From cdc49455c84d6cda6e46c69b5f637ddd43e8a9b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 13:29:13 +0100 Subject: [PATCH 001/129] [bitnami/redis-cluster] feat: :sparkles: :lock: Add resource preset support (#23517) Signed-off-by: Javier Salmeron Garcia --- bitnami/redis-cluster/Chart.lock | 6 +- bitnami/redis-cluster/README.md | 489 +++++++++--------- bitnami/redis-cluster/templates/NOTES.txt | 1 + .../templates/update-cluster.yaml | 2 + bitnami/redis-cluster/values.yaml | 153 +++--- 5 files changed, 327 insertions(+), 324 deletions(-) diff --git a/bitnami/redis-cluster/Chart.lock b/bitnami/redis-cluster/Chart.lock index 490ac23376a3c8..52a6907d9c393c 100644 --- a/bitnami/redis-cluster/Chart.lock +++ b/bitnami/redis-cluster/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3 -generated: "2023-12-19T19:09:06.098675736Z" + version: 2.15.3 +digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 +generated: "2024-02-14T16:01:35.418835241+01:00" diff --git a/bitnami/redis-cluster/README.md b/bitnami/redis-cluster/README.md index 7d4239b8c130ac..3423ec3e9e1cbc 100644 --- a/bitnami/redis-cluster/README.md +++ b/bitnami/redis-cluster/README.md @@ -84,200 +84,200 @@ The command removes all the Kubernetes components associated with the chart and ### Redis® Cluster Common parameters -| Name | Description | Value | -| ----------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- | -| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | -| `fullnameOverride` | String to fully override common.names.fullname template | `""` | -| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | -| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | -| `commonLabels` | Labels to add to all deployed objects | `{}` | -| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | -| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | -| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | -| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | -| `image.registry` | Redis® cluster image registry | `REGISTRY_NAME` | -| `image.repository` | Redis® cluster image repository | `REPOSITORY_NAME/redis-cluster` | -| `image.digest` | Redis® cluster image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Redis® cluster image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | -| `networkPolicy.allowExternal` | The Policy model to apply | `true` | -| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to create | `""` | -| `serviceAccount.annotations` | Annotations for Cassandra Service Account | `{}` | -| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | -| `rbac.create` | Specifies whether RBAC resources should be created | `false` | -| `rbac.role.rules` | Rules to create. It follows the role specification | `[]` | -| `podSecurityContext.enabled` | Enable Redis® pod Security Context | `true` | -| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `podSecurityContext.fsGroup` | Group ID for the pods | `1001` | -| `podSecurityContext.sysctls` | Set namespaced sysctls for the pods | `[]` | -| `podDisruptionBudget` | Limits the number of pods of the replicated application that are down simultaneously from voluntary disruptions | `{}` | -| `minAvailable` | Min number of pods that must still be available after the eviction | `""` | -| `maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` | -| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `usePassword` | Use password authentication | `true` | -| `password` | Redis® password (ignored if existingSecret set) | `""` | -| `existingSecret` | Name of existing secret object (for password authentication) | `""` | -| `existingSecretPasswordKey` | Name of key containing password to be retrieved from the existing secret | `""` | -| `usePasswordFile` | Mount passwords as files instead of environment variables | `false` | -| `tls.enabled` | Enable TLS support for replication traffic | `false` | -| `tls.authClients` | Require clients to authenticate or not | `true` | -| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | -| `tls.existingSecret` | The name of the existing secret that contains the TLS certificates | `""` | -| `tls.certificatesSecret` | DEPRECATED. Use tls.existingSecret instead | `""` | -| `tls.certFilename` | Certificate filename | `""` | -| `tls.certKeyFilename` | Certificate key filename | `""` | -| `tls.certCAFilename` | CA Certificate filename | `""` | -| `tls.dhParamsFilename` | File containing DH params (in order to support DH based ciphers) | `""` | -| `service.ports.redis` | Kubernetes Redis service port | `6379` | -| `service.nodePorts.redis` | Node port for Redis | `""` | -| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | -| `service.annotations` | Provide any additional annotations which may be required. | `{}` | -| `service.labels` | Additional labels for redis service | `{}` | -| `service.type` | Service type for default redis service | `ClusterIP` | -| `service.clusterIP` | Service Cluster IP | `""` | -| `service.loadBalancerIP` | Load balancer IP if `service.type` is `LoadBalancer` | `""` | -| `service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | -| `service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | -| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `service.headless.annotations` | Annotations for the headless service. | `{}` | -| `persistence.enabled` | Enable persistence on Redis® | `true` | -| `persistence.path` | Path to mount the volume at, to use other images Redis® images. | `/bitnami/redis/data` | -| `persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services | `""` | -| `persistence.storageClass` | Storage class of backing PVC | `""` | -| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | -| `persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | -| `persistence.size` | Size of data volume | `8Gi` | -| `persistence.matchLabels` | Persistent Volume selectors | `{}` | -| `persistence.matchExpressions` | matchExpressions Persistent Volume selectors | `{}` | -| `persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | -| `persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | -| `persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the registry (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.containerSecurityContext.enabled` | Enable Containers' Security Context | `true` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the containers. | `0` | -| `volumePermissions.containerSecurityContext.privileged` | Run container as privileged | `false` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | -| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | +| Name | Description | Value | +| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------- | +| `nameOverride` | String to partially override common.names.fullname template (will maintain the release name) | `""` | +| `fullnameOverride` | String to fully override common.names.fullname template | `""` | +| `clusterDomain` | Kubernetes Cluster Domain | `cluster.local` | +| `commonAnnotations` | Annotations to add to all deployed objects | `{}` | +| `commonLabels` | Labels to add to all deployed objects | `{}` | +| `extraDeploy` | Array of extra objects to deploy with the release (evaluated as a template) | `[]` | +| `diagnosticMode.enabled` | Enable diagnostic mode (all probes will be disabled and the command will be overridden) | `false` | +| `diagnosticMode.command` | Command to override all containers in the deployment | `["sleep"]` | +| `diagnosticMode.args` | Args to override all containers in the deployment | `["infinity"]` | +| `image.registry` | Redis® cluster image registry | `REGISTRY_NAME` | +| `image.repository` | Redis® cluster image repository | `REPOSITORY_NAME/redis-cluster` | +| `image.digest` | Redis® cluster image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Redis® cluster image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Enable image debug mode | `false` | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | +| `networkPolicy.allowExternal` | The Policy model to apply | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to create | `""` | +| `serviceAccount.annotations` | Annotations for Cassandra Service Account | `{}` | +| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | +| `rbac.create` | Specifies whether RBAC resources should be created | `false` | +| `rbac.role.rules` | Rules to create. It follows the role specification | `[]` | +| `podSecurityContext.enabled` | Enable Redis® pod Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Group ID for the pods | `1001` | +| `podSecurityContext.sysctls` | Set namespaced sysctls for the pods | `[]` | +| `podDisruptionBudget` | Limits the number of pods of the replicated application that are down simultaneously from voluntary disruptions | `{}` | +| `minAvailable` | Min number of pods that must still be available after the eviction | `""` | +| `maxUnavailable` | Max number of pods that can be unavailable after the eviction | `""` | +| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `usePassword` | Use password authentication | `true` | +| `password` | Redis® password (ignored if existingSecret set) | `""` | +| `existingSecret` | Name of existing secret object (for password authentication) | `""` | +| `existingSecretPasswordKey` | Name of key containing password to be retrieved from the existing secret | `""` | +| `usePasswordFile` | Mount passwords as files instead of environment variables | `false` | +| `tls.enabled` | Enable TLS support for replication traffic | `false` | +| `tls.authClients` | Require clients to authenticate or not | `true` | +| `tls.autoGenerated` | Generate automatically self-signed TLS certificates | `false` | +| `tls.existingSecret` | The name of the existing secret that contains the TLS certificates | `""` | +| `tls.certificatesSecret` | DEPRECATED. Use tls.existingSecret instead | `""` | +| `tls.certFilename` | Certificate filename | `""` | +| `tls.certKeyFilename` | Certificate key filename | `""` | +| `tls.certCAFilename` | CA Certificate filename | `""` | +| `tls.dhParamsFilename` | File containing DH params (in order to support DH based ciphers) | `""` | +| `service.ports.redis` | Kubernetes Redis service port | `6379` | +| `service.nodePorts.redis` | Node port for Redis | `""` | +| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | +| `service.annotations` | Provide any additional annotations which may be required. | `{}` | +| `service.labels` | Additional labels for redis service | `{}` | +| `service.type` | Service type for default redis service | `ClusterIP` | +| `service.clusterIP` | Service Cluster IP | `""` | +| `service.loadBalancerIP` | Load balancer IP if `service.type` is `LoadBalancer` | `""` | +| `service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | +| `service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | +| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | +| `persistence.enabled` | Enable persistence on Redis® | `true` | +| `persistence.path` | Path to mount the volume at, to use other images Redis® images. | `/bitnami/redis/data` | +| `persistence.subPath` | The subdirectory of the volume to mount to, useful in dev environments and one PV for multiple services | `""` | +| `persistence.storageClass` | Storage class of backing PVC | `""` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | +| `persistence.size` | Size of data volume | `8Gi` | +| `persistence.matchLabels` | Persistent Volume selectors | `{}` | +| `persistence.matchExpressions` | matchExpressions Persistent Volume selectors | `{}` | +| `persistentVolumeClaimRetentionPolicy.enabled` | Controls if and how PVCs are deleted during the lifecycle of a StatefulSet | `false` | +| `persistentVolumeClaimRetentionPolicy.whenScaled` | Volume retention behavior when the replica count of the StatefulSet is reduced | `Retain` | +| `persistentVolumeClaimRetentionPolicy.whenDeleted` | Volume retention behavior that applies when the StatefulSet is deleted | `Retain` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the registry (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.containerSecurityContext.enabled` | Enable Containers' Security Context | `true` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the containers. | `0` | +| `volumePermissions.containerSecurityContext.privileged` | Run container as privileged | `false` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | ### Redis® statefulset parameters -| Name | Description | Value | -| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------- | --------------- | -| `redis.command` | Redis® entrypoint string. The command `redis-server` is executed if this is not provided | `[]` | -| `redis.args` | Arguments for the provided command if needed | `[]` | -| `redis.updateStrategy.type` | Argo Workflows statefulset strategy type | `RollingUpdate` | -| `redis.updateStrategy.rollingUpdate.partition` | Partition update strategy | `0` | -| `redis.podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `Parallel` | -| `redis.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `redis.hostAliases` | Deployment pod host aliases | `[]` | -| `redis.hostNetwork` | Host networking requested for this pod. Use the host's network namespace. | `false` | -| `redis.useAOFPersistence` | Whether to use AOF Persistence mode or not | `yes` | -| `redis.containerPorts.redis` | Redis® port | `6379` | -| `redis.containerPorts.bus` | The busPort should be obtained adding 10000 to the redisPort. By default: 10000 + 6379 = 16379 | `16379` | -| `redis.lifecycleHooks` | LifecycleHook to set additional configuration before or after startup. Evaluated as a template | `{}` | -| `redis.extraVolumes` | Extra volumes to add to the deployment | `[]` | -| `redis.extraVolumeMounts` | Extra volume mounts to add to the container | `[]` | -| `redis.customLivenessProbe` | Override default liveness probe | `{}` | -| `redis.customReadinessProbe` | Override default readiness probe | `{}` | -| `redis.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `redis.initContainers` | Extra init containers to add to the deployment | `[]` | -| `redis.sidecars` | Extra sidecar containers to add to the deployment | `[]` | -| `redis.podLabels` | Additional labels for Redis® pod | `{}` | -| `redis.priorityClassName` | Redis® Master pod priorityClassName | `""` | -| `redis.defaultConfigOverride` | Optional default Redis® configuration for the nodes | `""` | -| `redis.configmap` | Additional Redis® configuration for the nodes | `""` | -| `redis.extraEnvVars` | An array to add extra environment variables | `[]` | -| `redis.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | -| `redis.extraEnvVarsSecret` | Secret with extra environment variables | `""` | -| `redis.podAnnotations` | Redis® additional annotations | `{}` | -| `redis.resources.limits` | The resources limits for the container | `{}` | -| `redis.resources.requests` | The requested resources for the container | `{}` | -| `redis.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `redis.shareProcessNamespace` | Enable shared process namespace in a pod. | `false` | -| `redis.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `redis.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `redis.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `redis.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `redis.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `redis.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `redis.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `redis.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `redis.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `redis.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `redis.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `redis.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `redis.startupProbe.enabled` | Enable startupProbe | `false` | -| `redis.startupProbe.path` | Path to check for startupProbe | `/` | -| `redis.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `300` | -| `redis.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `redis.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `redis.