed758062..486a7e40ef7c 100644 --- a/stable/hoard/Chart.yaml +++ b/stable/hoard/Chart.yaml @@ -1,5 +1,5 @@ name: hoard -version: 0.6.5 +version: 0.6.6 appVersion: 3.0.0 description: Hoard is a stateless, deterministically encrypted, content-addressed object store home: https://github.com/monax/hoard diff --git a/stable/hoard/templates/configmap.yaml b/stable/hoard/templates/configmap.yaml index ea8b01b0553c..e60eceacd82f 100644 --- a/stable/hoard/templates/configmap.yaml +++ b/stable/hoard/templates/configmap.yaml @@ -27,7 +27,7 @@ data: {{- if .Values.openpgp }} [Secrets.OpenPGP] - ID = "{{ .Values.openpgp.id }}" + PrivateID = "{{ .Values.openpgp.id }}" File = "/secrets/keyring" {{- end }} @@ -35,7 +35,7 @@ data: {{- range $key, $val := .Values.secrets }} [[Secrets.Symmetric]] - ID = {{ $key | quote }} + PublicID = {{ $key | quote }} Passphrase = {{ $val | quote }} {{- end }} From 30369a102063f84ab065a02b36d877505f533787 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Bed=C5=99ich?= Date: Thu, 28 Feb 2019 13:34:46 +0100 Subject: [PATCH 0373/1586] [stable/mariadb] Add PodDisruptionBudget for MariaDB (#11417) Signed-off-by: Tomas Bedrich --- stable/mariadb/Chart.yaml | 2 +- stable/mariadb/README.md | 6 ++++++ stable/mariadb/templates/master-pdb.yaml | 24 ++++++++++++++++++++++ stable/mariadb/templates/slave-pdb.yaml | 26 ++++++++++++++++++++++++ stable/mariadb/values-production.yaml | 10 +++++++++ stable/mariadb/values.yaml | 10 +++++++++ 6 files changed, 77 insertions(+), 1 deletion(-) create mode 100644 stable/mariadb/templates/master-pdb.yaml create mode 100644 stable/mariadb/templates/slave-pdb.yaml diff --git a/stable/mariadb/Chart.yaml b/stable/mariadb/Chart.yaml index 8f07969ec270..1229009f8aac 100644 --- a/stable/mariadb/Chart.yaml +++ b/stable/mariadb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mariadb -version: 5.6.0 +version: 5.7.0 appVersion: 10.1.38 description: Fast, reliable, scalable, and easy to use open-source relational database system. MariaDB Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. Highly available MariaDB cluster. keywords: diff --git a/stable/mariadb/README.md b/stable/mariadb/README.md index 8436896c449c..ccd835b0d651 100644 --- a/stable/mariadb/README.md +++ b/stable/mariadb/README.md @@ -103,6 +103,9 @@ The following table lists the configurable parameters of the MariaDB chart and t | `master.readinessProbe.timeoutSeconds` | When the probe times out (master) | `1` | | `master.readinessProbe.successThreshold` | Minimum consecutive successes for the probe (master)| `1` | | `master.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe (master) | `3` | +| `master.podDisruptionBudget.enabled` | If true, create a pod disruption budget for master pods. | `false` | +| `master.podDisruptionBudget.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` | +| `master.podDisruptionBudget.maxUnavailable`| Maximum number / percentage of pods that may be made unavailable | `nil` | | `slave.replicas` | Desired number of slave replicas | `1` | | `slave.annotations[].key` | key for the the annotation list item | `nil` | | `slave.annotations[].value` | value for the the annotation list item | `nil` | @@ -129,6 +132,9 @@ The following table lists the configurable parameters of the MariaDB chart and t | `slave.readinessProbe.timeoutSeconds` | When the probe times out (slave) | `1` | | `slave.readinessProbe.successThreshold` | Minimum consecutive successes for the probe (slave) | `1` | | `slave.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe (slave) | `3` | +| `slave.podDisruptionBudget.enabled` | If true, create a pod disruption budget for slave pods. | `false` | +| `slave.podDisruptionBudget.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` | +| `slave.podDisruptionBudget.maxUnavailable`| Maximum number / percentage of pods that may be made unavailable | `nil` | | `metrics.enabled` | Start a side-car prometheus exporter | `false` | | `metrics.image.registry` | Exporter image registry | `docker.io` | | `metrics.image.repository` | Exporter image name | `prom/mysqld-exporter` | diff --git a/stable/mariadb/templates/master-pdb.yaml b/stable/mariadb/templates/master-pdb.yaml new file mode 100644 index 000000000000..b162ac0a7d81 --- /dev/null +++ b/stable/mariadb/templates/master-pdb.yaml @@ -0,0 +1,24 @@ +{{- if .Values.master.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "mariadb.fullname" . }} + labels: + app: "{{ template "mariadb.name" . }}" + component: "master" + chart: {{ template "mariadb.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: +{{- if .Values.master.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.master.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.master.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.master.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + app: "{{ template "mariadb.name" . }}" + component: "master" + release: {{ .Release.Name | quote }} +{{- end }} diff --git a/stable/mariadb/templates/slave-pdb.yaml b/stable/mariadb/templates/slave-pdb.yaml new file mode 100644 index 000000000000..de36a08c5d58 --- /dev/null +++ b/stable/mariadb/templates/slave-pdb.yaml @@ -0,0 +1,26 @@ +{{- if .Values.replication.enabled }} +{{- if .Values.slave.podDisruptionBudget.enabled }} +apiVersion: policy/v1beta1 +kind: PodDisruptionBudget +metadata: + name: {{ template "mariadb.fullname" . }} + labels: + app: "{{ template "mariadb.name" . }}" + component: "slave" + chart: {{ template "mariadb.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +spec: +{{- if .Values.slave.podDisruptionBudget.minAvailable }} + minAvailable: {{ .Values.slave.podDisruptionBudget.minAvailable }} +{{- end }} +{{- if .Values.slave.podDisruptionBudget.maxUnavailable }} + maxUnavailable: {{ .Values.slave.podDisruptionBudget.maxUnavailable }} +{{- end }} + selector: + matchLabels: + app: "{{ template "mariadb.name" . }}" + component: "slave" + release: {{ .Release.Name | quote }} +{{- end }} +{{- end }} diff --git a/stable/mariadb/values-production.yaml b/stable/mariadb/values-production.yaml index 8ea111eed681..0323835dae5c 100644 --- a/stable/mariadb/values-production.yaml +++ b/stable/mariadb/values-production.yaml @@ -234,6 +234,11 @@ master: successThreshold: 1 failureThreshold: 3 + podDisruptionBudget: + enabled: false + minAvailable: 1 + # maxUnavailable: 1 + slave: replicas: 2 @@ -330,6 +335,11 @@ slave: successThreshold: 1 failureThreshold: 3 + podDisruptionBudget: + enabled: false + minAvailable: 1 + # maxUnavailable: 1 + metrics: enabled: true image: diff --git a/stable/mariadb/values.yaml b/stable/mariadb/values.yaml index 17d7e92a31a9..29a8d597422d 100644 --- a/stable/mariadb/values.yaml +++ b/stable/mariadb/values.yaml @@ -234,6 +234,11 @@ master: successThreshold: 1 failureThreshold: 3 + podDisruptionBudget: + enabled: false + minAvailable: 1 + # maxUnavailable: 1 + slave: replicas: 1 @@ -329,6 +334,11 @@ slave: successThreshold: 1 failureThreshold: 3 + podDisruptionBudget: + enabled: false + minAvailable: 1 + # maxUnavailable: 1 + metrics: enabled: false image: From 62ba4e6b6d9a08a6bee6f61569e24fb7e95bdb33 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jo=C2=B2?= Date: Thu, 28 Feb 2019 14:19:24 +0100 Subject: [PATCH 0374/1586] [stable/mongodb-replica-set] Fix metrics livenessProbe and regression in securityContext (#11819) * Fix livenessProbe settings indentation Signed-off-by: Jonathan Amiez * Re-enable security context Was enabled by default before #10682. Signed-off-by: Jonathan Amiez * Bump mongodb-replicaset version Signed-off-by: Jonathan Amiez --- stable/mongodb-replicaset/Chart.yaml | 2 +- stable/mongodb-replicaset/templates/mongodb-statefulset.yaml | 4 ++-- stable/mongodb-replicaset/values.yaml | 1 + 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/stable/mongodb-replicaset/Chart.yaml b/stable/mongodb-replicaset/Chart.yaml index 518e9aba8379..95d8c5bbb796 100644 --- a/stable/mongodb-replicaset/Chart.yaml +++ b/stable/mongodb-replicaset/Chart.yaml @@ -1,6 +1,6 @@ name: mongodb-replicaset home: https://github.com/mongodb/mongo -version: 3.9.1 +version: 3.9.2 appVersion: 3.6 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. diff --git a/stable/mongodb-replicaset/templates/mongodb-statefulset.yaml b/stable/mongodb-replicaset/templates/mongodb-statefulset.yaml index 6c364821d56e..9be59c9c01dc 100644 --- a/stable/mongodb-replicaset/templates/mongodb-statefulset.yaml +++ b/stable/mongodb-replicaset/templates/mongodb-statefulset.yaml @@ -296,8 +296,8 @@ spec: -mongodb.tls-cert=/work-dir/mongo.pem {{- end }} -test - initialDelaySeconds: 30 - periodSeconds: 10 + initialDelaySeconds: 30 + periodSeconds: 10 {{ end }} {{- with .Values.nodeSelector }} nodeSelector: diff --git a/stable/mongodb-replicaset/values.yaml b/stable/mongodb-replicaset/values.yaml index 975e74cbb675..e9c96c8ca55e 100644 --- a/stable/mongodb-replicaset/values.yaml +++ b/stable/mongodb-replicaset/values.yaml @@ -66,6 +66,7 @@ metrics: podAnnotations: {} securityContext: + enabled: true runAsUser: 999 fsGroup: 999 runAsNonRoot: true From e2d9b916e2fe1b6880ec6d8ea2e07abb2a6ae0e9 Mon Sep 17 00:00:00 2001 From: micw Date: Thu, 28 Feb 2019 19:07:33 +0000 Subject: [PATCH 0375/1586] #11812 allow hostPath as datadir (#11815) * allow hostPath as datadir Signed-off-by: Michael Wyraz * Better documentation for hostPath as datadir, make the chown init-container optional Signed-off-by: Michael Wyraz --- stable/redis-ha/Chart.yaml | 2 +- stable/redis-ha/README.md | 2 ++ .../templates/redis-ha-statefulset.yaml | 18 ++++++++++++++++++ stable/redis-ha/values.yaml | 12 ++++++++++++ 4 files changed, 33 insertions(+), 1 deletion(-) diff --git a/stable/redis-ha/Chart.yaml b/stable/redis-ha/Chart.yaml index 660e9bf33718..530289b35e30 100644 --- a/stable/redis-ha/Chart.yaml +++ b/stable/redis-ha/Chart.yaml @@ -5,7 +5,7 @@ keywords: - redis - keyvalue - database -version: 3.2.0 +version: 3.2.1 appVersion: 5.0.3 description: Highly available Kubernetes implementation of Redis icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png diff --git a/stable/redis-ha/README.md b/stable/redis-ha/README.md index cf5325d27e45..f495ba9ce9cc 100644 --- a/stable/redis-ha/README.md +++ b/stable/redis-ha/README.md @@ -78,6 +78,8 @@ The following table lists the configurable parameters of the Redis chart and the | `exporter.tag` | Exporter tag | `v0.28.0` | | `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` | | `exporter.extraArgs` | Additional args for the exporter | `{}` | +| `hostPath.path` | Use this path on the host for data storage | not set | +| `hostPath.chown` | Run an init-container as root to set ownership on the hostPath | true | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/redis-ha/templates/redis-ha-statefulset.yaml b/stable/redis-ha/templates/redis-ha-statefulset.yaml index 3fde614608e4..48502632c9f8 100644 --- a/stable/redis-ha/templates/redis-ha-statefulset.yaml +++ b/stable/redis-ha/templates/redis-ha-statefulset.yaml @@ -49,6 +49,20 @@ spec: securityContext: {{ toYaml .Values.securityContext | indent 8 }} initContainers: +{{- if and .Values.hostPath.path .Values.hostPath.chown }} + - name: hostpath-chown + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + securityContext: + runAsNonRoot: false + runAsUser: 0 + command: + - chown + - "{{ .Values.securityContext.runAsUser }}" + - /data + volumeMounts: + - name: data + mountPath: /data +{{- end }} - name: config-init image: {{ .Values.image.repository }}:{{ .Values.image.tag }} imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -225,6 +239,10 @@ spec: storageClassName: "{{ .Values.persistentVolume.storageClass }}" {{- end }} {{- end }} +{{- else if .Values.hostPath.path }} + - name: data + hostPath: + path: {{ tpl .Values.hostPath.path .}} {{- else }} - name: data emptyDir: {} diff --git a/stable/redis-ha/values.yaml b/stable/redis-ha/values.yaml index 6e118f064b94..c5b96d83933b 100644 --- a/stable/redis-ha/values.yaml +++ b/stable/redis-ha/values.yaml @@ -138,3 +138,15 @@ persistentVolume: annotations: {} init: resources: {} + +# To use a hostPath for data, set persistentVolume.enabled to false +# and define hostPath.path. +# Warning: this might overwrite existing folders on the host system! +hostPath: + ## path is evaluated as template so placeholders are replaced + # path: "/data/{{ .Release.Name }}" + + # if chown is true, an init-container with root permissions is launched to + # change the owner of the hostPath folder to the user defined in the + # security context + chown: true From 6a78c5a9ce6001f66fa0b8bdc3392d9a6e00ff99 Mon Sep 17 00:00:00 2001 From: Abhishek Jaisingh Date: Fri, 1 Mar 2019 03:32:18 +0530 Subject: [PATCH 0376/1586] [incubator/kafka] fix NOTES.txt: update script paths (#11503) Signed-off-by: Abhishek Jaisingh --- incubator/kafka/Chart.yaml | 2 +- incubator/kafka/templates/NOTES.txt | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/incubator/kafka/Chart.yaml b/incubator/kafka/Chart.yaml index 3535c3486c15..568affe8487e 100755 --- a/incubator/kafka/Chart.yaml +++ b/incubator/kafka/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: Apache Kafka is publish-subscribe messaging rethought as a distributed commit log. name: kafka -version: 0.13.10 +version: 0.13.11 appVersion: 5.0.1 keywords: - kafka diff --git a/incubator/kafka/templates/NOTES.txt b/incubator/kafka/templates/NOTES.txt index d4450e109332..08ea4e45cb08 100644 --- a/incubator/kafka/templates/NOTES.txt +++ b/incubator/kafka/templates/NOTES.txt @@ -19,20 +19,20 @@ You can connect to Kafka by running a simple pod in the K8s cluster like this wi Once you have the testclient pod above running, you can list all kafka topics with: - kubectl -n {{ .Release.Namespace }} exec testclient -- /usr/bin/kafka-topics --zookeeper {{ .Release.Name }}-zookeeper:2181 --list - + kubectl -n {{ .Release.Namespace }} exec testclient -- /opt/kafka/bin/kafka-topics.sh --zookeeper {{ .Release.Name }}-zookeeper:2181 --list +n To create a new topic: - kubectl -n {{ .Release.Namespace }} exec testclient -- /usr/bin/kafka-topics --zookeeper {{ .Release.Name }}-zookeeper:2181 --topic test1 --create --partitions 1 --replication-factor 1 + kubectl -n {{ .Release.Namespace }} exec testclient -- /opt/kafka/bin/kafka-topics.sh --zookeeper {{ .Release.Name }}-zookeeper:2181 --topic test1 --create --partitions 1 --replication-factor 1 To listen for messages on a topic: - kubectl -n {{ .Release.Namespace }} exec -ti testclient -- /usr/bin/kafka-console-consumer --bootstrap-server {{ include "kafka.fullname" . }}:9092 --topic test1 --from-beginning + kubectl -n {{ .Release.Namespace }} exec -ti testclient -- /opt/kafka/bin/kafka-console-consumer.sh --bootstrap-server {{ include "kafka.fullname" . }}:9092 --topic test1 --from-beginning To stop the listener session above press: Ctrl+C To start an interactive message producer session: - kubectl -n {{ .Release.Namespace }} exec -ti testclient -- /usr/bin/kafka-console-producer --broker-list {{ include "kafka.fullname" . }}-headless:9092 --topic test1 + kubectl -n {{ .Release.Namespace }} exec -ti testclient -- /opt/kafka/bin/kafka-console-producer.sh --broker-list {{ include "kafka.fullname" . }}-headless:9092 --topic test1 To create a message in the above session, simply type the message and press "enter" To end the producer session try: Ctrl+C From 40aee78f3ffe5343124e0852bfb5ae403c8a7778 Mon Sep 17 00:00:00 2001 From: Nicholas Gibson Date: Thu, 28 Feb 2019 14:14:40 -0800 Subject: [PATCH 0377/1586] added additional ports option for prometheus-operator prometheus service (#11506) * added additional ports option for prometheus-operator prometheus service Signed-off-by: GIBSON, NICHOLAS R * updated version, readme, fixed data type, added ci values Signed-off-by: GIBSON, NICHOLAS R * trailing spaces Signed-off-by: GIBSON, NICHOLAS R * bumped version to 2.2.7 Signed-off-by: GIBSON, NICHOLAS R * bumped version to 3.0.1 Signed-off-by: GIBSON, NICHOLAS R * fixed merge conflict with appVersion Signed-off-by: GIBSON, NICHOLAS R --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 1 + stable/prometheus-operator/ci/test-values.yaml | 8 ++++++++ .../prometheus-operator/templates/prometheus/service.yaml | 3 +++ stable/prometheus-operator/values.yaml | 7 +++++++ 5 files changed, 20 insertions(+), 1 deletion(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index acb36e5da3be..e12c6694f7d3 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 4.2.0 +version: 4.2.1 appVersion: 0.29.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index 8966f03af7a4..ae3e022d38b6 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -158,6 +158,7 @@ The following tables lists the configurable parameters of the prometheus-operato | `prometheus.service.clusterIP` | Prometheus service clusterIP IP | `""` | | `prometheus.service.targetPort` | Prometheus Service internal port | `9090` | | `prometheus.service.nodePort` | Prometheus Service port for NodePort service type | `39090` | +| `prometheus.service.additionalPorts` | Additional Prometheus Service ports to add for NodePort service type | `[]` | | `prometheus.service.annotations` | Prometheus Service Annotations | `{}` | | `prometheus.service.labels` | Prometheus Service Labels | `{}` | | `prometheus.service.externalIPs` | List of IP addresses at which the Prometheus server service is available | `[]` | diff --git a/stable/prometheus-operator/ci/test-values.yaml b/stable/prometheus-operator/ci/test-values.yaml index ac80d34a3628..e8acac91a294 100644 --- a/stable/prometheus-operator/ci/test-values.yaml +++ b/stable/prometheus-operator/ci/test-values.yaml @@ -721,6 +721,14 @@ prometheus: ## nodePort: 39090 + ## Additional ports to open for Prometheus service + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services + ## + additionalPorts: [] + # - name: thanos-cluster + # port: 10900 + # nodePort: 30111 + ## Loadbalancer IP ## Only use if service.type is "loadbalancer" loadBalancerIP: "" diff --git a/stable/prometheus-operator/templates/prometheus/service.yaml b/stable/prometheus-operator/templates/prometheus/service.yaml index fc94f953ba78..e1736dd49672 100644 --- a/stable/prometheus-operator/templates/prometheus/service.yaml +++ b/stable/prometheus-operator/templates/prometheus/service.yaml @@ -34,6 +34,9 @@ spec: {{- end }} port: 9090 targetPort: {{ .Values.prometheus.service.targetPort }} +{{- if .Values.prometheus.service.additionalPorts }} +{{ toYaml .Values.prometheus.service.additionalPorts | indent 2 }} +{{- end }} selector: app: prometheus prometheus: {{ template "prometheus-operator.fullname" . }}-prometheus diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index 54ecec4b3522..7ebbc2d91561 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -566,6 +566,13 @@ prometheusOperator: ## nodePort: 38080 + ## Additional ports to open for Prometheus service + ## ref: https://kubernetes.io/docs/concepts/services-networking/service/#multi-port-services + ## + additionalPorts: [] + # - name: thanos-cluster + # port: 10900 + # nodePort: 30111 ## Loadbalancer IP ## Only use if service.type is "loadbalancer" From 0b625124bcc538855f7d327c0e45e0bf5b3270ef Mon Sep 17 00:00:00 2001 From: Daniel Whelan Date: Thu, 28 Feb 2019 17:10:01 -0800 Subject: [PATCH 0378/1586] [stable/atlantis] Add support for require-approval option to Atlantis chart. (#11438) * Add support for --require-approval flag to Atlantis chart. Signed-off-by: Daniel Whelan * Set 'require approval' via environment variable instead of flag. Signed-off-by: Daniel Whelan * Update stable/atlantis/README.md Co-Authored-By: ophelan Signed-off-by: Daniel Whelan * Update stable/atlantis/values.yaml Co-Authored-By: ophelan Signed-off-by: Daniel Whelan * Add requireMergeable parameter. Signed-off-by: Daniel Whelan * Remove trailing space. Signed-off-by: Daniel Whelan --- stable/atlantis/Chart.yaml | 2 +- stable/atlantis/README.md | 2 ++ stable/atlantis/templates/statefulset.yaml | 8 ++++++++ stable/atlantis/values.yaml | 6 ++++++ 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/stable/atlantis/Chart.yaml b/stable/atlantis/Chart.yaml index 76502932c7eb..25e3fe1387d2 100644 --- a/stable/atlantis/Chart.yaml +++ b/stable/atlantis/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "v0.4.11" description: A Helm chart for Atlantis https://www.runatlantis.io name: atlantis -version: 1.1.5 +version: 1.1.6 keywords: - terraform home: https://www.runatlantis.io diff --git a/stable/atlantis/README.md b/stable/atlantis/README.md index 5b1565066d81..989f74b03b67 100644 --- a/stable/atlantis/README.md +++ b/stable/atlantis/README.md @@ -51,6 +51,8 @@ The following options are supported. See [values.yaml](values.yaml) for more de | `podTemplate.annotations` | Specifies additional annotations to use for the StatefulSet | n/a | | `logLevel` | The level to use for logging. | n/a | | `orgWhiteList` | A whitelist of repositories from which Atlantis will accept webhooks. **This value must be changed for Atlantis to function correctly.** Accepts wildcard characters (`*`). Multiple values may be comma-separated. | `github.com/yourorg/*` | +| `requireApproval` | Whether to require pull request approval prior to applies. See [Approved Requirement](https://www.runatlantis.io/docs/apply-requirements.html#approved). | `false` | +| `requireMergeable` | Whether to require pull request to meet repository mergeability requirements prior to applies. See [Approved Requirement](https://www.runatlantis.io/docs/apply-requirements.html#mergeable). | `false` | | `serviceAccount.create` | Whether to create a Kubernetes ServiceAccount if no account matching `serviceAccount.name` exists. | `true` | | `serviceAccount.name` | The name of the Kubernetes ServiceAccount under which Atlantis should run.

If no value is specified and `serviceAccount.create` is `true`, Atlantis will be run under a ServiceAccount whose name is the FullName of the Helm chart's instance.

If no value is specified and `serviceAccount.create` is `false`, Atlantis will be run under the `default` ServiceAccount. | n/a | | `serviceAccountSecrets.credentials` | JSON object representing secrets for a Google Cloud Platform production service account. Only applicable if hosting Atlantis on GKE. | n/a | diff --git a/stable/atlantis/templates/statefulset.yaml b/stable/atlantis/templates/statefulset.yaml index a5571ade5c1e..5c08f5b97195 100644 --- a/stable/atlantis/templates/statefulset.yaml +++ b/stable/atlantis/templates/statefulset.yaml @@ -151,6 +151,14 @@ spec: key: bitbucket_secret {{- end }} {{- end }} + {{- if .Values.requireApproval }} + - name: ATLANTIS_REQUIRE_APPROVAL + value: "true" + {{- end }} + {{- if .Values.requireMergeable }} + - name: ATLANTIS_REQUIRE_MERGEABLE + value: "true" + {{- end }} {{- if .Values.livenessProbe.enabled }} livenessProbe: httpGet: diff --git a/stable/atlantis/values.yaml b/stable/atlantis/values.yaml index a94c2592dc19..af9d3ee79cfd 100644 --- a/stable/atlantis/values.yaml +++ b/stable/atlantis/values.yaml @@ -81,6 +81,12 @@ image: ## enable using atlantis.yaml file allowRepoConfig: false +# Require all pull requests be approved prior to apply. +requireApproval: false + +# Require all pull requests to meet repository mergeability requirements prior to apply. +requireMergeable: false + # We only need to check every 60s since Atlantis is not a high-throughput service. livenessProbe: enabled: true From 0e996014199c55c5f018dec7256bca46f8370aa0 Mon Sep 17 00:00:00 2001 From: John de Freitas <40548536+jgdef-tulip@users.noreply.github.com> Date: Thu, 28 Feb 2019 20:46:42 -0500 Subject: [PATCH 0379/1586] =?UTF-8?q?[stable/minio]=20Document=20azuregatw?= =?UTF-8?q?ay.replicas,=20fix=20template=20conditional=20logic=20that=20ot?= =?UTF-8?q?=E2=80=A6=20(#11212)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Document azuregatway.replicas, fix template conditional logic that otherwise fails for 'azuregateway.enabled: true', bump chart version Signed-off-by: John de Freitas * update chart version; since original PR, there have been changes to this field Signed-off-by: John de Freitas --- stable/minio/Chart.yaml | 2 +- stable/minio/README.md | 1 + stable/minio/templates/deployment.yaml | 2 +- 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/minio/Chart.yaml b/stable/minio/Chart.yaml index aefd56291a59..4de40d5772cb 100755 --- a/stable/minio/Chart.yaml +++ b/stable/minio/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Minio is a high performance distributed object storage server, designed for large-scale private cloud infrastructure. name: minio -version: 2.4.6 +version: 2.4.7 appVersion: RELEASE.2019-02-12T21-58-47Z keywords: - storage diff --git a/stable/minio/README.md b/stable/minio/README.md index 1b101647798b..cc79a8759f58 100755 --- a/stable/minio/README.md +++ b/stable/minio/README.md @@ -148,6 +148,7 @@ The following table lists the configurable parameters of the Minio chart and the | `s3gateway.replicas` | Number of s3 gateway instances to run in parallel | `4` | | `s3gateway.serviceEndpoint`| Endpoint to the S3 compatible service | `""` | | `azuregateway.enabled` | Use minio as an [azure gateway](https://docs.minio.io/docs/minio-gateway-for-azure)| `false` | +| `azuregateway.replicas` | Number of azure gateway instances to run in parallel | `4` | | `gcsgateway.enabled` | Use minio as a [Google Cloud Storage gateway](https://docs.minio.io/docs/minio-gateway-for-gcs)| `false` | | `gcsgateway.gcsKeyJson` | credential json file of service account key | `""` | | `gcsgateway.projectId` | Google cloud project id | `""` | diff --git a/stable/minio/templates/deployment.yaml b/stable/minio/templates/deployment.yaml index af335b2debdd..d0898033357e 100644 --- a/stable/minio/templates/deployment.yaml +++ b/stable/minio/templates/deployment.yaml @@ -166,7 +166,7 @@ spec: {{ toYaml . | indent 8 }} {{- end }} volumes: - {{- if and (not .Values.gcsgateway.enabled) (not .Values.azuregateway.enabled) (not .Values.s3gateway.enabled) }} + {{- if and ((not .Values.gcsgateway.enabled) (not .Values.azuregateway.enabled) (not .Values.s3gateway.enabled)) }} - name: export {{- if .Values.persistence.enabled }} persistentVolumeClaim: From f7211a9c35c438cbb30f9db71c04e0f981ff68bf Mon Sep 17 00:00:00 2001 From: cyrilleomise <46990478+cyrilleomise@users.noreply.github.com> Date: Fri, 1 Mar 2019 12:04:33 +0700 Subject: [PATCH 0380/1586] =?UTF-8?q?