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | -| `redis.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `redis.podAffinityPreset` | Redis® pod affinity preset. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `redis.podAntiAffinityPreset` | Redis® pod anti-affinity preset. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `redis.nodeAffinityPreset.type` | Redis® node affinity preset type. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `redis.nodeAffinityPreset.key` | Redis® node label key to match Ignored if `redis.affinity` is set. | `""` | -| `redis.nodeAffinityPreset.values` | Redis® node label values to match. Ignored if `redis.affinity` is set. | `[]` | -| `redis.affinity` | Affinity settings for Redis® pod assignment | `{}` | -| `redis.nodeSelector` | Node labels for Redis® pods assignment | `{}` | -| `redis.tolerations` | Tolerations for Redis® pods assignment | `[]` | -| `redis.topologySpreadConstraints` | Pod topology spread constraints for Redis® pod | `[]` | +| Name | Description | Value | +| ---------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------- | +| `redis.command` | Redis® entrypoint string. The command `redis-server` is executed if this is not provided | `[]` | +| `redis.args` | Arguments for the provided command if needed | `[]` | +| `redis.updateStrategy.type` | Argo Workflows statefulset strategy type | `RollingUpdate` | +| `redis.updateStrategy.rollingUpdate.partition` | Partition update strategy | `0` | +| `redis.podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `Parallel` | +| `redis.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `redis.hostAliases` | Deployment pod host aliases | `[]` | +| `redis.hostNetwork` | Host networking requested for this pod. Use the host's network namespace. | `false` | +| `redis.useAOFPersistence` | Whether to use AOF Persistence mode or not | `yes` | +| `redis.containerPorts.redis` | Redis® port | `6379` | +| `redis.containerPorts.bus` | The busPort should be obtained adding 10000 to the redisPort. By default: 10000 + 6379 = 16379 | `16379` | +| `redis.lifecycleHooks` | LifecycleHook to set additional configuration before or after startup. Evaluated as a template | `{}` | +| `redis.extraVolumes` | Extra volumes to add to the deployment | `[]` | +| `redis.extraVolumeMounts` | Extra volume mounts to add to the container | `[]` | +| `redis.customLivenessProbe` | Override default liveness probe | `{}` | +| `redis.customReadinessProbe` | Override default readiness probe | `{}` | +| `redis.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `redis.initContainers` | Extra init containers to add to the deployment | `[]` | +| `redis.sidecars` | Extra sidecar containers to add to the deployment | `[]` | +| `redis.podLabels` | Additional labels for Redis® pod | `{}` | +| `redis.priorityClassName` | Redis® Master pod priorityClassName | `""` | +| `redis.defaultConfigOverride` | Optional default Redis® configuration for the nodes | `""` | +| `redis.configmap` | Additional Redis® configuration for the nodes | `""` | +| `redis.extraEnvVars` | An array to add extra environment variables | `[]` | +| `redis.extraEnvVarsCM` | ConfigMap with extra environment variables | `""` | +| `redis.extraEnvVarsSecret` | Secret with extra environment variables | `""` | +| `redis.podAnnotations` | Redis® additional annotations | `{}` | +| `redis.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if redis.resources is set (redis.resources is recommended for production). | `none` | +| `redis.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `redis.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `redis.shareProcessNamespace` | Enable shared process namespace in a pod. | `false` | +| `redis.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `redis.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `redis.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `redis.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `redis.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `redis.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `redis.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `redis.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `redis.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `redis.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `redis.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `redis.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `redis.startupProbe.enabled` | Enable startupProbe | `false` | +| `redis.startupProbe.path` | Path to check for startupProbe | `/` | +| `redis.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `300` | +| `redis.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `redis.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `redis.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | +| `redis.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `redis.podAffinityPreset` | Redis® pod affinity preset. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `redis.podAntiAffinityPreset` | Redis® pod anti-affinity preset. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `redis.nodeAffinityPreset.type` | Redis® node affinity preset type. Ignored if `redis.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `redis.nodeAffinityPreset.key` | Redis® node label key to match Ignored if `redis.affinity` is set. | `""` | +| `redis.nodeAffinityPreset.values` | Redis® node label values to match. Ignored if `redis.affinity` is set. | `[]` | +| `redis.affinity` | Affinity settings for Redis® pod assignment | `{}` | +| `redis.nodeSelector` | Node labels for Redis® pods assignment | `{}` | +| `redis.tolerations` | Tolerations for Redis® pods assignment | `[]` | +| `redis.topologySpreadConstraints` | Pod topology spread constraints for Redis® pod | `[]` | ### Cluster update job parameters -| Name | Description | Value | -| ---------------------------------------- | -------------------------------------------------------------------------------------------------------------- | -------------- | -| `updateJob.activeDeadlineSeconds` | Number of seconds the Job to create the cluster will be waiting for the Nodes to be ready. | `600` | -| `updateJob.command` | Container command (using container default if not set) | `[]` | -| `updateJob.args` | Container args (using container default if not set) | `[]` | -| `updateJob.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `updateJob.hostAliases` | Deployment pod host aliases | `[]` | -| `updateJob.helmHook` | Job Helm hook | `post-upgrade` | -| `updateJob.annotations` | Job annotations | `{}` | -| `updateJob.podAnnotations` | Job pod annotations | `{}` | -| `updateJob.podLabels` | Pod extra labels | `{}` | -| `updateJob.extraEnvVars` | An array to add extra environment variables | `[]` | -| `updateJob.extraEnvVarsCM` | ConfigMap containing extra environment variables | `""` | -| `updateJob.extraEnvVarsSecret` | Secret containing extra environment variables | `""` | -| `updateJob.extraVolumes` | Extra volumes to add to the deployment | `[]` | -| `updateJob.extraVolumeMounts` | Extra volume mounts to add to the container | `[]` | -| `updateJob.initContainers` | Extra init containers to add to the deployment | `[]` | -| `updateJob.podAffinityPreset` | Update job pod affinity preset. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `updateJob.podAntiAffinityPreset` | Update job pod anti-affinity preset. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `updateJob.nodeAffinityPreset.type` | Update job node affinity preset type. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `updateJob.nodeAffinityPreset.key` | Update job node label key to match Ignored if `updateJob.affinity` is set. | `""` | -| `updateJob.nodeAffinityPreset.values` | Update job node label values to match. Ignored if `updateJob.affinity` is set. | `[]` | -| `updateJob.affinity` | Affinity for update job pods assignment | `{}` | -| `updateJob.nodeSelector` | Node labels for update job pods assignment | `{}` | -| `updateJob.tolerations` | Tolerations for update job pods assignment | `[]` | -| `updateJob.priorityClassName` | Priority class name | `""` | -| `updateJob.resources.limits` | The resources limits for the container | `{}` | -| `updateJob.resources.requests` | The requested resources for the container | `{}` | +| Name | Description | Value | +| ---------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------- | +| `updateJob.activeDeadlineSeconds` | Number of seconds the Job to create the cluster will be waiting for the Nodes to be ready. | `600` | +| `updateJob.command` | Container command (using container default if not set) | `[]` | +| `updateJob.args` | Container args (using container default if not set) | `[]` | +| `updateJob.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `updateJob.hostAliases` | Deployment pod host aliases | `[]` | +| `updateJob.helmHook` | Job Helm hook | `post-upgrade` | +| `updateJob.annotations` | Job annotations | `{}` | +| `updateJob.podAnnotations` | Job pod annotations | `{}` | +| `updateJob.podLabels` | Pod extra labels | `{}` | +| `updateJob.extraEnvVars` | An array to add extra environment variables | `[]` | +| `updateJob.extraEnvVarsCM` | ConfigMap containing extra environment variables | `""` | +| `updateJob.extraEnvVarsSecret` | Secret containing extra environment variables | `""` | +| `updateJob.extraVolumes` | Extra volumes to add to the deployment | `[]` | +| `updateJob.extraVolumeMounts` | Extra volume mounts to add to the container | `[]` | +| `updateJob.initContainers` | Extra init containers to add to the deployment | `[]` | +| `updateJob.podAffinityPreset` | Update job pod affinity preset. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `updateJob.podAntiAffinityPreset` | Update job pod anti-affinity preset. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `updateJob.nodeAffinityPreset.type` | Update job node affinity preset type. Ignored if `updateJob.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `updateJob.nodeAffinityPreset.key` | Update job node label key to match Ignored if `updateJob.affinity` is set. | `""` | +| `updateJob.nodeAffinityPreset.values` | Update job node label values to match. Ignored if `updateJob.affinity` is set. | `[]` | +| `updateJob.affinity` | Affinity for update job pods assignment | `{}` | +| `updateJob.nodeSelector` | Node labels for update job pods assignment | `{}` | +| `updateJob.tolerations` | Tolerations for update job pods assignment | `[]` | +| `updateJob.priorityClassName` | Priority class name | `""` | +| `updateJob.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if updateJob.resources is set (updateJob.resources is recommended for production). | `none` | +| `updateJob.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | ### Cluster management parameters @@ -302,62 +302,63 @@ The command removes all the Kubernetes components associated with the chart and ### Metrics sidecar parameters -| Name | Description | Value | -| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Redis® exporter image registry | `REGISTRY_NAME` | -| `metrics.image.repository` | Redis® exporter image name | `REPOSITORY_NAME/redis-exporter` | -| `metrics.image.digest` | Redis® exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | Redis® exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.resources` | Metrics exporter resource requests and limits | `{}` | -| `metrics.extraArgs` | Extra arguments for the binary; possible values [here](https://github.com/oliver006/redis_exporter) | `{}` | -| `metrics.extraEnvVars` | Array with extra environment variables to add to Redis® exporter | `[]` | -| `metrics.containerPorts.http` | Metrics HTTP container port | `9121` | -| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{}` | -| `metrics.podLabels` | Additional labels for Metrics exporter pod | `{}` | -| `metrics.containerSecurityContext.enabled` | Enable Metrics Containers' Security Context | `false` | -| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Allow Privilege Escalation for metrics container | `false` | -| `metrics.serviceMonitor.enabled` | If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Optional namespace which Prometheus is running in | `""` | -| `metrics.serviceMonitor.interval` | How frequently to scrape metrics (use by default, falling back to Prometheus' default) | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | -| `metrics.serviceMonitor.labels` | ServiceMonitor extra labels | `{}` | -| `metrics.serviceMonitor.annotations` | ServiceMonitor annotations | `{}` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | -| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `""` | -| `metrics.prometheusRule.rules` | Create specified [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/), check values for an example. | `[]` | -| `metrics.priorityClassName` | Metrics exporter pod priorityClassName | `""` | -| `metrics.service.type` | Kubernetes Service type (redis metrics) | `ClusterIP` | -| `metrics.service.loadBalancerIP` | Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank | `""` | -| `metrics.service.annotations` | Annotations for the services to monitor. | `{}` | -| `metrics.service.labels` | Additional labels for the metrics service | `{}` | -| `metrics.service.ports.http` | Metrics HTTP service port | `9121` | -| `metrics.service.clusterIP` | Service Cluster IP | `""` | +| Name | Description | Value | +| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------- | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Redis® exporter image registry | `REGISTRY_NAME` | +| `metrics.image.repository` | Redis® exporter image name | `REPOSITORY_NAME/redis-exporter` | +| `metrics.image.digest` | Redis® exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | Redis® exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` | +| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `metrics.extraArgs` | Extra arguments for the binary; possible values [here](https://github.com/oliver006/redis_exporter) | `{}` | +| `metrics.extraEnvVars` | Array with extra environment variables to add to Redis® exporter | `[]` | +| `metrics.containerPorts.http` | Metrics HTTP container port | `9121` | +| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{}` | +| `metrics.podLabels` | Additional labels for Metrics exporter pod | `{}` | +| `metrics.containerSecurityContext.enabled` | Enable Metrics Containers' Security Context | `false` | +| `metrics.containerSecurityContext.allowPrivilegeEscalation` | Allow Privilege Escalation for metrics container | `false` | +| `metrics.serviceMonitor.enabled` | If `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Optional namespace which Prometheus is running in | `""` | +| `metrics.serviceMonitor.interval` | How frequently to scrape metrics (use by default, falling back to Prometheus' default) | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.labels` | ServiceMonitor extra labels | `{}` | +| `metrics.serviceMonitor.annotations` | ServiceMonitor annotations | `{}` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.prometheusRule.enabled` | Set this to true to create prometheusRules for Prometheus operator | `false` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so prometheusRules will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.namespace` | namespace where prometheusRules resource should be created | `""` | +| `metrics.prometheusRule.rules` | Create specified [rules](https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/), check values for an example. | `[]` | +| `metrics.priorityClassName` | Metrics exporter pod priorityClassName | `""` | +| `metrics.service.type` | Kubernetes Service type (redis metrics) | `ClusterIP` | +| `metrics.service.loadBalancerIP` | Use serviceLoadBalancerIP to request a specific static IP, otherwise leave blank | `""` | +| `metrics.service.annotations` | Annotations for the services to monitor. | `{}` | +| `metrics.service.labels` | Additional labels for the metrics service | `{}` | +| `metrics.service.ports.http` | Metrics HTTP service port | `9121` | +| `metrics.service.clusterIP` | Service Cluster IP | `""` | ### Sysctl Image parameters -| Name | Description | Value | -| ----------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | `false` | -| `sysctlImage.command` | sysctlImage command to execute | `[]` | -| `sysctlImage.registry` | sysctlImage Init container registry | `REGISTRY_NAME` | -| `sysctlImage.repository` | sysctlImage Init container repository | `REPOSITORY_NAME/os-shell` | -| `sysctlImage.digest` | sysctlImage Init container digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `IfNotPresent` | -| `sysctlImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `sysctlImage.