[stable/grafana]=20Allow=20to=20defin?= =?UTF-8?q?e=20GF=20admin=20user=20and=20admin=20password=20in=20=E2=80=A6?= =?UTF-8?q?=20(#11851)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/grafana] Allow to define GF admin user and admin password in value file as env Signed-off-by: Cyrille * [stable/grafana] Bump version Signed-off-by: Cyrille --- stable/grafana/Chart.yaml | 2 +- stable/grafana/templates/deployment.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/stable/grafana/Chart.yaml b/stable/grafana/Chart.yaml index 5aca5f803152..3a93f14cbb5d 100755 --- a/stable/grafana/Chart.yaml +++ b/stable/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: grafana -version: 2.2.0 +version: 2.2.1 appVersion: 6.0.0 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics. diff --git a/stable/grafana/templates/deployment.yaml b/stable/grafana/templates/deployment.yaml index e79a51e83260..5f2cd1e985e6 100644 --- a/stable/grafana/templates/deployment.yaml +++ b/stable/grafana/templates/deployment.yaml @@ -206,16 +206,20 @@ spec: containerPort: 3000 protocol: TCP env: + {{- if not .Values.env.GF_SECURITY_ADMIN_USER }} - name: GF_SECURITY_ADMIN_USER valueFrom: secretKeyRef: name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} key: {{ .Values.admin.userKey | default "admin-user" }} + {{- end }} + {{- if not .Values.env.GF_SECURITY_ADMIN_PASSWORD }} - name: GF_SECURITY_ADMIN_PASSWORD valueFrom: secretKeyRef: name: {{ .Values.admin.existingSecret | default (include "grafana.fullname" .) }} key: {{ .Values.admin.passwordKey | default "admin-password" }} + {{- end }} {{- if .Values.plugins }} - name: GF_INSTALL_PLUGINS valueFrom: From 61dd3963bf874eab3047ddd910aac34ec364205c Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Fri, 1 Mar 2019 08:56:36 +0100 Subject: [PATCH 0381/1586] [stable/mongodb] Allow MongoDB to be configured with directoryPerDB option (#11830) Signed-off-by: juan131 --- stable/mongodb/Chart.yaml | 2 +- stable/mongodb/README.md | 1 + stable/mongodb/templates/deployment-standalone.yaml | 6 ++++++ stable/mongodb/templates/statefulset-arbiter-rs.yaml | 6 ++++++ stable/mongodb/templates/statefulset-primary-rs.yaml | 6 ++++++ stable/mongodb/templates/statefulset-secondary-rs.yaml | 6 ++++++ stable/mongodb/values-production.yaml | 5 +++++ stable/mongodb/values.yaml | 6 +++++- 8 files changed, 36 insertions(+), 2 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index be912d8844a8..17234fb6da80 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: mongodb -version: 5.6.2 +version: 5.7.0 appVersion: 4.0.6 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: diff --git a/stable/mongodb/README.md b/stable/mongodb/README.md index 082ab56ee940..22ab70cec93d 100644 --- a/stable/mongodb/README.md +++ b/stable/mongodb/README.md @@ -61,6 +61,7 @@ The following table lists the configurable parameters of the MongoDB chart and t | `mongodbPassword` | MongoDB custom user password | `random alphanumeric string (10)` | | `mongodbDatabase` | Database to create | `nil` | | `mongodbEnableIPv6` | Switch to enable/disable IPv6 on MongoDB | `true` | +| `mongodbDirectoryPerDB` | Switch to enable/disable DirectoryPerDB on MongoDB | `false` | | `mongodbSystemLogVerbosity` | MongoDB systen log verbosity level | `0` | | `mongodbDisableSystemLog` | Whether to disable MongoDB system log or not | `false` | | `mongodbExtraFlags` | MongoDB additional command line flags | [] | diff --git a/stable/mongodb/templates/deployment-standalone.yaml b/stable/mongodb/templates/deployment-standalone.yaml index 2b33b9d6164c..5094caf1fa80 100644 --- a/stable/mongodb/templates/deployment-standalone.yaml +++ b/stable/mongodb/templates/deployment-standalone.yaml @@ -107,6 +107,12 @@ spec: {{- else }} value: "no" {{- end }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + {{- if .Values.mongodbDirectoryPerDB }} + value: "yes" + {{- else }} + value: "no" + {{- end }} {{- if .Values.mongodbExtraFlags }} - name: MONGODB_EXTRA_FLAGS value: {{ .Values.mongodbExtraFlags | join " " }} diff --git a/stable/mongodb/templates/statefulset-arbiter-rs.yaml b/stable/mongodb/templates/statefulset-arbiter-rs.yaml index ac388d06f3c5..59564a2403c8 100644 --- a/stable/mongodb/templates/statefulset-arbiter-rs.yaml +++ b/stable/mongodb/templates/statefulset-arbiter-rs.yaml @@ -113,6 +113,12 @@ spec: {{- else }} value: "no" {{- end }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + {{- if .Values.mongodbDirectoryPerDB }} + value: "yes" + {{- else }} + value: "no" + {{- end }} {{- if .Values.mongodbExtraFlags }} - name: MONGODB_EXTRA_FLAGS value: {{ .Values.mongodbExtraFlags | join " " }} diff --git a/stable/mongodb/templates/statefulset-primary-rs.yaml b/stable/mongodb/templates/statefulset-primary-rs.yaml index 98883a3641a7..03a41ace1bef 100644 --- a/stable/mongodb/templates/statefulset-primary-rs.yaml +++ b/stable/mongodb/templates/statefulset-primary-rs.yaml @@ -131,6 +131,12 @@ spec: {{- else }} value: "no" {{- end }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + {{- if .Values.mongodbDirectoryPerDB }} + value: "yes" + {{- else }} + value: "no" + {{- end }} {{- if .Values.mongodbExtraFlags }} - name: MONGODB_EXTRA_FLAGS value: {{ .Values.mongodbExtraFlags | join " " }} diff --git a/stable/mongodb/templates/statefulset-secondary-rs.yaml b/stable/mongodb/templates/statefulset-secondary-rs.yaml index 3ee8d327c823..adf7f1138222 100644 --- a/stable/mongodb/templates/statefulset-secondary-rs.yaml +++ b/stable/mongodb/templates/statefulset-secondary-rs.yaml @@ -119,6 +119,12 @@ spec: {{- else }} value: "no" {{- end }} + - name: MONGODB_ENABLE_DIRECTORY_PER_DB + {{- if .Values.mongodbDirectoryPerDB }} + value: "yes" + {{- else }} + value: "no" + {{- end }} {{- if .Values.mongodbExtraFlags }} - name: MONGODB_EXTRA_FLAGS value: {{ .Values.mongodbExtraFlags | join " " }} diff --git a/stable/mongodb/values-production.yaml b/stable/mongodb/values-production.yaml index b6bae9123463..8f1a193eaad7 100644 --- a/stable/mongodb/values-production.yaml +++ b/stable/mongodb/values-production.yaml @@ -55,6 +55,11 @@ usePassword: true ## mongodbEnableIPv6: true +## Whether enable/disable DirectoryPerDB on MongoDB +## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-directoryperdb +## +mongodbDirectoryPerDB: false + ## MongoDB System Log configuration ## ref: https://github.com/bitnami/bitnami-docker-mongodb#configuring-system-log-verbosity-level ## diff --git a/stable/mongodb/values.yaml b/stable/mongodb/values.yaml index 3b7b81142321..ad53a2d944e2 100644 --- a/stable/mongodb/values.yaml +++ b/stable/mongodb/values.yaml @@ -50,12 +50,16 @@ usePassword: true # mongodbPassword: password # mongodbDatabase: database - ## Whether enable/disable IPv6 on MongoDB ## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-ipv6 ## mongodbEnableIPv6: true +## Whether enable/disable DirectoryPerDB on MongoDB +## ref: https://github.com/bitnami/bitnami-docker-mongodb/blob/master/README.md#enabling/disabling-directoryperdb +## +mongodbDirectoryPerDB: false + ## MongoDB System Log configuration ## ref: https://github.com/bitnami/bitnami-docker-mongodb#configuring-system-log-verbosity-level ## From af554de4939567f4dd67a06b04bbc911a5a2c5b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?N=C3=A9stor=20Salceda?= Date: Fri, 1 Mar 2019 12:22:42 +0100 Subject: [PATCH 0382/1586] [stable/sysdig] Use latest released agent image version and add options to support eBPF based probe (#11856) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Upgrade agent image version to 0.89.0 Signed-off-by: Néstor Salceda * Add support for configuring eBPF Signed-off-by: Néstor Salceda * Bump up Chart version Signed-off-by: Néstor Salceda * Update CHANGELOG with latest news Signed-off-by: Néstor Salceda --- stable/sysdig/CHANGELOG.md | 7 +++++ stable/sysdig/Chart.yaml | 4 +-- stable/sysdig/README.md | 42 ++++++++++++++------------ stable/sysdig/templates/daemonset.yaml | 15 +++++++++ stable/sysdig/values.yaml | 11 ++++++- 5 files changed, 56 insertions(+), 23 deletions(-) diff --git a/stable/sysdig/CHANGELOG.md b/stable/sysdig/CHANGELOG.md index 2ecf65a10356..a94cd9e17fe1 100644 --- a/stable/sysdig/CHANGELOG.md +++ b/stable/sysdig/CHANGELOG.md @@ -3,6 +3,13 @@ This file documents all notable changes to Sysdig Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v1.4.0 + +### Major Changes + +* Use the latest image from Agent (0.89.0) by default. +* eBPF support added. + ## v1.3.2 ### Minor Changes diff --git a/stable/sysdig/Chart.yaml b/stable/sysdig/Chart.yaml index 7d122e4b8941..c3aee5c42c7c 100755 --- a/stable/sysdig/Chart.yaml +++ b/stable/sysdig/Chart.yaml @@ -1,6 +1,6 @@ name: sysdig -version: 1.3.2 -appVersion: 0.88.1 +version: 1.4.0 +appVersion: 0.89.0 description: Sysdig Monitor and Secure agent keywords: - monitoring diff --git a/stable/sysdig/README.md b/stable/sysdig/README.md index b1db4c2f82ea..0507e6ec4648 100644 --- a/stable/sysdig/README.md +++ b/stable/sysdig/README.md @@ -38,26 +38,28 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the Sysdig chart and their default values. -| Parameter | Description | Default | -| --- | --- | --- | -| `image.registry` | Sysdig agent image registry | `docker.io` | -| `image.repository` | The image repository to pull from | `sysdig/agent` | -| `image.tag` | The image tag to pull | `0.88.1` | -| `image.pullPolicy` | The Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Image pull secrets | `nil` | -| `resources.requests.cpu` | CPU requested for being run in a node | `100m` | -| `resources.requests.memory` | Memory requested for being run in a node | `512Mi` | -| `resources.limits.cpu` | CPU limit | `200m` | -| `resources.limits.memory` | Memory limit | `1024Mi` | -| `rbac.create` | If true, create & use RBAC resources | `true` | -| `serviceAccount.create` | Create serviceAccount | `true` | -| `serviceAccount.name` | Use this value as serviceAccountName | ` ` | -| `daemonset.updateStrategy.type` | The updateStrategy for updating the daemonset | `RollingUpdate` | -| `sysdig.accessKey` | Your Sysdig Monitor Access Key | `Nil` You must provide your own key | -| `sysdig.settings` | Settings for agent's configuration file | `{}` | -| `secure.enabled` | Enable Sysdig Secure | `false` | -| `customAppChecks` | The custom app checks deployed with your agent | `{}` | -| `tolerations` | The tolerations for scheduling | `node-role.kubernetes.io/master:NoSchedule` | +| Parameter | Description | Default | +| --- | --- | --- | +| `image.registry` | Sysdig agent image registry | `docker.io` | +| `image.repository` | The image repository to pull from | `sysdig/agent` | +| `image.tag` | The image tag to pull | `0.88.1` | +| `image.pullPolicy` | The Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Image pull secrets | `nil` | +| `resources.requests.cpu` | CPU requested for being run in a node | `100m` | +| `resources.requests.memory` | Memory requested for being run in a node | `512Mi` | +| `resources.limits.cpu` | CPU limit | `200m` | +| `resources.limits.memory` | Memory limit | `1024Mi` | +| `rbac.create` | If true, create & use RBAC resources | `true` | +| `serviceAccount.create` | Create serviceAccount | `true` | +| `serviceAccount.name` | Use this value as serviceAccountName | ` ` | +| `daemonset.updateStrategy.type` | The updateStrategy for updating the daemonset | `RollingUpdate` | +| `ebpf.enabled` | Enable eBPF support for Sysdig instead of `sysdig-probe` kernel module | `false` | +| `ebpf.settings.mountEtcVolume` | Needed to detect which kernel version are running in Google COS | `true` | +| `sysdig.accessKey` | Your Sysdig Monitor Access Key | `Nil` You must provide your own key | +| `sysdig.settings` | Settings for agent's configuration file | `{}` | +| `secure.enabled` | Enable Sysdig Secure | `false` | +| `customAppChecks` | The custom app checks deployed with your agent | `{}` | +| `tolerations` | The tolerations for scheduling | `node-role.kubernetes.io/master:NoSchedule` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/sysdig/templates/daemonset.yaml b/stable/sysdig/templates/daemonset.yaml index 7a0d87007262..70f1a3b67c84 100644 --- a/stable/sysdig/templates/daemonset.yaml +++ b/stable/sysdig/templates/daemonset.yaml @@ -35,6 +35,11 @@ spec: {{ toYaml .Values.resources | indent 12 }} securityContext: privileged: true + {{- if .Values.ebpf.enabled }} + env: + - name: SYSDIG_BPF_PROBE + value: + {{- end }} readinessProbe: exec: command: [ "test", "-e", "/opt/draios/logs/running" ] @@ -65,6 +70,11 @@ spec: name: sysdig-agent-config - mountPath: /opt/draios/etc/kubernetes/secrets name: sysdig-agent-secrets + {{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }} + - mountPath: /host/etc + name: etc-fs + readOnly: true + {{- end }} {{- if .Values.customAppChecks }} - mountPath: /opt/draios/lib/python/checks.custom.d name: custom-app-checks-volume @@ -94,6 +104,11 @@ spec: - name: varrun-vol hostPath: path: /var/run + {{- if (and .Values.ebpf.enabled .Values.ebpf.settings.mountEtcVolume) }} + - name: etc-fs + hostPath: + path: /etc + {{- end }} - name: sysdig-agent-config configMap: name: {{ template "sysdig.fullname" . }} diff --git a/stable/sysdig/values.yaml b/stable/sysdig/values.yaml index 660a7dc2829b..0e914bda3ef4 100644 --- a/stable/sysdig/values.yaml +++ b/stable/sysdig/values.yaml @@ -3,7 +3,7 @@ image: registry: docker.io repository: sysdig/agent - tag: 0.88.1 + tag: 0.89.0 # Specify a imagePullPolicy # Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' # ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images @@ -44,6 +44,15 @@ daemonset: # need it type: RollingUpdate +ebpf: + # Enable eBPF support for Sysdig Agent + enabled: false + + settings: + # Needed to correctly detect the kernel version for the eBPF program + # Set to false if not running on Google COS + mountEtcVolume: true + sysdig: # Required: You need your Sysdig Monitor access key before running agents. # accessKey: "" From 06c63b5ccec5b16e267146134c7bd227a7b320ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Francisco=20Guimar=C3=A3es?= Date: Fri, 1 Mar 2019 12:23:31 -0300 Subject: [PATCH 0383/1586] [stable/metabase] Add log4jProperties (#11171) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Adding log4jProperties Signed-off-by: Francisco Guimarães * Bump Chart version and metabase version Signed-off-by: Francisco Guimarães * Adding necessary JAVA_TOOL_OPTIONS option when using log4jProperties Signed-off-by: Francisco Guimarães * Replace javaToolOptions by javaOpts Signed-off-by: Francisco Guimarães * Fix deployment chart Signed-off-by: Francisco Guimarães --- stable/metabase/Chart.yaml | 2 +- stable/metabase/README.md | 3 ++- stable/metabase/templates/config.yaml | 14 +++++++++++++ stable/metabase/templates/deployment.yaml | 25 +++++++++++++++++++++-- stable/metabase/values.yaml | 8 +++++++- 5 files changed, 47 insertions(+), 5 deletions(-) create mode 100644 stable/metabase/templates/config.yaml diff --git a/stable/metabase/Chart.yaml b/stable/metabase/Chart.yaml index 89569b829a8c..b513b03da58b 100644 --- a/stable/metabase/Chart.yaml +++ b/stable/metabase/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: The easy, open source way for everyone in your company to ask questions and learn from data. name: metabase -version: 0.4.6 +version: 0.5.0 appVersion: v0.31.2 maintainers: - name: pmint93 diff --git a/stable/metabase/README.md b/stable/metabase/README.md index c7914f36f8f1..8cdfd2ec97c3 100644 --- a/stable/metabase/README.md +++ b/stable/metabase/README.md @@ -66,7 +66,7 @@ The following table lists the configurable parameters of the Metabase chart and | password.length | Minimum length required for Metabase account's password | 6 | | timeZone | Service time zone | UTC | | emojiLogging | Get a funny emoji in service log | true | -| javaToolOptions | JVM options | null | +| javaOpts | JVM options | null | | pluginsDirectory | A directory with Metabase plugins | null | | service.type | ClusterIP, NodePort, or LoadBalancer | ClusterIP | | service.externalPort | Service external port | 80 | @@ -78,6 +78,7 @@ The following table lists the configurable parameters of the Metabase chart and | ingress.labels | Ingress labels configuration | null | | ingress.annotations | Ingress annotations configuration | null | | ingress.tls | Ingress TLS configuration | null | +| log4jProperties | Custom `log4j.properties` file | null | | resources | Server resource requests and limits | {} | The above parameters map to the env variables defined in [metabase](http://github.com/metabase/metabase). For more information please refer to the [metabase documentations](http://www.metabase.com/docs/v0.24.2/). diff --git a/stable/metabase/templates/config.yaml b/stable/metabase/templates/config.yaml new file mode 100644 index 000000000000..8de994da124f --- /dev/null +++ b/stable/metabase/templates/config.