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` | -| `sysctlImage.containerSecurityContext.enabled` | Enable Containers' Security Context | `true` | -| `sysctlImage.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `sysctlImage.containerSecurityContext.runAsUser` | User ID for the containers. | `0` | -| `sysctlImage.containerSecurityContext.privileged` | Run privileged as privileged | `true` | -| `sysctlImage.resources.limits` | The resources limits for the container | `{}` | -| `sysctlImage.resources.requests` | The requested resources for the container | `{}` | +| Name | Description | Value | +| ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `sysctlImage.enabled` | Enable an init container to modify Kernel settings | `false` | +| `sysctlImage.command` | sysctlImage command to execute | `[]` | +| `sysctlImage.registry` | sysctlImage Init container registry | `REGISTRY_NAME` | +| `sysctlImage.repository` | sysctlImage Init container repository | `REPOSITORY_NAME/os-shell` | +| `sysctlImage.digest` | sysctlImage Init container digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `sysctlImage.pullPolicy` | sysctlImage Init container pull policy | `IfNotPresent` | +| `sysctlImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `sysctlImage.mountHostSys` | Mount the host `/sys` folder to `/host-sys` | `false` | +| `sysctlImage.containerSecurityContext.enabled` | Enable Containers' Security Context | `true` | +| `sysctlImage.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `sysctlImage.containerSecurityContext.runAsUser` | User ID for the containers. | `0` | +| `sysctlImage.containerSecurityContext.privileged` | Run privileged as privileged | `true` | +| `sysctlImage.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sysctlImage.resources is set (sysctlImage.resources is recommended for production). | `none` | +| `sysctlImage.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -385,6 +386,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/redis ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/redis-cluster/templates/NOTES.txt b/bitnami/redis-cluster/templates/NOTES.txt index dcd1057467066c..eab81c5c9ab8d0 100644 --- a/bitnami/redis-cluster/templates/NOTES.txt +++ b/bitnami/redis-cluster/templates/NOTES.txt @@ -115,3 +115,4 @@ will be able to connect to redis. {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $requiredPasswordError) "context" $) -}} {{- end -}} {{- end }} +{{- include "common.warnings.resources" (dict "sections" (list "metrics" "redis" "sysctlImage" "updateJob" "volumePermissions") "context" $) }} diff --git a/bitnami/redis-cluster/templates/update-cluster.yaml b/bitnami/redis-cluster/templates/update-cluster.yaml index 95e15e8beb32e5..82a74375827e7f 100644 --- a/bitnami/redis-cluster/templates/update-cluster.yaml +++ b/bitnami/redis-cluster/templates/update-cluster.yaml @@ -231,6 +231,8 @@ spec: {{- end }} {{- if .Values.updateJob.resources }} resources: {{- toYaml .Values.updateJob.resources | nindent 12 }} + {{- else if ne .Values.updateJob.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.updateJob.resourcesPreset) | nindent 12 }} {{- end }} {{- if or .Values.tls.enabled .Values.updateJob.extraVolumeMounts }} volumeMounts: diff --git a/bitnami/redis-cluster/values.yaml b/bitnami/redis-cluster/values.yaml index 74f4de9e77125b..959ee3581892a4 100644 --- a/bitnami/redis-cluster/values.yaml +++ b/bitnami/redis-cluster/values.yaml @@ -22,7 +22,6 @@ global: storageClass: "" redis: password: "" - ## @section Redis® Cluster Common parameters ## @@ -44,7 +43,6 @@ commonLabels: {} ## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template) ## extraDeploy: [] - ## Enable diagnostic mode in the deployment ## diagnosticMode: @@ -59,7 +57,6 @@ diagnosticMode: ## args: - infinity - ## Bitnami Redis® image version ## ref: https://hub.docker.com/r/bitnami/redis/tags/ ## @param image.registry [default: REGISTRY_NAME] Redis® cluster image registry @@ -145,7 +142,6 @@ networkPolicy: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - serviceAccount: ## @param serviceAccount.create Specifies whether a ServiceAccount should be created ## @@ -160,7 +156,6 @@ serviceAccount: ## @param serviceAccount.automountServiceAccountToken Automount API credentials for a service account. ## automountServiceAccountToken: false - rbac: ## @param rbac.create Specifies whether RBAC resources should be created ## @@ -385,7 +380,6 @@ persistence: ## @param persistence.matchExpressions matchExpressions Persistent Volume selectors ## matchExpressions: {} - ## persistentVolumeClaimRetentionPolicy ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#persistentvolumeclaim-retention ## @param persistentVolumeClaimRetentionPolicy.enabled Controls if and how PVCs are deleted during the lifecycle of a StatefulSet @@ -395,7 +389,6 @@ persistentVolumeClaimRetentionPolicy: enabled: false whenScaled: Retain whenDeleted: Retain - ## Init containers parameters: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup ## @@ -437,32 +430,29 @@ volumePermissions: privileged: false ## Container resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## PodSecurityPolicy configuration ## ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ ## @param podSecurityPolicy.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later ## podSecurityPolicy: create: false - ## @section Redis® statefulset parameters ## - redis: ## @param redis.command Redis® entrypoint string. The command `redis-server` is executed if this is not provided ## @@ -483,7 +473,6 @@ redis: ## rollingUpdate: partition: 0 - ## @param redis.podManagementPolicy Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies ## @@ -569,22 +558,21 @@ redis: podAnnotations: {} ## Redis® resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param redis.resources.limits The resources limits for the container - ## @param redis.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} + ## @param redis.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if redis.resources is set (redis.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param redis.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param redis.schedulerName Use an alternate scheduler, e.g. "stork". ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## @@ -690,7 +678,6 @@ redis: ## The value is evaluated as a template ## topologySpreadConstraints: [] - ## @section Cluster update job parameters ## @@ -797,23 +784,21 @@ updateJob: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param updateJob.resources.limits The resources limits for the container - ## @param updateJob.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 500m - ## memory: 1Gi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - ## - requests: {} - + ## @param updateJob.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if updateJob.resources is set (updateJob.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param updateJob.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @section Cluster management parameters ## @@ -891,7 +876,6 @@ cluster: ## @param cluster.update.newExternalIPs External IPs obtained from the services for the new nodes to add to the cluster ## newExternalIPs: [] - ## @section Metrics sidecar parameters ## @@ -922,7 +906,19 @@ metrics: ## - myRegistryKeySecretName ## pullSecrets: [] - ## @param metrics.resources Metrics exporter resource requests and limits + ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## resources: {} @@ -938,7 +934,6 @@ metrics: ## value: "bar" ## extraEnvVars: [] - ## @param metrics.containerPorts.http Metrics HTTP container port ## containerPorts: @@ -1066,7 +1061,6 @@ metrics: loadBalancerIP: "" annotations: {} labels: {} - ## @section Sysctl Image parameters ## @@ -1116,19 +1110,18 @@ sysctlImage: privileged: true ## Container resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param sysctlImage.resources.limits The resources limits for the container - ## @param sysctlImage.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} + ## @param sysctlImage.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sysctlImage.resources is set (sysctlImage.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param sysctlImage.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} From 2465ed13ddadc51fa0c60f4fb96dd3ff15d8df14 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 13:29:33 +0100 Subject: [PATCH 002/129] [bitnami/pytorch] feat: :sparkles: :lock: Add resource preset support (#23513) Signed-off-by: Javier Salmeron Garcia --- bitnami/pytorch/Chart.lock | 6 +- bitnami/pytorch/README.md | 208 +++++++++++---------- bitnami/pytorch/templates/NOTES.txt | 1 + bitnami/pytorch/templates/deployment.yaml | 4 + bitnami/pytorch/templates/statefulset.yaml | 4 + bitnami/pytorch/values.yaml | 57 +++--- 6 files changed, 148 insertions(+), 132 deletions(-) diff --git a/bitnami/pytorch/Chart.lock b/bitnami/pytorch/Chart.lock index 6294200b68aa8a..d8bae20177ab4c 100644 --- a/bitnami/pytorch/Chart.lock +++ b/bitnami/pytorch/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3 -generated: "2024-01-17T20:01:22.373801199Z" + version: 2.15.3 +digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 +generated: "2024-02-14T15:57:52.978792814+01:00" diff --git a/bitnami/pytorch/README.md b/bitnami/pytorch/README.md index 074ad1cf94872a..b8edb34d94e5dc 100644 --- a/bitnami/pytorch/README.md +++ b/bitnami/pytorch/README.md @@ -81,92 +81,92 @@ The command removes all the Kubernetes components associated with the chart and ### PyTorch parameters -| Name | Description | Value | -| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------- | -| `image.registry` | PyTorch image registry | `REGISTRY_NAME` | -| `image.repository` | PyTorch image repository | `REPOSITORY_NAME/pytorch` | -| `image.digest` | PyTorch image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | PyTorch image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `worldSize` | Number of nodes that will run the code | `1` | -| `containerPorts.pytorch` | PyTorch master port. `MASTER_PORT` will be set to this value | `49875` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe | `true` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `3` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `podSecurityContext.enabled` | Enabled Pytorch pods' Security Context | `true` | -| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `podSecurityContext.fsGroup` | Set Pytorch pods' Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `resources.limits` | The resources limits for the Pytorch containers | `{}` | -| `resources.requests` | The requested resources for the Pytorch containers | `{}` | -| `entrypoint.file` | Main entrypoint to your application | `""` | -| `entrypoint.args` | Args required by your entrypoint | `[]` | -| `architecture` | Run PyTorch in standalone or distributed mode. Possible values: `standalone`, `distributed` | `standalone` | -| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `podLabels` | Extra labels for Pytorch pods | `{}` | -| `podAnnotations` | Annotations for Pytorch pods | `{}` | -| `existingConfigmap` | Config map that contains the files you want to load in PyTorch | `""` | -| `cloneFilesFromGit.enabled` | Enable in order to download files from git repository | `false` | -| `cloneFilesFromGit.repository` | Repository that holds the files | `""` | -| `cloneFilesFromGit.revision` | Revision from the repository to checkout | `""` | -| `cloneFilesFromGit.extraVolumeMounts` | Add extra volume mounts for the Git container | `[]` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | -| `updateStrategy.type` | Pytorch statefulset strategy type | `RollingUpdate` | -| `podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `OrderedReady` | -| `priorityClassName` | Pytorch pods' priorityClassName | `""` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `schedulerName` | Name of the k8s scheduler (other than default) for Pytorch pods | `""` | -| `terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | -| `lifecycleHooks` | for the Pytorch container(s) to automate configuration before or after startup | `{}` | -| `extraEnvVars` | Array with extra environment variables to add to Pytorch nodes | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Pytorch nodes | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Pytorch nodes | `""` | -| `extraVolumes` | Optionally specify extra list of additional volumes for the Pytorch pod(s) | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Pytorch container(s) | `[]` | -| `sidecars` | Add additional sidecar containers to the Pytorch pod(s) | `[]` | -| `initContainers` | Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) | `[]` | -| `serviceAccount.create` | Enable creation of ServiceAccount for Pytorch pod | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | -| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| Name | Description | Value | +| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `image.registry` | PyTorch image registry | `REGISTRY_NAME` | +| `image.repository` | PyTorch image repository | `REPOSITORY_NAME/pytorch` | +| `image.digest` | PyTorch image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | PyTorch image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `worldSize` | Number of nodes that will run the code | `1` | +| `containerPorts.pytorch` | PyTorch master port. `MASTER_PORT` will be set to this value | `49875` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `5` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe | `true` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `5` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `3` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `podSecurityContext.enabled` | Enabled Pytorch pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Set Pytorch pods' Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `entrypoint.file` | Main entrypoint to your application | `""` | +| `entrypoint.args` | Args required by your entrypoint | `[]` | +| `architecture` | Run PyTorch in standalone or distributed mode. Possible values: `standalone`, `distributed` | `standalone` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `hostAliases` | Deployment pod host aliases | `[]` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `podLabels` | Extra labels for Pytorch pods | `{}` | +| `podAnnotations` | Annotations for Pytorch pods | `{}` | +| `existingConfigmap` | Config map that contains the files you want to load in PyTorch | `""` | +| `cloneFilesFromGit.enabled` | Enable in order to download files from git repository | `false` | +| `cloneFilesFromGit.repository` | Repository that holds the files | `""` | +| `cloneFilesFromGit.revision` | Revision from the repository to checkout | `""` | +| `cloneFilesFromGit.extraVolumeMounts` | Add extra volume mounts for the Git container | `[]` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | +| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | +| `tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | +| `updateStrategy.type` | Pytorch statefulset strategy type | `RollingUpdate` | +| `podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `OrderedReady` | +| `priorityClassName` | Pytorch pods' priorityClassName | `""` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `schedulerName` | Name of the k8s scheduler (other than default) for Pytorch pods | `""` | +| `terminationGracePeriodSeconds` | Seconds Redmine pod needs to terminate gracefully | `""` | +| `lifecycleHooks` | for the Pytorch container(s) to automate configuration before or after startup | `{}` | +| `extraEnvVars` | Array with extra environment variables to add to Pytorch nodes | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Pytorch nodes | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Pytorch nodes | `""` | +| `extraVolumes` | Optionally specify extra list of additional volumes for the Pytorch pod(s) | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Pytorch container(s) | `[]` | +| `sidecars` | Add additional sidecar containers to the Pytorch pod(s) | `[]` | +| `initContainers` | Add additional init containers to the %%MAIN_CONTAINER_NAME%% pod(s) | `[]` | +| `serviceAccount.create` | Enable creation of ServiceAccount for Pytorch pod | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | ### Traffic Exposure Parameters @@ -194,21 +194,21 @@ The command removes all the Kubernetes components associated with the chart and ### Init Container Parameters -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `git.registry` | Git image registry | `REGISTRY_NAME` | -| `git.repository` | Git image repository | `REPOSITORY_NAME/git` | -| `git.