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "metabase.fullname" . }}-config + labels: + app: {{ template "metabase.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + {{- if .Values.log4jProperties }} + log4j.properties: +{{ toYaml .Values.log4jProperties | indent 4}} + {{- end}} diff --git a/stable/metabase/templates/deployment.yaml b/stable/metabase/templates/deployment.yaml index bf4d422be6c3..eed48bc0af26 100644 --- a/stable/metabase/templates/deployment.yaml +++ b/stable/metabase/templates/deployment.yaml @@ -11,6 +11,8 @@ spec: replicas: {{ .Values.replicaCount }} template: metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} labels: app: {{ template "metabase.name" . }} release: {{ .Release.Name }} @@ -81,9 +83,14 @@ spec: value: {{ .Values.password.length | quote }} - name: JAVA_TIMEZONE value: {{ .Values.timeZone }} - {{- if .Values.javaToolOptions }} + {{- if .Values.javaOpts }} - name: JAVA_OPTS - value: {{ .Values.javaToolOptions | quote }} + value: {{ .Values.javaOpts | quote }} + {{- else }} + {{- if .Values.log4jProperties }} + - name: JAVA_OPTS + value: "-Dlog4j.configuration=file:/tmp/conf/log4j.properties" + {{- end }} {{- end }} {{- if .Values.pluginsDirectory }} - name: MB_PLUGINS_DIR @@ -107,9 +114,23 @@ spec: initialDelaySeconds: 30 timeoutSeconds: 3 periodSeconds: 5 + {{- if .Values.log4jProperties }} + volumeMounts: + - name: config + mountPath: /tmp/conf/ + {{- end}} resources: {{ toYaml .Values.resources | indent 12 }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} {{- end }} + volumes: + {{- if .Values.log4jProperties}} + - name: config + configMap: + name: {{ template "metabase.fullname" . }}-config + items: + - key: log4j.properties + path: log4j.properties + {{- end }} diff --git a/stable/metabase/values.yaml b/stable/metabase/values.yaml index 1960a8d5ba71..9dde5769243e 100644 --- a/stable/metabase/values.yaml +++ b/stable/metabase/values.yaml @@ -44,7 +44,7 @@ password: timeZone: UTC emojiLogging: true -# javaToolOptions: +# javaOpts: # pluginsDirectory: service: @@ -74,6 +74,12 @@ ingress: # - secretName: metabase-tls # hosts: # - metabase.domain.com + +# A custom log4j.properties file can be provided using a multiline YAML string. +# See https://github.com/metabase/metabase/blob/master/resources/log4j.properties +# +# log4jProperties: + resources: {} # We usually recommend not to specify default resources and to leave this as a conscious # choice for the user. This also increases chances charts run on environments with little From 250ea3856dcae40e79021b2f92154a0758d3c104 Mon Sep 17 00:00:00 2001 From: Mathieu Herbert Date: Fri, 1 Mar 2019 16:40:37 +0100 Subject: [PATCH 0384/1586] [filebeat] fix filebeat exporter container port (#11862) * fix filebeat exporter container port Signed-off-by: Mathieu Herbert * bump chart version Signed-off-by: Mathieu Herbert --- stable/filebeat/Chart.yaml | 2 +- stable/filebeat/templates/daemonset.yaml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/filebeat/Chart.yaml b/stable/filebeat/Chart.yaml index a8497b182326..f5dc5eb713e0 100644 --- a/stable/filebeat/Chart.yaml +++ b/stable/filebeat/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: A Helm chart to collect Kubernetes logs with filebeat icon: https://www.elastic.co/assets/blt47799dcdcf08438d/logo-elastic-beats-lt.svg name: filebeat -version: 1.4.2 +version: 1.4.3 appVersion: 6.6.1 home: https://www.elastic.co/products/beats/filebeat sources: diff --git a/stable/filebeat/templates/daemonset.yaml b/stable/filebeat/templates/daemonset.yaml index 792e6ef5d9aa..a78bcfa8a07f 100644 --- a/stable/filebeat/templates/daemonset.yaml +++ b/stable/filebeat/templates/daemonset.yaml @@ -122,6 +122,8 @@ spec: {{ toYaml .Values.monitoring.resources | indent 10 }} {{- end }} {{- end }} + ports: + - containerPort: {{ .Values.monitoring.exporterPort}} volumes: - name: varlog hostPath: From dc2cf678bdc2de8ed6211f30eabad9ba61fa266b Mon Sep 17 00:00:00 2001 From: Christian Ingenhaag Date: Fri, 1 Mar 2019 17:56:40 +0100 Subject: [PATCH 0385/1586] add collabora-code chart (#10779) * add collabora-code chart Signed-off-by: Christian Ingenhaag * collabora-code - add home variable to Chart.yaml Signed-off-by: Christian Ingenhaag * add owners file Signed-off-by: Christian Ingenhaag * correct README to min req kubernetes api Signed-off-by: Christian Ingenhaag * fix service port definition Signed-off-by: Christian Ingenhaag * fix ingress servicePort definition Signed-off-by: Christian Ingenhaag * [collabora] reenable port naming Signed-off-by: Christian Ingenhaag * [collabora] linting Signed-off-by: Christian Ingenhaag --- stable/collabora-code/.helmignore | 22 ++++ stable/collabora-code/Chart.yaml | 12 ++ stable/collabora-code/OWNERS | 4 + stable/collabora-code/README.md | 87 +++++++++++++++ stable/collabora-code/templates/NOTES.txt | 21 ++++ stable/collabora-code/templates/_helpers.tpl | 32 ++++++ .../collabora-code/templates/configmap.yaml | 10 ++ .../collabora-code/templates/deployment.yaml | 103 ++++++++++++++++++ stable/collabora-code/templates/ingress.yaml | 40 +++++++ stable/collabora-code/templates/secret.yaml | 7 ++ stable/collabora-code/templates/service.yaml | 19 ++++ .../templates/tests/test-connection.yaml | 18 +++ stable/collabora-code/values.yaml | 55 ++++++++++ 13 files changed, 430 insertions(+) create mode 100644 stable/collabora-code/.helmignore create mode 100644 stable/collabora-code/Chart.yaml create mode 100644 stable/collabora-code/OWNERS create mode 100644 stable/collabora-code/README.md create mode 100644 stable/collabora-code/templates/NOTES.txt create mode 100644 stable/collabora-code/templates/_helpers.tpl create mode 100644 stable/collabora-code/templates/configmap.yaml create mode 100644 stable/collabora-code/templates/deployment.yaml create mode 100644 stable/collabora-code/templates/ingress.yaml create mode 100644 stable/collabora-code/templates/secret.yaml create mode 100644 stable/collabora-code/templates/service.yaml create mode 100644 stable/collabora-code/templates/tests/test-connection.yaml create mode 100644 stable/collabora-code/values.yaml diff --git a/stable/collabora-code/.helmignore b/stable/collabora-code/.helmignore new file mode 100644 index 000000000000..50af03172541 --- /dev/null +++ b/stable/collabora-code/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/stable/collabora-code/Chart.yaml b/stable/collabora-code/Chart.yaml new file mode 100644 index 000000000000..070673a76aa6 --- /dev/null +++ b/stable/collabora-code/Chart.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +appVersion: "4.0.0.2" +description: A Helm chart for Collabora Office - CODE-Edition +name: collabora-code +version: 1.0.0 +icon: https://avatars0.githubusercontent.com/u/22418908?s=200&v=4 +sources: +- https://github.com/CollaboraOnline/Docker-CODE +maintainers: +- name: Christian + email: christian.ingenhaag@googlemail.com +home: https://www.collaboraoffice.com/code/ diff --git a/stable/collabora-code/OWNERS b/stable/collabora-code/OWNERS new file mode 100644 index 000000000000..0067073415d8 --- /dev/null +++ b/stable/collabora-code/OWNERS @@ -0,0 +1,4 @@ +approvers: +- chrisingenhaag +reviewers: +- chrisingenhaag \ No newline at end of file diff --git a/stable/collabora-code/README.md b/stable/collabora-code/README.md new file mode 100644 index 000000000000..ac0847b57b7c --- /dev/null +++ b/stable/collabora-code/README.md @@ -0,0 +1,87 @@ +# Collabora CODE + +[Collabora](https://www.collaboraoffice.com/code/) is a online office suite. + +## Introduction + +This chart creates a single Collabora CODE Pod to run Collabora CODE suite, for example as integration together with nextcloud. Installation is based on the docker documentation [CollaboraDocker](https://www.collaboraoffice.com/code/docker/). + +For most easy integration it´s recommended to use cert-manager together with your favorite ingress controller to get a fully working, ssl-terminated Collabora CODE server. + +## Prerequisites + +- Kubernetes 1.9+ with Beta APIs enabled + +## Installing the Chart + +To install the chart with the release name `my-release`, run: + +```bash +$ helm install --name my-release stable/collabora +``` + +This command deploys a Collabora Online Development Edition server. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +Refer to [values.yaml](values.yaml) for the full run-down on defaults. These are a mixture of Kubernetes and Collabora-related directives that map to environment variables in the [CollaboraCODEDocker](https://github.com/CollaboraOnline/Docker-CODE) Docker image. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install --name my-release \ + --set varname=true stable/collabora +``` + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install --name my-release -f values.yaml stable/collabora +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +The following tables lists the configurable parameters of this chart and their default values. + +| Parameter | Description | Default | +| ------------------------------------------------- | ------------------------------------------------------------- | ----------------------------------------------------------- | +| `replicaCount` | Number of provisioner instances to deployed | `1` | +| `strategy` | Specifies the strategy used to replace old Pods by new ones | `Recreate` | +| `image.repository` | Provisioner image | `collabora/code` | +| `image.tag` | Version of provisioner image | `4.0.0.2` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `collabora.DONT_GEN_SSL_CERT` | | `true` | +| `collabora.domain` | Double escaped WOPI host | `wopihost\\.domain` | +| `collabora.extra_params` | List of params to use as env var | `--o:ssl.termination=true --o:ssl.enable=false` | +| `collabora.server_name` | Collabora server name (single escaped) | `collabora\.domain` | +| `collabora.password` | Collabora admin panel pass | `examplepass` | +| `collabora.username` | Collabora admin panel user | `admin` | +| `collabora.dictionaries` | Collabora enabled dictionaries | `de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru` | +| `ingress.enabled` | | `false` | +| `ingress.annotations` | | `{}` | +| `ingress.paths` | | `[]` | +| `ingress.hosts` | | `[]` | +| `ingress.tls` | | `[]` | +| `securityContext.allowPrivilegeEscalation` | Create & use Pod Security Policy resources | `true` | +| `securitycontext.capabilities.add` | Collabora needs to run with MKNOD as capabibility | `[MKNOD]` | +| `resources` | Resources required (e.g. CPU, memory) | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `affinity` | Affinity settings | `{}` | +| `tolerations` | List of node taints to tolerate | `[]` | + + +## Persistence + +There is no need for a persistent storage to run collabora code edition. All parameters in `/etc/loolwsd/loolwsd.xml` can be adjusted with using extra_params environment variable. diff --git a/stable/collabora-code/templates/NOTES.txt b/stable/collabora-code/templates/NOTES.txt new file mode 100644 index 000000000000..df2acd7afd75 --- /dev/null +++ b/stable/collabora-code/templates/NOTES.txt @@ -0,0 +1,21 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range $.Values.ingress.paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host }}{{ . }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "collabora-code.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "collabora-code.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "collabora-code.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "collabora-code.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:9980 to use your application" + kubectl port-forward $POD_NAME 9980:9980 +{{- end }} diff --git a/stable/collabora-code/templates/_helpers.tpl b/stable/collabora-code/templates/_helpers.tpl new file mode 100644 index 000000000000..88fcce47c073 --- /dev/null +++ b/stable/collabora-code/templates/_helpers.tpl @@ -0,0 +1,32 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "collabora-code.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "collabora-code.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "collabora-code.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/stable/collabora-code/templates/configmap.yaml b/stable/collabora-code/templates/configmap.yaml new file mode 100644 index 000000000000..187f53db6aa5 --- /dev/null +++ b/stable/collabora-code/templates/configmap.yaml @@ -0,0 +1,10 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "collabora-code.fullname" . }} +data: + DONT_GEN_SSL_CERT: "{{ .Values.collabora.DONT_GEN_SSL_CERT }}" + dictionaries: {{ .Values.collabora.dictionaries }} + domain: {{ .Values.collabora.domain }} + extra_params: {{ .Values.collabora.extra_params }} + server_name: {{ .Values.collabora.server_name }} diff --git a/stable/collabora-code/templates/deployment.yaml b/stable/collabora-code/templates/deployment.yaml new file mode 100644 index 000000000000..e6d18770f1e0 --- /dev/null +++ b/stable/collabora-code/templates/deployment.yaml @@ -0,0 +1,103 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "collabora-code.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "collabora-code.name" . }} + helm.sh/chart: {{ include "collabora-code.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicaCount }} + strategy: + type: {{ .Values.strategy }} + selector: + matchLabels: + app.kubernetes.io/name: {{ include "collabora-code.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "collabora-code.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + - name: DONT_GEN_SSL_CERT + valueFrom: + configMapKeyRef: + name: {{ include "collabora-code.fullname" . }} + key: DONT_GEN_SSL_CERT + - name: dictionaries + valueFrom: + configMapKeyRef: + name: {{ include "collabora-code.fullname" . }} + key: dictionaries + - name: domain + valueFrom: + configMapKeyRef: + name: {{ include "collabora-code.fullname" . }} + key: domain + - name: extra_params + valueFrom: + configMapKeyRef: + name: {{ include "collabora-code.fullname" . }} + key: extra_params + - name: server_name + valueFrom: + configMapKeyRef: + name: {{ include "collabora-code.fullname" . }} + key: server_name + - name: username + valueFrom: + secretKeyRef: + name: {{ include "collabora-code.fullname" . }} + key: username + - name: password + valueFrom: + secretKeyRef: + name: {{ include "collabora-code.fullname" . }} + key: password + livenessProbe: + failureThreshold: 3 + httpGet: + path: / + port: http + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + readinessProbe: + failureThreshold: 3 + httpGet: + path: / + port: http + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + successThreshold: 1 + timeoutSeconds: 2 + ports: + - name: http + containerPort: {{ .Values.service.port }} + protocol: TCP + resources: + {{- toYaml .Values.resources | nindent 12 }} + securityContext: + {{- toYaml .Values.securitycontext | nindent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/stable/collabora-code/templates/ingress.yaml b/stable/collabora-code/templates/ingress.yaml new file mode 100644 index 000000000000..f7b86cd1c2c7 --- /dev/null +++ b/stable/collabora-code/templates/ingress.yaml @@ -0,0 +1,40 @@ +{{- if .Values.ingress.enabled -}} +{{- $fullName := include "collabora-code.fullname" . -}} +{{- $ingressPaths := .Values.ingress.paths -}} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ $fullName }} + labels: + app.kubernetes.io/name: {{ include "collabora-code.name" . }} + helm.sh/chart: {{ include "collabora-code.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + {{- with .Values.ingress.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: +{{- if .Values.ingress.tls }} + tls: + {{- range .Values.ingress.tls }} + - hosts: + {{- range .hosts }} + - {{ . | quote }} + {{- end }} + secretName: {{ .secretName }} + {{- end }} +{{- end }} + rules: + {{- range .Values.ingress.hosts }} + - host: {{ . | quote }} + http: + paths: + {{- range $ingressPaths }} + - path: {{ . }} + backend: + serviceName: {{ $fullName }} + servicePort: http + {{- end }} + {{- end }} +{{- end }} diff --git a/stable/collabora-code/templates/secret.yaml b/stable/collabora-code/templates/secret.yaml new file mode 100644 index 000000000000..9999e6245d2f --- /dev/null +++ b/stable/collabora-code/templates/secret.yaml @@ -0,0 +1,7 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "collabora-code.fullname" . }} +data: + username: {{ .Values.collabora.username | b64enc }} + password: {{ .Values.collabora.password | b64enc }} \ No newline at end of file diff --git a/stable/collabora-code/templates/service.yaml b/stable/collabora-code/templates/service.yaml new file mode 100644 index 000000000000..c80a6ab8e0fd --- /dev/null +++ b/stable/collabora-code/templates/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ include "collabora-code.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "collabora-code.name" . }} + helm.sh/chart: {{ include "collabora-code.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: http + selector: + app.kubernetes.io/name: {{ include "collabora-code.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} diff --git a/stable/collabora-code/templates/tests/test-connection.yaml b/stable/collabora-code/templates/tests/test-connection.yaml new file mode 100644 index 000000000000..1d4689bf343a --- /dev/null +++ b/stable/collabora-code/templates/tests/test-connection.