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `git.pullPolicy` | Git image pull policy | `IfNotPresent` | -| `git.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | +| Name | Description | Value | +| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `git.registry` | Git image registry | `REGISTRY_NAME` | +| `git.repository` | Git image repository | `REPOSITORY_NAME/git` | +| `git.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `git.pullPolicy` | Git image pull policy | `IfNotPresent` | +| `git.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | ### Persistence Parameters @@ -249,6 +249,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/pytor ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/pytorch/templates/NOTES.txt b/bitnami/pytorch/templates/NOTES.txt index 2f62ba8c07dcef..b340c4c124ce74 100644 --- a/bitnami/pytorch/templates/NOTES.txt +++ b/bitnami/pytorch/templates/NOTES.txt @@ -64,3 +64,4 @@ Examples for the different methods can be found in the README. {{ include "pytorch.validateValues" . }} {{ include "pytorch.checkRollingTags" . }} +{{- include "common.warnings.resources" (dict "sections" (list "" "volumePermissions") "context" $) }} diff --git a/bitnami/pytorch/templates/deployment.yaml b/bitnami/pytorch/templates/deployment.yaml index bf59e66faf1a92..21c0002c0aa3b3 100644 --- a/bitnami/pytorch/templates/deployment.yaml +++ b/bitnami/pytorch/templates/deployment.yaml @@ -95,6 +95,8 @@ spec: runAsUser: 0 {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data @@ -148,6 +150,8 @@ spec: {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} ports: - name: pytorch diff --git a/bitnami/pytorch/templates/statefulset.yaml b/bitnami/pytorch/templates/statefulset.yaml index 9c77b448166395..f997d3e5149ee0 100644 --- a/bitnami/pytorch/templates/statefulset.yaml +++ b/bitnami/pytorch/templates/statefulset.yaml @@ -96,6 +96,8 @@ spec: runAsUser: 0 {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data @@ -156,6 +158,8 @@ spec: {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.customLivenessProbe }} diff --git a/bitnami/pytorch/values.yaml b/bitnami/pytorch/values.yaml index 7ce6c3d7eabbf0..5230a11e6b1c54 100644 --- a/bitnami/pytorch/values.yaml +++ b/bitnami/pytorch/values.yaml @@ -19,7 +19,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @@ -55,7 +54,6 @@ diagnosticMode: ## args: - infinity - ## @section PyTorch parameters ## @@ -201,12 +199,21 @@ containerSecurityContext: type: "RuntimeDefault" ## Pytorch resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -## @param resources.limits The resources limits for the Pytorch containers -## @param resources.requests The requested resources for the Pytorch containers -## -resources: - limits: {} - requests: {} +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "none" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} ## PyTorch configuration. This will be executed as: python [file] [args] ## @param entrypoint.file Main entrypoint to your application ## @param entrypoint.args Args required by your entrypoint @@ -374,7 +381,6 @@ sidecars: [] ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## @@ -393,7 +399,6 @@ serviceAccount: ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount ## annotations: {} - ## @section Traffic Exposure Parameters ## @@ -462,7 +467,6 @@ service: ## @param service.headless.annotations Annotations for the headless service. ## annotations: {} - ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## @@ -518,7 +522,6 @@ networkPolicy: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## @section Init Container Parameters ## @@ -580,23 +583,21 @@ volumePermissions: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @section Persistence Parameters ## From 01e850520c5d7509648a6f31f0dbe542f6fd5348 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 13:29:42 +0100 Subject: [PATCH 003/129] [bitnami/logstash] feat: :sparkles: :lock: Add resource preset support (#23478) Signed-off-by: Javier Salmeron Garcia --- bitnami/logstash/Chart.lock | 6 +- bitnami/logstash/README.md | 286 ++++++++++++++------------- bitnami/logstash/templates/NOTES.txt | 1 + bitnami/logstash/templates/sts.yaml | 4 + bitnami/logstash/values.yaml | 102 +++++----- 5 files changed, 202 insertions(+), 197 deletions(-) diff --git a/bitnami/logstash/Chart.lock b/bitnami/logstash/Chart.lock index 461171bc8e5221..44da649ec93717 100644 --- a/bitnami/logstash/Chart.lock +++ b/bitnami/logstash/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3 -generated: "2024-01-11T19:52:16.151402886Z" + version: 2.15.3 +digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 +generated: "2024-02-14T15:19:55.430445697+01:00" diff --git a/bitnami/logstash/README.md b/bitnami/logstash/README.md index d34ea1c5f22f75..e51601be9ba330 100644 --- a/bitnami/logstash/README.md +++ b/bitnami/logstash/README.md @@ -78,146 +78,146 @@ The command removes all the Kubernetes components associated with the chart and ### Logstash parameters -| Name | Description | Value | -| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `image.registry` | Logstash image registry | `REGISTRY_NAME` | -| `image.repository` | Logstash image repository | `REPOSITORY_NAME/logstash` | -| `image.digest` | Logstash image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Logstash image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `configFileName` | Logstash configuration file name. It must match the name of the configuration file mounted as a configmap. | `logstash.conf` | -| `enableMonitoringAPI` | Whether to enable the Logstash Monitoring API or not Kubernetes cluster domain | `true` | -| `monitoringAPIPort` | Logstash Monitoring API Port | `9600` | -| `extraEnvVars` | Array containing extra env vars to configure Logstash | `[]` | -| `extraEnvVarsSecret` | To add secrets to environment | `""` | -| `extraEnvVarsCM` | To add configmaps to environment | `""` | -| `input` | Input Plugins configuration | `""` | -| `filter` | Filter Plugins configuration | `""` | -| `output` | Output Plugins configuration | `""` | -| `existingConfiguration` | Name of existing ConfigMap object with the Logstash configuration (`input`, `filter`, and `output` will be ignored). | `""` | -| `extraConfigurationFiles` | Extra configuration files to be added to the configuration ConfigMap and mounted at /bitnami/logstash/config. Rendered as a template. | `{}` | -| `enableMultiplePipelines` | Allows user to use multiple pipelines | `false` | -| `extraVolumes` | Array to add extra volumes (evaluated as a template) | `[]` | -| `extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes, evaluated as a template) | `[]` | -| `serviceAccount.create` | Enable creation of ServiceAccount for Logstash pods | `true` | -| `serviceAccount.name` | The name of the service account to use. If not set and `create` is `true`, a name is generated | `""` | -| `serviceAccount.automountServiceAccountToken` | Allows automount of ServiceAccountToken on the serviceAccount created | `false` | -| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | -| `containerPorts` | Array containing the ports to open in the Logstash container (evaluated as a template) | `[]` | -| `initContainers` | Add additional init containers to the Logstash pod(s) | `[]` | -| `sidecars` | Add additional sidecar containers to the Logstash pod(s) | `[]` | -| `replicaCount` | Number of Logstash replicas to deploy | `1` | -| `updateStrategy.type` | Update strategy type (`RollingUpdate`, or `OnDelete`) | `RollingUpdate` | -| `podManagementPolicy` | Pod management policy | `OrderedReady` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Extra labels for Logstash pods | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `priorityClassName` | Pod priority | `""` | -| `schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `terminationGracePeriodSeconds` | In seconds, time the given to the Logstash pod needs to terminate gracefully | `""` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `podSecurityContext.enabled` | Enabled Logstash pods' Security Context | `true` | -| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `podSecurityContext.fsGroup` | Set Logstash pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `lifecycleHooks` | for the Logstash container(s) to automate configuration before or after startup | `{}` | -| `resources.limits` | The resources limits for the Logstash container | `{}` | -| `resources.requests` | The requested resources for the Logstash container | `{}` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customStartupProbe` | Custom startup probe for the Web component | `{}` | -| `customLivenessProbe` | Custom liveness probe for the Web component | `{}` | -| `customReadinessProbe` | Custom readiness probe for the Web component | `{}` | -| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) | `ClusterIP` | -| `service.ports` | Logstash service ports (evaluated as a template) | `[]` | -| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `""` | -| `service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | -| `service.externalTrafficPolicy` | External traffic policy, configure to Local to preserve client source IP when using an external loadBalancer | `""` | -| `service.clusterIP` | Static clusterIP or None for headless services | `""` | -| `service.annotations` | Annotations for Logstash service | `{}` | -| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `service.headless.annotations` | Annotations for the headless service. | `{}` | -| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | -| `networkPolicy.allowExternal` | The Policy model to apply | `true` | -| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `persistence.enabled` | Enable Logstash data persistence using PVC | `false` | -| `persistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` | -| `persistence.storageClass` | PVC Storage Class for Logstash data volume | `""` | -| `persistence.accessModes` | PVC Access Mode for Logstash data volume | `["ReadWriteOnce"]` | -| `persistence.size` | PVC Storage Request for Logstash data volume | `2Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `persistence.mountPath` | Mount path of the Logstash data volume | `/bitnami/logstash/data` | -| `persistence.selector` | Selector to match an existing Persistent Volume for WordPress data PVC | `{}` | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | -| `volumePermissions.securityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions init container | `0` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | -| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | -| `ingress.enabled` | Enable ingress controller resource | `false` | -| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | -| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` | -| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `ingress.hostname` | Default host for the ingress resource | `logstash.local` | -| `ingress.path` | The Path to Logstash. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | -| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | -| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.extraRules` | The list of additional rules to be added to this ingress record. Evaluated as a template | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `pdb.create` | If true, create a pod disruption budget for pods. | `false` | -| `pdb.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` | -| `pdb.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `""` | +| Name | Description | Value | +| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `image.registry` | Logstash image registry | `REGISTRY_NAME` | +| `image.repository` | Logstash image repository | `REPOSITORY_NAME/logstash` | +| `image.digest` | Logstash image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Logstash image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `configFileName` | Logstash configuration file name. It must match the name of the configuration file mounted as a configmap. | `logstash.conf` | +| `enableMonitoringAPI` | Whether to enable the Logstash Monitoring API or not Kubernetes cluster domain | `true` | +| `monitoringAPIPort` | Logstash Monitoring API Port | `9600` | +| `extraEnvVars` | Array containing extra env vars to configure Logstash | `[]` | +| `extraEnvVarsSecret` | To add secrets to environment | `""` | +| `extraEnvVarsCM` | To add configmaps to environment | `""` | +| `input` | Input Plugins configuration | `""` | +| `filter` | Filter Plugins configuration | `""` | +| `output` | Output Plugins configuration | `""` | +| `existingConfiguration` | Name of existing ConfigMap object with the Logstash configuration (`input`, `filter`, and `output` will be ignored). | `""` | +| `extraConfigurationFiles` | Extra configuration files to be added to the configuration ConfigMap and mounted at /bitnami/logstash/config. Rendered as a template. | `{}` | +| `enableMultiplePipelines` | Allows user to use multiple pipelines | `false` | +| `extraVolumes` | Array to add extra volumes (evaluated as a template) | `[]` | +| `extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes, evaluated as a template) | `[]` | +| `serviceAccount.create` | Enable creation of ServiceAccount for Logstash pods | `true` | +| `serviceAccount.name` | The name of the service account to use. If not set and `create` is `true`, a name is generated | `""` | +| `serviceAccount.automountServiceAccountToken` | Allows automount of ServiceAccountToken on the serviceAccount created | `false` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| `containerPorts` | Array containing the ports to open in the Logstash container (evaluated as a template) | `[]` | +| `initContainers` | Add additional init containers to the Logstash pod(s) | `[]` | +| `sidecars` | Add additional sidecar containers to the Logstash pod(s) | `[]` | +| `replicaCount` | Number of Logstash replicas to deploy | `1` | +| `updateStrategy.type` | Update strategy type (`RollingUpdate`, or `OnDelete`) | `RollingUpdate` | +| `podManagementPolicy` | Pod management policy | `OrderedReady` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Extra labels for Logstash pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `priorityClassName` | Pod priority | `""` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `terminationGracePeriodSeconds` | In seconds, time the given to the Logstash pod needs to terminate gracefully | `""` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `podSecurityContext.enabled` | Enabled Logstash pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Set Logstash pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `lifecycleHooks` | for the Logstash container(s) to automate configuration before or after startup | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `customStartupProbe` | Custom startup probe for the Web component | `{}` | +| `customLivenessProbe` | Custom liveness probe for the Web component | `{}` | +| `customReadinessProbe` | Custom readiness probe for the Web component | `{}` | +| `service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) | `ClusterIP` | +| `service.ports` | Logstash service ports (evaluated as a template) | `[]` | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `""` | +| `service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | +| `service.externalTrafficPolicy` | External traffic policy, configure to Local to preserve client source IP when using an external loadBalancer | `""` | +| `service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `service.annotations` | Annotations for Logstash service | `{}` | +| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `service.headless.annotations` | Annotations for the headless service. | `{}` | +| `networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | +| `networkPolicy.allowExternal` | The Policy model to apply | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `persistence.enabled` | Enable Logstash data persistence using PVC | `false` | +| `persistence.existingClaim` | A manually managed Persistent Volume and Claim | `""` | +| `persistence.storageClass` | PVC Storage Class for Logstash data volume | `""` | +| `persistence.accessModes` | PVC Access Mode for Logstash data volume | `["ReadWriteOnce"]` | +| `persistence.size` | PVC Storage Request for Logstash data volume | `2Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `persistence.mountPath` | Mount path of the Logstash data volume | `/bitnami/logstash/data` | +| `persistence.selector` | Selector to match an existing Persistent Volume for WordPress data PVC | `{}` | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume(s) mountpoint to `runAsUser:fsGroup` | `false` | +| `volumePermissions.securityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `volumePermissions.securityContext.runAsUser` | User ID for the volumePermissions init container | `0` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `ingress.enabled` | Enable ingress controller resource | `false` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` | +| `ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | +| `ingress.hostname` | Default host for the ingress resource | `logstash.local` | +| `ingress.path` | The Path to Logstash. You may need to set this to '/*' in order to use this with ALB ingress controllers. | `/` | +| `ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | +| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | +| `ingress.extraRules` | The list of additional rules to be added to this ingress record. Evaluated as a template | `[]` | +| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `pdb.create` | If true, create a pod disruption budget for pods. | `false` | +| `pdb.minAvailable` | Minimum number / percentage of pods that should remain scheduled | `1` | +| `pdb.maxUnavailable` | Maximum number / percentage of pods that may be made unavailable | `""` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -241,6 +241,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/logst ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling vs Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/logstash/templates/NOTES.txt b/bitnami/logstash/templates/NOTES.txt index ec6dd511ce99ba..b8e283c8391dc3 100644 --- a/bitnami/logstash/templates/NOTES.txt +++ b/bitnami/logstash/templates/NOTES.txt @@ -61,3 +61,4 @@ To access Logstash from outside the cluster execute the following commands: {{- include "logstash.validateValues" . }} {{- include "logstash.checkRollingTags" . }} +{{- include "common.warnings.resources" (dict "sections" (list "" "volumePermissions") "context" $) }} diff --git a/bitnami/logstash/templates/sts.yaml b/bitnami/logstash/templates/sts.yaml index 430a8b1114c5f2..87cbf3f22d43fe 100644 --- a/bitnami/logstash/templates/sts.yaml +++ b/bitnami/logstash/templates/sts.yaml @@ -81,6 +81,8 @@ spec: securityContext: {{ .Values.volumePermissions.securityContext | toYaml | nindent 12 }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data @@ -168,6 +170,8 @@ spec: {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: {{- if .Values.persistence.enabled }} diff --git a/bitnami/logstash/values.yaml b/bitnami/logstash/values.yaml index 3fb8fbfe4aaf4f..2cfb38d0fe2325 100644 --- a/bitnami/logstash/values.yaml +++ b/bitnami/logstash/values.yaml @@ -18,7 +18,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) @@ -42,7 +41,6 @@ commonLabels: {} ## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template). ## extraDeploy: [] - ## Enable diagnostic mode in the deployment ## diagnosticMode: @@ -57,7 +55,6 @@ diagnosticMode: ## args: - infinity - ## @section Logstash parameters ## Bitnami Logstash image @@ -188,10 +185,9 @@ extraVolumes: [] ## readOnly: true ## extraVolumeMounts: [] - - ## ServiceAccount for Logstash - ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ - ## +## ServiceAccount for Logstash +## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ +## serviceAccount: ## @param serviceAccount.create Enable creation of ServiceAccount for Logstash pods ## @@ -207,7 +203,6 @@ serviceAccount: ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount ## annotations: {} - ## @param containerPorts [array] Array containing the ports to open in the Logstash container (evaluated as a template) ## containerPorts: @@ -217,13 +212,13 @@ containerPorts: - name: monitoring containerPort: 9600 protocol: TCP - ## - name: syslog-udp - ## containerPort: 1514 - ## protocol: UDP - ## - name: syslog-tcp - ## containerPort: 1514 - ## protocol: TCP - ## + ## - name: syslog-udp + ## containerPort: 1514 + ## protocol: UDP + ## - name: syslog-tcp + ## containerPort: 1514 + ## protocol: TCP + ## ## @param initContainers Add additional init containers to the Logstash pod(s) ## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ## e.g: @@ -322,7 +317,6 @@ terminationGracePeriodSeconds: "" ## The value is evaluated as a template ## topologySpreadConstraints: [] - ## K8s Security Context for Logstash pods ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod @@ -377,20 +371,21 @@ lifecycleHooks: {} ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the Logstash container -## @param resources.requests The requested resources for the Logstash container -## -resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "none" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} ## Configure extra options for Logstash containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param startupProbe.enabled Enable startupProbe @@ -457,15 +452,15 @@ service: port: 8080 targetPort: http protocol: TCP - ## - name: syslog-udp - ## port: 1514 - ## targetPort: syslog-udp - ## protocol: UDP - ## - name: syslog-tcp - ## port: 1514 - ## targetPort: syslog-tcp - ## protocol: TCP - ## + ## - name: syslog-udp + ## port: 1514 + ## targetPort: syslog-udp + ## protocol: UDP + ## - name: syslog-tcp + ## port: 1514 + ## targetPort: syslog-tcp + ## protocol: TCP + ## ## @param service.loadBalancerIP loadBalancerIP if service type is `LoadBalancer` ## loadBalancerIP: "" @@ -560,7 +555,6 @@ networkPolicy: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## Persistence parameters ## persistence: @@ -645,20 +639,21 @@ volumePermissions: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits Init container volume-permissions resource limits - ## @param volumePermissions.resources.requests Init container volume-permissions resource requests + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure the ingress resource that allows you to access the ## Logstash installation. Set up the URL ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ @@ -748,7 +743,6 @@ ingress: ## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/ ## ingressClassName: "" - ## Pod disruption budget configuration ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ ## @param pdb.create If true, create a pod disruption budget for pods. From 173dd13878004df35747503a9edac913ba301d92 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 13:29:51 +0100 Subject: [PATCH 004/129] [bitnami/kiam] feat: :sparkles: :lock: Add resource preset support (#23470) Signed-off-by: Javier Salmeron Garcia --- bitnami/kiam/Chart.lock | 6 +- bitnami/kiam/README.md | 336 +++++++++--------- bitnami/kiam/templates/NOTES.txt | 1 + .../kiam/templates/agent/agent-daemonset.yaml | 2 + .../templates/server/server-daemonset.yaml | 2 + .../templates/server/server-deployment.yaml | 2 + bitnami/kiam/values.yaml | 69 ++-- 7 files changed, 209 insertions(+), 209 deletions(-) diff --git a/bitnami/kiam/Chart.lock b/bitnami/kiam/Chart.lock index 7e115b60969309..e6b201b27e8b00 100644 --- a/bitnami/kiam/Chart.lock +++ b/bitnami/kiam/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3 -generated: "2024-01-10T14:17:09.871025395Z" + version: 2.15.3 +digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 +generated: "2024-02-14T15:12:00.307347804+01:00" diff --git a/bitnami/kiam/README.md b/bitnami/kiam/README.md index b2818fcb284663..495acd7316c437 100644 --- a/bitnami/kiam/README.md +++ b/bitnami/kiam/README.md @@ -92,87 +92,87 @@ The command removes all the Kubernetes components associated with the chart and ### kiam server parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `server.enabled` | Deploy the kiam server | `true` | -| `server.containerPort` | HTTPS port to expose at container level | `8443` | -| `server.resourceType` | Specify how to deploy the server (allowed values: `daemonset` and `deployment`) | `daemonset` | -| `server.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `server.hostAliases` | Add deployment host aliases | `[]` | -| `server.useHostNetwork` | Use host networking (ports will be directly exposed in the host) | `false` | -| `server.replicaCount` | Number of replicas to deploy (when `server.resourceType` is `daemonset`) | `1` | -| `server.logJsonOutput` | Use JSON format for logs | `true` | -| `server.logLevel` | Logging level | `info` | -| `server.sslCertHostPath` | Path to the host system SSL certificates (necessary for contacting the AWS metadata server) | `/etc/ssl/certs` | -| `server.podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` | -| `server.podSecurityPolicy.allowedHostPaths` | Extra host paths to allow in the PodSecurityPolicy | `[]` | -| `server.priorityClassName` | Server priorityClassName | `""` | -| `server.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `server.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `server.startupProbe.enabled` | Enable startupProbe | `false` | -| `server.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `server.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | -| `server.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `server.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `server.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `server.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `server.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `server.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | -| `server.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `server.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `server.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `server.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `server.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `server.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | -| `server.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `server.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `server.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `server.customStartupProbe` | Override default startup probe | `{}` | -| `server.customLivenessProbe` | Override default liveness probe | `{}` | -| `server.customReadinessProbe` | Override default readiness probe | `{}` | -| `server.extraArgs` | Extra arguments to add to the default kiam command | `{}` | -| `server.command` | Override kiam default command | `[]` | -| `server.args` | Override kiam default args | `[]` | -| `server.tlsFiles` | Base64-encoded PEM values for server's CA certificate(s), certificate and private key | `{}` | -| `server.gatewayTimeoutCreation` | Timeout when creating the kiam gateway | `1s` | -| `server.tlsSecret` | Name of a secret with TLS certificates for the container | `""` | -| `server.dnsPolicy` | Pod DNS policy | `Default` | -| `server.roleBaseArn` | Base ARN for IAM roles. If not set kiam will detect it automatically | `""` | -| `server.cacheSyncInterval` | Cache synchronization interval | `1m` | -| `server.assumeRoleArn` | IAM role for the server to assume | `""` | -| `server.sessionDuration` | Session duration for STS tokens | `15m` | -| `server.tlsCerts` | Agent TLS Certificate filenames | `{}` | -| `server.resources.limits` | The resources limits for the kiam container | `{}` | -| `server.resources.requests` | The requested resources for the kiam container | `{}` | -| `server.containerSecurityContext.enabled` | Enabled kiam server containers' Security Context | `true` | -| `server.containerSecurityContext.runAsUser` | Set kiam server container's Security Context runAsUser | `1001` | -| `server.containerSecurityContext.runAsNonRoot` | Set kiam server container's Security Context runAsNonRoot | `true` | -| `server.containerSecurityContext.seLinuxOptions` | Set kiam server container's Security Context SE Linux options | `nil` | -| `server.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `server.podSecurityContext.enabled` | Enabled kiam server pods' Security Context | `true` | -| `server.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `server.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `server.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `server.podSecurityContext.fsGroup` | Set kiam server pod's Security Context fsGroup | `1001` | -| `server.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `server.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `server.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `server.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `server.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `server.affinity` | Affinity for pod assignment | `{}` | -| `server.nodeSelector` | Node labels for pod assignment | `{}` | -| `server.tolerations` | Tolerations for pod assignment | `[]` | -| `server.podLabels` | Extra labels for kiam pods | `{}` | -| `server.podAnnotations` | Annotations for kiam pods | `{}` | -| `server.lifecycleHooks` | lifecycleHooks for the kiam server container to automate configuration before or after startup. | `{}` | -| `server.updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `server.extraEnvVars` | Array containing extra env vars to configure kiam server | `[]` | -| `server.extraEnvVarsCM` | ConfigMap containing extra env vars to configure kiam server | `""` | -| `server.extraEnvVarsSecret` | Secret containing extra env vars to configure kiam server (in case of sensitive data) | `""` | -| `server.extraVolumes` | Optionally specify extra list of additional volumes for kiam pods | `[]` | -| `server.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for kiam container(s) | `[]` | -| `server.initContainers` | Add additional init containers to the kiam pods | `[]` | -| `server.sidecars` | Add additional sidecar containers to the kiam pods | `[]` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------- | +| `server.enabled` | Deploy the kiam server | `true` | +| `server.containerPort` | HTTPS port to expose at container level | `8443` | +| `server.resourceType` | Specify how to deploy the server (allowed values: `daemonset` and `deployment`) | `daemonset` | +| `server.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `server.hostAliases` | Add deployment host aliases | `[]` | +| `server.useHostNetwork` | Use host networking (ports will be directly exposed in the host) | `false` | +| `server.replicaCount` | Number of replicas to deploy (when `server.resourceType` is `daemonset`) | `1` | +| `server.logJsonOutput` | Use JSON format for logs | `true` | +| `server.logLevel` | Logging level | `info` | +| `server.sslCertHostPath` | Path to the host system SSL certificates (necessary for contacting the AWS metadata server) | `/etc/ssl/certs` | +| `server.podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` | +| `server.podSecurityPolicy.allowedHostPaths` | Extra host paths to allow in the PodSecurityPolicy | `[]` | +| `server.priorityClassName` | Server priorityClassName | `""` | +| `server.