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "collabora-code.fullname" . }}-test-connection" + labels: + app.kubernetes.io/name: {{ include "collabora-code.name" . }} + helm.sh/chart: {{ include "collabora-code.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + annotations: + "helm.sh/hook": test-success +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "collabora-code.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/stable/collabora-code/values.yaml b/stable/collabora-code/values.yaml new file mode 100644 index 000000000000..98375e4b8023 --- /dev/null +++ b/stable/collabora-code/values.yaml @@ -0,0 +1,55 @@ +# Default values for collabora-code. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: collabora/code + tag: 4.0.0.2 + pullPolicy: IfNotPresent + +strategy: Recreate + +nameOverride: "" +fullnameOverride: "" + +service: + type: ClusterIP + port: 9980 + +ingress: + enabled: false + annotations: {} + paths: [] + hosts: [] + tls: [] + +collabora: + DONT_GEN_SSL_CERT: true + domain: nextcloud\\.domain + extra_params: --o:ssl.termination=true --o:ssl.enable=false + server_name: collabora\.domain + password: examplepass + username: admin + dictionaries: de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru + +securitycontext: + allowPrivilegeEscalation: true + capabilities: + add: + - MKNOD + +resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {} From 6cb8277e5053815ae01cd9e52b23ac08a00516e6 Mon Sep 17 00:00:00 2001 From: Vladimir Date: Fri, 1 Mar 2019 20:26:06 +0200 Subject: [PATCH 0386/1586] [stable/redis-ha] feat: implement RBAC (#11842) * feat: implement RBAC Signed-off-by: Vladimir Syromyatnikov * fix: typo in README Signed-off-by: Vladimir Syromyatnikov --- stable/redis-ha/Chart.yaml | 2 +- stable/redis-ha/README.md | 64 ++++++++++--------- stable/redis-ha/templates/_helpers.tpl | 10 +++ stable/redis-ha/templates/redis-ha-role.yaml | 18 ++++++ .../templates/redis-ha-rolebinding.yaml | 18 ++++++ .../templates/redis-ha-serviceaccount.yaml | 11 ++++ .../templates/redis-ha-statefulset.yaml | 1 + stable/redis-ha/values.yaml | 17 +++++ 8 files changed, 109 insertions(+), 32 deletions(-) create mode 100644 stable/redis-ha/templates/redis-ha-role.yaml create mode 100644 stable/redis-ha/templates/redis-ha-rolebinding.yaml create mode 100644 stable/redis-ha/templates/redis-ha-serviceaccount.yaml diff --git a/stable/redis-ha/Chart.yaml b/stable/redis-ha/Chart.yaml index 530289b35e30..19b57d053fb6 100644 --- a/stable/redis-ha/Chart.yaml +++ b/stable/redis-ha/Chart.yaml @@ -5,7 +5,7 @@ keywords: - redis - keyvalue - database -version: 3.2.1 +version: 3.3.0 appVersion: 5.0.3 description: Highly available Kubernetes implementation of Redis icon: https://upload.wikimedia.org/wikipedia/en/thumb/6/6b/Redis_Logo.svg/1200px-Redis_Logo.svg.png diff --git a/stable/redis-ha/README.md b/stable/redis-ha/README.md index f495ba9ce9cc..7b7a5e85b742 100644 --- a/stable/redis-ha/README.md +++ b/stable/redis-ha/README.md @@ -14,7 +14,7 @@ By default this chart install 3 pods total: ## Introduction -This chart bootstraps a [Redis](https://redis.io) highly available master/slave statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager. +This chart bootstraps a [Redis](https://redis.io) highly available master/slave statefulset in a [Kubernetes](http://kubernetes.io) cluster using the Helm package manager. ## Prerequisites @@ -51,35 +51,38 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the Redis chart and their default values. -| Parameter | Description | Default | -| -------------------------------- | ----------------------------------------------------- | --------------------------------------------------------- | -| `image` | Redis image | `redis` | -| `tag` | Redis tag | `5.0.3-alpine` | -| `replicas` | Number of redis master/slave pods | `3` | -| `redis.port` | Port to access the redis service | `6379` | -| `redis.masterGroupName` | Redis convention for naming the cluster group | `mymaster` | -| `redis.config` | Any valid redis config options in this section will be applied to each server (see below) | see values.yaml | -| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored | `` | -| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | `{}` | -| `sentinel.port` | Port to access the sentinel service | `26379` | -| `sentinel.quorum` | Minimum number of servers necessary to maintain quorum | `2` | -| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | see values.yaml | -| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored | `` | -| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | `{}` | -| `init.resources` | CPU/Memory for init Container node resource requests/limits | `{}` -| `auth` | Enables or disables redis AUTH (Requires `redisPassword` to be set) | `false` | -| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) | `` | -| `existingSecret` | An existing secret containing an `auth` key that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) | `` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `[]` | -| `podAntiAffinity.server` | Antiaffinity for pod assignment of servers, `hard` or `soft` | `Hard node and soft zone anti-affinity` | -| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | `false` | -| `exporter.image` | Exporter image | `oliver006/redis_exporter` | -| `exporter.tag` | Exporter tag | `v0.28.0` | -| `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` | -| `exporter.extraArgs` | Additional args for the exporter | `{}` | -| `hostPath.path` | Use this path on the host for data storage | not set | -| `hostPath.chown` | Run an init-container as root to set ownership on the hostPath | true | +| Parameter | Description | Default | +|:-------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------| +| `image` | Redis image | `redis` | +| `tag` | Redis tag | `5.0.3-alpine` | +| `replicas` | Number of redis master/slave pods | `3` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to create | Generated using the redis-ha.fullname template | +| `rbac.create` | Create and use RBAC resources | `true` | +| `redis.port` | Port to access the redis service | `6379` | +| `redis.masterGroupName` | Redis convention for naming the cluster group | `mymaster` | +| `redis.config` | Any valid redis config options in this section will be applied to each server (see below) | see values.yaml | +| `redis.customConfig` | Allows for custom redis.conf files to be applied. If this is used then `redis.config` is ignored | `` | +| `redis.resources` | CPU/Memory for master/slave nodes resource requests/limits | `{}` | +| `sentinel.port` | Port to access the sentinel service | `26379` | +| `sentinel.quorum` | Minimum number of servers necessary to maintain quorum | `2` | +| `sentinel.config` | Valid sentinel config options in this section will be applied as config options to each sentinel (see below) | see values.yaml | +| `sentinel.customConfig` | Allows for custom sentinel.conf files to be applied. If this is used then `sentinel.config` is ignored | `` | +| `sentinel.resources` | CPU/Memory for sentinel node resource requests/limits | `{}` | +| `init.resources` | CPU/Memory for init Container node resource requests/limits | `{}` | +| `auth` | Enables or disables redis AUTH (Requires `redisPassword` to be set) | `false` | +| `redisPassword` | A password that configures a `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`) | `` | +| `existingSecret` | An existing secret containing an `auth` key that configures `requirepass` and `masterauth` in the conf parameters (Requires `auth: enabled`, cannot be used in conjunction with `.Values.redisPassword`) | `` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `podAntiAffinity.server` | Antiaffinity for pod assignment of servers, `hard` or `soft` | `Hard node and soft zone anti-affinity` | +| `exporter.enabled` | If `true`, the prometheus exporter sidecar is enabled | `false` | +| `exporter.image` | Exporter image | `oliver006/redis_exporter` | +| `exporter.tag` | Exporter tag | `v0.28.0` | +| `exporter.annotations` | Prometheus scrape annotations | `{prometheus.io/path: /metrics, prometheus.io/port: "9121", prometheus.io/scrape: "true"}` | +| `exporter.extraArgs` | Additional args for the exporter | `{}` | +| `hostPath.path` | Use this path on the host for data storage | not set | +| `hostPath.chown` | Run an init-container as root to set ownership on the hostPath | true | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -120,4 +123,3 @@ Sentinel options supported must be in the the `sentinel