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `server.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `server.startupProbe.enabled` | Enable startupProbe | `false` | +| `server.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `server.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | +| `server.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `server.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `server.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `server.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `server.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `server.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `server.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `server.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `server.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `server.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `server.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `server.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | +| `server.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `server.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `server.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `server.customStartupProbe` | Override default startup probe | `{}` | +| `server.customLivenessProbe` | Override default liveness probe | `{}` | +| `server.customReadinessProbe` | Override default readiness probe | `{}` | +| `server.extraArgs` | Extra arguments to add to the default kiam command | `{}` | +| `server.command` | Override kiam default command | `[]` | +| `server.args` | Override kiam default args | `[]` | +| `server.tlsFiles` | Base64-encoded PEM values for server's CA certificate(s), certificate and private key | `{}` | +| `server.gatewayTimeoutCreation` | Timeout when creating the kiam gateway | `1s` | +| `server.tlsSecret` | Name of a secret with TLS certificates for the container | `""` | +| `server.dnsPolicy` | Pod DNS policy | `Default` | +| `server.roleBaseArn` | Base ARN for IAM roles. If not set kiam will detect it automatically | `""` | +| `server.cacheSyncInterval` | Cache synchronization interval | `1m` | +| `server.assumeRoleArn` | IAM role for the server to assume | `""` | +| `server.sessionDuration` | Session duration for STS tokens | `15m` | +| `server.tlsCerts` | Agent TLS Certificate filenames | `{}` | +| `server.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if server.resources is set (server.resources is recommended for production). | `none` | +| `server.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `server.containerSecurityContext.enabled` | Enabled kiam server containers' Security Context | `true` | +| `server.containerSecurityContext.runAsUser` | Set kiam server container's Security Context runAsUser | `1001` | +| `server.containerSecurityContext.runAsNonRoot` | Set kiam server container's Security Context runAsNonRoot | `true` | +| `server.containerSecurityContext.seLinuxOptions` | Set kiam server container's Security Context SE Linux options | `nil` | +| `server.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `server.podSecurityContext.enabled` | Enabled kiam server pods' Security Context | `true` | +| `server.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `server.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `server.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `server.podSecurityContext.fsGroup` | Set kiam server pod's Security Context fsGroup | `1001` | +| `server.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `server.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `server.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `server.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `server.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `server.affinity` | Affinity for pod assignment | `{}` | +| `server.nodeSelector` | Node labels for pod assignment | `{}` | +| `server.tolerations` | Tolerations for pod assignment | `[]` | +| `server.podLabels` | Extra labels for kiam pods | `{}` | +| `server.podAnnotations` | Annotations for kiam pods | `{}` | +| `server.lifecycleHooks` | lifecycleHooks for the kiam server container to automate configuration before or after startup. | `{}` | +| `server.updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | +| `server.extraEnvVars` | Array containing extra env vars to configure kiam server | `[]` | +| `server.extraEnvVarsCM` | ConfigMap containing extra env vars to configure kiam server | `""` | +| `server.extraEnvVarsSecret` | Secret containing extra env vars to configure kiam server (in case of sensitive data) | `""` | +| `server.extraVolumes` | Optionally specify extra list of additional volumes for kiam pods | `[]` | +| `server.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for kiam container(s) | `[]` | +| `server.initContainers` | Add additional init containers to the kiam pods | `[]` | +| `server.sidecars` | Add additional sidecar containers to the kiam pods | `[]` | ### kiam server exposure parameters @@ -228,90 +228,90 @@ The command removes all the Kubernetes components associated with the chart and ### kiam agent parameters -| Name | Description | Value | -| ---------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | -| `agent.enabled` | Deploy the kiam agent | `true` | -| `agent.logJsonOutput` | Use JSON format for logs | `true` | -| `agent.logLevel` | Logging level | `info` | -| `agent.priorityClassName` | Server priorityClassName | `""` | -| `agent.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `agent.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `agent.allowRouteRegExp` | Regexp with the allowed paths for agents to redirect | `""` | -| `agent.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `agent.hostAliases` | Add deployment host aliases | `[]` | -| `agent.containerPort` | HTTPS port to expose at container level | `8183` | -| `agent.iptables` | Have the agent modify the host iptables rules | `false` | -| `agent.iptablesRemoveOnShutdown` | Remove iptables rules when shutting down the agent node | `false` | -| `agent.hostInterface` | Interface for agents for redirecting requests | `cali+` | -| `agent.keepaliveParams.permitWithoutStream` | Permit keepalive without stream | `false` | -| `agent.keepaliveParams.time` | Keepalive time | `""` | -| `agent.keepaliveParams.timeout` | Keepalive timeout | `""` | -| `agent.enableDeepProbe` | Use the probes using the `/health` endpoint | `false` | -| `agent.dnsPolicy` | Pod DNS policy | `ClusterFirstWithHostNet` | -| `agent.sslCertHostPath` | Path to the host system SSL certificates (necessary for contacting the AWS metadata agent) | `/etc/ssl/certs` | -| `agent.tlsFiles` | Base64-encoded PEM values for server's CA certificate(s), certificate and private key | `{}` | -| `agent.podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` | -| `agent.podSecurityPolicy.allowedHostPaths` | Extra host paths to allow in the PodSecurityPolicy | `[]` | -| `agent.tlsSecret` | Name of a secret with TLS certificates for the container | `""` | -| `agent.useHostNetwork` | Use host networking (ports will be directly exposed in the host) | `true` | -| `agent.tlsCerts` | Agent TLS Certificate filenames | `{}` | -| `agent.startupProbe.enabled` | Enable startupProbe | `false` | -| `agent.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `agent.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | -| `agent.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `agent.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `agent.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `agent.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `agent.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `agent.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | -| `agent.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `agent.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `agent.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `agent.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `agent.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `agent.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | -| `agent.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `agent.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `agent.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `agent.customStartupProbe` | Override default startup probe | `{}` | -| `agent.customLivenessProbe` | Override default liveness probe | `{}` | -| `agent.customReadinessProbe` | Override default readiness probe | `{}` | -| `agent.extraArgs` | Extra arguments to add to the default kiam command | `{}` | -| `agent.gatewayTimeoutCreation` | Timeout when creating the kiam gateway | `1s` | -| `agent.command` | Override kiam default command | `[]` | -| `agent.args` | Override kiam default args | `[]` | -| `agent.resources.limits` | The resources limits for the kiam container | `{}` | -| `agent.resources.requests` | The requested resources for the kiam container | `{}` | -| `agent.containerSecurityContext.enabled` | Enabled agent containers' Security Context | `true` | -| `agent.containerSecurityContext.runAsUser` | Set agent container's Security Context runAsUser | `0` | -| `agent.containerSecurityContext.runAsNonRoot` | Set agent container's Security Context runAsNonRoot | `false` | -| `agent.containerSecurityContext.seLinuxOptions` | [object] Set agent container's Security Context SE Linux options | `nil` | -| `agent.containerSecurityContext.capabilities.add` | Add capabilities for the securityContext | `["NET_ADMIN"]` | -| `agent.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `agent.podSecurityContext.enabled` | Enabled agent pods' Security Context | `true` | -| `agent.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `agent.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `agent.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `agent.podSecurityContext.fsGroup` | Set agent pod's Security Context fsGroup | `1001` | -| `agent.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `agent.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `agent.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `agent.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `agent.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `agent.affinity` | Affinity for pod assignment | `{}` | -| `agent.nodeSelector` | Node labels for pod assignment | `{}` | -| `agent.tolerations` | Tolerations for pod assignment | `[]` | -| `agent.podLabels` | Extra labels for kiam pods | `{}` | -| `agent.podAnnotations` | Annotations for kiam pods | `{}` | -| `agent.lifecycleHooks` | LifecycleHooks to set additional configuration at startup. | `{}` | -| `agent.updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `agent.extraEnvVars` | Array containing extra env vars to configure kiam agent | `[]` | -| `agent.extraEnvVarsCM` | ConfigMap containing extra env vars to configure kiam agent | `""` | -| `agent.extraEnvVarsSecret` | Secret containing extra env vars to configure kiam agent (in case of sensitive data) | `""` | -| `agent.extraVolumes` | Optionally specify extra list of additional volumes for kiam pods | `[]` | -| `agent.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for kiam container(s) | `[]` | -| `agent.initContainers` | Add additional init containers to the kiam pods | `[]` | -| `agent.sidecars` | Add additional sidecar containers to the kiam pods | `[]` | +| Name | Description | Value | +| ---------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `agent.enabled` | Deploy the kiam agent | `true` | +| `agent.logJsonOutput` | Use JSON format for logs | `true` | +| `agent.logLevel` | Logging level | `info` | +| `agent.priorityClassName` | Server priorityClassName | `""` | +| `agent.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `agent.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `agent.allowRouteRegExp` | Regexp with the allowed paths for agents to redirect | `""` | +| `agent.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `agent.hostAliases` | Add deployment host aliases | `[]` | +| `agent.containerPort` | HTTPS port to expose at container level | `8183` | +| `agent.iptables` | Have the agent modify the host iptables rules | `false` | +| `agent.iptablesRemoveOnShutdown` | Remove iptables rules when shutting down the agent node | `false` | +| `agent.hostInterface` | Interface for agents for redirecting requests | `cali+` | +| `agent.keepaliveParams.permitWithoutStream` | Permit keepalive without stream | `false` | +| `agent.keepaliveParams.time` | Keepalive time | `""` | +| `agent.keepaliveParams.timeout` | Keepalive timeout | `""` | +| `agent.enableDeepProbe` | Use the probes using the `/health` endpoint | `false` | +| `agent.dnsPolicy` | Pod DNS policy | `ClusterFirstWithHostNet` | +| `agent.sslCertHostPath` | Path to the host system SSL certificates (necessary for contacting the AWS metadata agent) | `/etc/ssl/certs` | +| `agent.tlsFiles` | Base64-encoded PEM values for server's CA certificate(s), certificate and private key | `{}` | +| `agent.podSecurityPolicy.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `true` | +| `agent.podSecurityPolicy.allowedHostPaths` | Extra host paths to allow in the PodSecurityPolicy | `[]` | +| `agent.tlsSecret` | Name of a secret with TLS certificates for the container | `""` | +| `agent.useHostNetwork` | Use host networking (ports will be directly exposed in the host) | `true` | +| `agent.tlsCerts` | Agent TLS Certificate filenames | `{}` | +| `agent.startupProbe.enabled` | Enable startupProbe | `false` | +| `agent.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `agent.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | +| `agent.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `agent.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `agent.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `agent.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `agent.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `agent.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `agent.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `agent.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `agent.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `agent.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `agent.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `agent.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | +| `agent.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `agent.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `agent.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `agent.customStartupProbe` | Override default startup probe | `{}` | +| `agent.customLivenessProbe` | Override default liveness probe | `{}` | +| `agent.customReadinessProbe` | Override default readiness probe | `{}` | +| `agent.extraArgs` | Extra arguments to add to the default kiam command | `{}` | +| `agent.gatewayTimeoutCreation` | Timeout when creating the kiam gateway | `1s` | +| `agent.command` | Override kiam default command | `[]` | +| `agent.args` | Override kiam default args | `[]` | +| `agent.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if agent.resources is set (agent.resources is recommended for production). | `none` | +| `agent.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `agent.containerSecurityContext.enabled` | Enabled agent containers' Security Context | `true` | +| `agent.containerSecurityContext.runAsUser` | Set agent container's Security Context runAsUser | `0` | +| `agent.containerSecurityContext.runAsNonRoot` | Set agent container's Security Context runAsNonRoot | `false` | +| `agent.containerSecurityContext.seLinuxOptions` | [object] Set agent container's Security Context SE Linux options | `nil` | +| `agent.containerSecurityContext.capabilities.add` | Add capabilities for the securityContext | `["NET_ADMIN"]` | +| `agent.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `agent.podSecurityContext.enabled` | Enabled agent pods' Security Context | `true` | +| `agent.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `agent.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `agent.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `agent.podSecurityContext.fsGroup` | Set agent pod's Security Context fsGroup | `1001` | +| `agent.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `agent.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `agent.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `agent.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `agent.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `agent.affinity` | Affinity for pod assignment | `{}` | +| `agent.nodeSelector` | Node labels for pod assignment | `{}` | +| `agent.tolerations` | Tolerations for pod assignment | `[]` | +| `agent.podLabels` | Extra labels for kiam pods | `{}` | +| `agent.podAnnotations` | Annotations for kiam pods | `{}` | +| `agent.lifecycleHooks` | LifecycleHooks to set additional configuration at startup. | `{}` | +| `agent.updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | +| `agent.extraEnvVars` | Array containing extra env vars to configure kiam agent | `[]` | +| `agent.extraEnvVarsCM` | ConfigMap containing extra env vars to configure kiam agent | `""` | +| `agent.extraEnvVarsSecret` | Secret containing extra env vars to configure kiam agent (in case of sensitive data) | `""` | +| `agent.extraVolumes` | Optionally specify extra list of additional volumes for kiam pods | `[]` | +| `agent.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for kiam container(s) | `[]` | +| `agent.initContainers` | Add additional init containers to the kiam pods | `[]` | +| `agent.sidecars` | Add additional sidecar containers to the kiam pods | `[]` | ### kiam agent exposure parameters @@ -390,6 +390,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/kiam ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling vs Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/kiam/templates/NOTES.txt b/bitnami/kiam/templates/NOTES.txt index d36e141c1dbcee..dba0a7d0e3f689 100644 --- a/bitnami/kiam/templates/NOTES.txt +++ b/bitnami/kiam/templates/NOTES.txt @@ -131,3 +131,4 @@ In order to associate your pods with AWS IAM roles, follow the steps below: {{- include "common.warnings.rollingTag" .Values.image }} {{- include "kiam.validateValues" . }} +{{- include "common.warnings.resources" (dict "sections" (list "agent" "server") "context" $) }} diff --git a/bitnami/kiam/templates/agent/agent-daemonset.yaml b/bitnami/kiam/templates/agent/agent-daemonset.yaml index 451a88bbd0f7a1..2cd6455080cb06 100644 --- a/bitnami/kiam/templates/agent/agent-daemonset.yaml +++ b/bitnami/kiam/templates/agent/agent-daemonset.yaml @@ -158,6 +158,8 @@ spec: {{- end }} {{- if .Values.agent.resources }} resources: {{- toYaml .Values.agent.resources | nindent 12 }} + {{- else if ne .Values.agent.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.agent.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.agent.customStartupProbe }} diff --git a/bitnami/kiam/templates/server/server-daemonset.yaml b/bitnami/kiam/templates/server/server-daemonset.yaml index ee8f870250792d..55bd220fd1f045 100644 --- a/bitnami/kiam/templates/server/server-daemonset.yaml +++ b/bitnami/kiam/templates/server/server-daemonset.yaml @@ -145,6 +145,8 @@ spec: {{- end }} {{- if .Values.server.resources }} resources: {{- toYaml .Values.server.resources | nindent 12 }} + {{- else if ne .Values.server.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.server.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.server.customStartupProbe }} diff --git a/bitnami/kiam/templates/server/server-deployment.yaml b/bitnami/kiam/templates/server/server-deployment.yaml index fa2b9af65f7a06..94c34cf1864296 100644 --- a/bitnami/kiam/templates/server/server-deployment.yaml +++ b/bitnami/kiam/templates/server/server-deployment.yaml @@ -146,6 +146,8 @@ spec: {{- end }} {{- if .Values.server.resources }} resources: {{- toYaml .Values.server.resources | nindent 12 }} + {{- else if ne .Values.server.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.server.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.server.customStartupProbe }} diff --git a/bitnami/kiam/values.yaml b/bitnami/kiam/values.yaml index e78ab3c6353d33..1b3bd272359a0a 100644 --- a/bitnami/kiam/values.yaml +++ b/bitnami/kiam/values.yaml @@ -18,7 +18,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) @@ -39,7 +38,6 @@ commonAnnotations: {} ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - ## Enable diagnostic mode in the deployment(s)/statefulset(s) ## diagnosticMode: @@ -54,7 +52,6 @@ diagnosticMode: ## args: - infinity - ## @section kiam image parameters ## @param image.registry [default: REGISTRY_NAME] kiam image registry @@ -82,7 +79,6 @@ image: ## - myRegistryKeySecretName ## pullSecrets: [] - ## @section kiam server parameters ## kiam server properties @@ -244,20 +240,21 @@ server: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param server.resources.limits The resources limits for the kiam container - ## @param server.resources.requests The requested resources for the kiam container + ## @param server.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if server.resources is set (server.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - resources: - ## Example: - ## limits: - ## cpu: 200m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 200m - ## memory: 10Mi - requests: {} + resourcesPreset: "none" + ## @param server.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## SecurityContext configuration ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param server.containerSecurityContext.enabled Enabled kiam server containers' Security Context @@ -382,7 +379,6 @@ server: ## containerPort: 1234 ## sidecars: [] - ## @section kiam server exposure parameters ## Service configuration @@ -435,7 +431,6 @@ server: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} - ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## @@ -494,7 +489,6 @@ server: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## @section kiam server Service Account parameters ## Kiam server Service Account @@ -509,9 +503,7 @@ server: name: "" automountServiceAccountToken: false annotations: {} - ## @section kiam server metrics parameters - metrics: ## @param server.metrics.enabled Enable exposing kiam statistics ## @@ -565,7 +557,6 @@ server: ## @param server.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels ## honorLabels: false - ## @section kiam agent parameters ## kiam agent properties @@ -736,20 +727,21 @@ agent: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param agent.resources.limits The resources limits for the kiam container - ## @param agent.resources.requests The requested resources for the kiam container + ## @param agent.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if agent.resources is set (agent.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - resources: - ## Example: - ## limits: - ## cpu: 200m - ## memory: 256Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 200m - ## memory: 10Mi - requests: {} + resourcesPreset: "none" + ## @param agent.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## SecurityContext configuration ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ ## @param agent.containerSecurityContext.enabled Enabled agent containers' Security Context @@ -878,7 +870,6 @@ agent: ## containerPort: 1234 ## sidecars: [] - ## @section kiam agent exposure parameters ## Service configuration (essentially for metrics) @@ -982,7 +973,6 @@ agent: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## @section kiam agent Service Account parameters ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ @@ -996,9 +986,7 @@ agent: name: "" automountServiceAccountToken: false annotations: {} - ## @section kiam agent metrics parameters - metrics: ## @param agent.metrics.enabled Enable exposing kiam statistics ## @@ -1052,7 +1040,6 @@ agent: ## @param agent.metrics.serviceMonitor.honorLabels honorLabels chooses the metric's labels on collisions with target labels ## honorLabels: false - ## @section RBAC parameters ## Specifies whether RBAC resources should be created From 018d8abb412a546b478b94630c6dbbfcc05997e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 13:29:58 +0100 Subject: [PATCH 005/129] [bitnami/gitea] feat: :sparkles: :lock: Add resource preset support (#23453) Signed-off-by: Javier Salmeron Garcia --- bitnami/gitea/Chart.lock | 6 +- bitnami/gitea/README.md | 222 ++++++++++++------------ bitnami/gitea/templates/NOTES.txt | 1 + bitnami/gitea/templates/deployment.yaml | 4 + bitnami/gitea/values.yaml | 63 ++++--- 5 files changed, 152 insertions(+), 144 deletions(-) diff --git a/bitnami/gitea/Chart.lock b/bitnami/gitea/Chart.lock index 131455ef3ed128..5fb15b4758e8ce 100644 --- a/bitnami/gitea/Chart.lock +++ b/bitnami/gitea/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 13.4.4 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:df7a91aeacacfd618cf1fd92a7d4b8b9db71abb89d1a67b026372cba2381d189 -generated: "2024-02-02T10:56:06.021799737Z" + version: 2.15.3 +digest: sha256:e08d67109d82e36a3e93290f950311e7761cee1565ff9cf4af06faf37b10fa31 +generated: "2024-02-14T14:55:58.00036996+01:00" diff --git a/bitnami/gitea/README.md b/bitnami/gitea/README.md index 5edc688a034bf2..db05ca76f7fba4 100644 --- a/bitnami/gitea/README.md +++ b/bitnami/gitea/README.md @@ -78,104 +78,104 @@ The command removes all the Kubernetes components associated with the chart and ### Gitea parameters -| Name | Description | Value | -| --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `image.registry` | Gitea image registry | `REGISTRY_NAME` | -| `image.repository` | Gitea Image name | `REPOSITORY_NAME/gitea` | -| `image.digest` | Gitea image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Gitea image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `image.debug` | Specify if debug logs should be enabled | `false` | -| `adminUsername` | User of the application | `bn_user` | -| `adminPassword` | Application password | `""` | -| `adminEmail` | Admin email | `user@example.com` | -| `appName` | Gitea application name | `example` | -| `runMode` | Gitea application host | `prod` | -| `exposeSSH` | Make the SSH server accesible | `true` | -| `rootURL` | UI Root URL (for link generation) | `""` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | -| `priorityClassName` | Gitea pods' priorityClassName | `""` | -| `schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `extraEnvVars` | Extra environment variables | `[]` | -| `extraEnvVarsCM` | ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` | -| `extraVolumes` | Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` | -| `extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. | `[]` | -| `initContainers` | Add additional init containers to the pod (evaluated as a template) | `[]` | -| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `existingSecret` | Name of a secret with the application password | `""` | -| `existingSecretKey` | Key inside the existing secret containing the password | `admin-password` | -| `smtpHost` | SMTP host | `""` | -| `smtpPort` | SMTP port | `""` | -| `smtpUser` | SMTP user | `""` | -| `smtpPassword` | SMTP password | `""` | -| `smtpExistingSecret` | The name of an existing secret with SMTP credentials | `""` | -| `containerPorts` | Container ports | `{}` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | PVC Storage Class for Gitea volume | `""` | -| `persistence.accessModes` | PVC Access Mode for Gitea volume | `["ReadWriteOnce"]` | -| `persistence.size` | PVC Storage Request for Gitea volume | `8Gi` | -| `persistence.dataSource` | Custom PVC data source | `{}` | -| `persistence.existingClaim` | A manually managed Persistent Volume Claim | `""` | -| `persistence.hostPath` | If defined, the gitea-data volume will mount to the specified hostPath. | `""` | -| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | -| `persistence.selector` | Selector to match an existing Persistent Volume for Gitea data PVC | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `resources.requests` | The requested resources for the init container | `{}` | -| `resources.limits` | The resources limits for the init container | `{}` | -| `podSecurityContext.enabled` | Enable Gitea pods' Security Context | `true` | -| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `podSecurityContext.fsGroup` | Gitea pods' group ID | `1001` | -| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.path` | Request path for startupProbe | `/` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `600` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `livenessProbe.enabled` | Enable livenessProbe | `true` | -| `livenessProbe.path` | Request path for livenessProbe | `/` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.path` | Request path for readinessProbe | `/` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customStartupProbe` | Override default startup probe | `{}` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `lifecycleHooks` | LifecycleHook to set additional configuration at startup Evaluated as a template | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` | +| Name | Description | Value | +| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `image.registry` | Gitea image registry | `REGISTRY_NAME` | +| `image.repository` | Gitea Image name | `REPOSITORY_NAME/gitea` | +| `image.digest` | Gitea image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Gitea image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `image.debug` | Specify if debug logs should be enabled | `false` | +| `adminUsername` | User of the application | `bn_user` | +| `adminPassword` | Application password | `""` | +| `adminEmail` | Admin email | `user@example.com` | +| `appName` | Gitea application name | `example` | +| `runMode` | Gitea application host | `prod` | +| `exposeSSH` | Make the SSH server accesible | `true` | +| `rootURL` | UI Root URL (for link generation) | `""` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `updateStrategy.type` | Update strategy - only really applicable for deployments with RWO PVs attached | `RollingUpdate` | +| `priorityClassName` | Gitea pods' priorityClassName | `""` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `extraEnvVars` | Extra environment variables | `[]` | +| `extraEnvVarsCM` | ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` | +| `extraVolumes` | Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` | +| `extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. | `[]` | +| `initContainers` | Add additional init containers to the pod (evaluated as a template) | `[]` | +| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `existingSecret` | Name of a secret with the application password | `""` | +| `existingSecretKey` | Key inside the existing secret containing the password | `admin-password` | +| `smtpHost` | SMTP host | `""` | +| `smtpPort` | SMTP port | `""` | +| `smtpUser` | SMTP user | `""` | +| `smtpPassword` | SMTP password | `""` | +| `smtpExistingSecret` | The name of an existing secret with SMTP credentials | `""` | +| `containerPorts` | Container ports | `{}` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.storageClass` | PVC Storage Class for Gitea volume | `""` | +| `persistence.accessModes` | PVC Access Mode for Gitea volume | `["ReadWriteOnce"]` | +| `persistence.size` | PVC Storage Request for Gitea volume | `8Gi` | +| `persistence.dataSource` | Custom PVC data source | `{}` | +| `persistence.existingClaim` | A manually managed Persistent Volume Claim | `""` | +| `persistence.hostPath` | If defined, the gitea-data volume will mount to the specified hostPath. | `""` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `persistence.selector` | Selector to match an existing Persistent Volume for Gitea data PVC | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `podSecurityContext.enabled` | Enable Gitea pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Gitea pods' group ID | `1001` | +| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.path` | Request path for startupProbe | `/` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `600` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `livenessProbe.enabled` | Enable livenessProbe | `true` | +| `livenessProbe.path` | Request path for livenessProbe | `/` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `600` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.path` | Request path for readinessProbe | `/` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `customStartupProbe` | Override default startup probe | `{}` | +| `customLivenessProbe` | Override default liveness probe | `{}` | +| `customReadinessProbe` | Override default readiness probe | `{}` | +| `lifecycleHooks` | LifecycleHook to set additional configuration at startup Evaluated as a template | `{}` | +| `podAnnotations` | Pod annotations | `{}` | +| `podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` | ### Traffic Exposure Parameters @@ -238,16 +238,16 @@ The command removes all the Kubernetes components associated with the chart and ### Volume Permissions parameters -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | +| Name | Description | Value | +| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -274,6 +274,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/gitea ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/gitea/templates/NOTES.txt b/bitnami/gitea/templates/NOTES.txt index 13966c3202a01f..baa815e2654141 100644 --- a/bitnami/gitea/templates/NOTES.txt +++ b/bitnami/gitea/templates/NOTES.txt @@ -73,3 +73,4 @@ host. To configure Gitea to use and external database host: {{- include "common.warnings.rollingTag" .Values.image }} {{- include "common.warnings.rollingTag" .Values.volumePermissions.image }} +{{- include "common.warnings.resources" (dict "sections" (list "" "volumePermissions") "context" $) }} diff --git a/bitnami/gitea/templates/deployment.yaml b/bitnami/gitea/templates/deployment.yaml index d59962c42d486f..e2b5bda85e9d28 100644 --- a/bitnami/gitea/templates/deployment.yaml +++ b/bitnami/gitea/templates/deployment.yaml @@ -77,6 +77,8 @@ spec: runAsUser: 0 {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: gitea-data @@ -214,6 +216,8 @@ spec: {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: gitea-data diff --git a/bitnami/gitea/values.yaml b/bitnami/gitea/values.yaml index 6f75412e3d4155..35e0d9943441f6 100644 --- a/bitnami/gitea/values.yaml +++ b/bitnami/gitea/values.yaml @@ -19,7 +19,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @@ -41,11 +40,9 @@ commonAnnotations: {} ## @param commonLabels Common labels to add to all Gitea resources (sub-charts are not considered). Evaluated as a template ## commonLabels: {} - ## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template). ## extraDeploy: [] - ## @section Gitea parameters ## @@ -243,7 +240,6 @@ persistence: ## app: my-app ## selector: {} - ## @param podAffinityPreset Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` ## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity ## @@ -281,12 +277,21 @@ affinity: {} nodeSelector: {} ## Gitea container's resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -## @param resources.requests [object] The requested resources for the init container -## @param resources.limits The resources limits for the init container -## -resources: - limits: {} - requests: {} +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "none" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enable Gitea pods' Security Context @@ -325,7 +330,6 @@ containerSecurityContext: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" - ## Configure extra options for startup probe ## Gitea core exposes / to unauthenticated requests, making it a good ## default startup and readiness path. However, that may not always be the @@ -412,7 +416,6 @@ podAnnotations: {} ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ ## podLabels: {} - ## @section Traffic Exposure Parameters ## @@ -480,7 +483,6 @@ ingress: ## @param ingress.enabled Enable ingress controller resource ## enabled: false - ## @param ingress.pathType Ingress Path type ## pathType: ImplementationSpecific @@ -572,7 +574,6 @@ ingress: ## name: http ## extraRules: [] - ## @section Other Parameters ## @@ -594,7 +595,6 @@ serviceAccount: ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount ## annotations: {} - ## @section Database parameters ## @@ -619,7 +619,6 @@ postgresql: service: ports: postgresql: 5432 - ## External PostgreSQL configuration ## All of these values are only used when postgresql.enabled is set to false ## @param externalDatabase.host Database host @@ -638,7 +637,6 @@ externalDatabase: password: "" existingSecret: "" existingSecretPasswordKey: "db-password" - ## @section Volume Permissions parameters ## @@ -676,19 +674,18 @@ volumePermissions: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} From 6b4d7c60d48f576cc04b079fe39f8de1c802a651 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 13:30:05 +0100 Subject: [PATCH 006/129] [bitnami/fluentd] feat: :sparkles: :lock: Add resource preset support (#23450) Signed-off-by: Javier Salmeron Garcia --- bitnami/fluentd/Chart.lock | 6 +- bitnami/fluentd/README.md | 556 +++++++++--------- bitnami/fluentd/templates/NOTES.txt | 1 + .../templates/aggregator-statefulset.yaml | 2 + .../templates/forwarder-daemonset.yaml | 2 + bitnami/fluentd/values.yaml | 67 +-- 6 files changed, 319 insertions(+), 315 deletions(-) diff --git a/bitnami/fluentd/Chart.lock b/bitnami/fluentd/Chart.lock index ae9e6561272e7d..373345b1c768bd 100644 --- a/bitnami/fluentd/Chart.lock +++ b/bitnami/fluentd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3 -generated: "2024-01-03T08:20:42.619950521Z" + version: 2.15.3 +digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 +generated: "2024-02-14T14:53:08.883154257+01:00" diff --git a/bitnami/fluentd/README.md b/bitnami/fluentd/README.md index e76f1ccb08aa16..ce6de30e8e8ad3 100644 --- a/bitnami/fluentd/README.md +++ b/bitnami/fluentd/README.md @@ -81,281 +81,281 @@ The command removes all the Kubernetes components associated with the chart and ### Fluentd parameters -| Name | Description | Value | -| -------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------------------------- | -| `image.registry` | Fluentd image registry | `REGISTRY_NAME` | -| `image.repository` | Fluentd image repository | `REPOSITORY_NAME/fluentd` | -| `image.pullPolicy` | Fluentd image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Fluentd image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `forwarder.enabled` | Enable forwarder daemonset | `true` | -| `forwarder.image.registry` | Fluentd forwarder image registry override | `""` | -| `forwarder.image.repository` | Fluentd forwarder image repository override | `""` | -| `forwarder.daemonUser` | Forwarder daemon user and group (set to root by default because it reads from host paths) | `root` | -| `forwarder.daemonGroup` | Fluentd forwarder daemon system group | `root` | -| `forwarder.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `forwarder.hostAliases` | Add deployment host aliases | `[]` | -| `forwarder.podSecurityContext.enabled` | Enable security context for forwarder pods | `true` | -| `forwarder.podSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `forwarder.podSecurityContext.runAsUser` | User ID for forwarder's containers | `0` | -| `forwarder.podSecurityContext.runAsGroup` | Group ID for forwarder's containers | `0` | -| `forwarder.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `forwarder.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `forwarder.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `forwarder.podSecurityContext.fsGroup` | Group ID for forwarder's containers filesystem | `0` | -| `forwarder.containerSecurityContext.enabled` | Enable security context for the forwarder container | `true` | -| `forwarder.containerSecurityContext.privileged` | Run as privileged | `false` | -| `forwarder.containerSecurityContext.allowPrivilegeEscalation` | Allow Privilege Escalation | `false` | -| `forwarder.containerSecurityContext.readOnlyRootFilesystem` | Require the use of a read only root file system | `false` | -| `forwarder.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` | -| `forwarder.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `forwarder.hostNetwork` | Enable use of host network | `false` | -| `forwarder.dnsPolicy` | Pod-specific DNS policy | `""` | -| `forwarder.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `30` | -| `forwarder.extraGems` | List of extra gems to be installed. Can be used to install additional fluentd plugins. | `[]` | -| `forwarder.configFile` | Name of the config file that will be used by Fluentd at launch under the `/opt/bitnami/fluentd/conf` directory | `fluentd.conf` | -| `forwarder.configMap` | Name of the config map that contains the Fluentd configuration files | `""` | -| `forwarder.configMapFiles` | Files to be added to be config map. Ignored if `forwarder.configMap` is set | `{}` | -| `forwarder.extraArgs` | Extra arguments for the Fluentd command line | `""` | -| `forwarder.extraEnvVars` | Extra environment variables to pass to the container | `[]` | -| `forwarder.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Fluentd Forwarder nodes | `""` | -| `forwarder.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Fluentd Forwarder nodes | `""` | -| `forwarder.containerPorts` | Ports the forwarder containers will listen on | `[]` | -| `forwarder.service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) for the forwarders | `ClusterIP` | -| `forwarder.service.ports` | Array containing the forwarder service ports | `{}` | -| `forwarder.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` (optional, cloud specific) | `""` | -| `forwarder.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | -| `forwarder.service.externalTrafficPolicy` | Fluentd Forwarder service external traffic policy | `Cluster` | -| `forwarder.service.clusterIP` | Static clusterIP or None for headless services | `""` | -| `forwarder.service.annotations` | Provide any additional annotations which may be required | `{}` | -| `forwarder.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `forwarder.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `forwarder.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `forwarder.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `forwarder.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `forwarder.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `forwarder.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `forwarder.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `forwarder.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `forwarder.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `forwarder.startupProbe.enabled` | Enable startupProbe | `false` | -| `forwarder.startupProbe.httpGet.path` | Request path for startupProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | -| `forwarder.startupProbe.httpGet.port` | Port for startupProbe | `http` | -| `forwarder.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | -| `forwarder.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `forwarder.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `forwarder.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | -| `forwarder.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `forwarder.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `forwarder.livenessProbe.httpGet.path` | Request path for livenessProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | -| `forwarder.livenessProbe.httpGet.port` | Port for livenessProbe | `http` | -| `forwarder.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `forwarder.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `forwarder.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `forwarder.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `forwarder.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `forwarder.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `forwarder.readinessProbe.httpGet.path` | Request path for readinessProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | -| `forwarder.readinessProbe.httpGet.port` | Port for readinessProbe | `http` | -| `forwarder.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `forwarder.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `forwarder.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `forwarder.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `forwarder.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `forwarder.customStartupProbe` | Custom liveness probe for the Fluend Forwarder | `{}` | -| `forwarder.customLivenessProbe` | Custom liveness probe for the Fluend Forwarder | `{}` | -| `forwarder.customReadinessProbe` | Custom rediness probe for the Fluend Forwarder | `{}` | -| `forwarder.updateStrategy.type` | Set up update strategy. | `RollingUpdate` | -| `forwarder.resources.limits` | The resources limits for the container | `{}` | -| `forwarder.resources.requests` | The requested resources for the container | `{}` | -| `forwarder.priorityClassName` | Set Priority Class Name to allow priority control over other pods | `""` | -| `forwarder.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `forwarder.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `forwarder.podAffinityPreset` | Forwarder Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `forwarder.podAntiAffinityPreset` | Forwarder Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `forwarder.nodeAffinityPreset.type` | Forwarder Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `forwarder.nodeAffinityPreset.key` | Forwarder Node label key to match Ignored if `affinity` is set. | `""` | -| `forwarder.nodeAffinityPreset.values` | Forwarder Node label values to match. Ignored if `affinity` is set. | `[]` | -| `forwarder.affinity` | Forwarder Affinity for pod assignment | `{}` | -| `forwarder.nodeSelector` | Forwarder Node labels for pod assignment | `{}` | -| `forwarder.tolerations` | Forwarder Tolerations for pod assignment | `[]` | -| `forwarder.podAnnotations` | Pod annotations | `{}` | -| `forwarder.podLabels` | Extra labels to add to Pod | `{}` | -| `forwarder.serviceAccount.create` | Specify whether a ServiceAccount should be created. | `true` | -| `forwarder.serviceAccount.name` | The name of the ServiceAccount to create | `""` | -| `forwarder.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | -| `forwarder.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `forwarder.rbac.create` | Specify whether RBAC resources should be created and used, allowing the get, watch and list of pods/namespaces | `true` | -| `forwarder.rbac.pspEnabled` | Whether to create a PodSecurityPolicy and bound it with RBAC. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | -| `forwarder.persistence.enabled` | Enable persistence volume for the forwarder | `false` | -| `forwarder.persistence.hostPath.path` | Directory from the host node's filesystem to mount as hostPath volume for persistence. | `/opt/bitnami/fluentd/logs/buffers` | -| `forwarder.command` | Override default container command (useful when using custom images) | `[]` | -| `forwarder.args` | Override default container args (useful when using custom images) | `[]` | -| `forwarder.lifecycleHooks` | Additional lifecycles to add to the pods | `{}` | -| `forwarder.initContainers` | Additional init containers to add to the pods | `[]` | -| `forwarder.sidecars` | Add sidecars to forwarder pods | `[]` | -| `forwarder.extraVolumes` | Extra volumes | `[]` | -| `forwarder.extraVolumeMounts` | Mount extra volume(s) | `[]` | -| `forwarder.initScripts` | Dictionary of init scripts. Evaluated as a template. | `{}` | -| `forwarder.initScriptsCM` | ConfigMap with the init scripts. Evaluated as a template. | `""` | -| `forwarder.initScriptsSecret` | Secret containing `/docker-entrypoint-initdb.d` scripts to be executed at initialization time that contain sensitive data. Evaluated as a template. | `""` | -| `aggregator.enabled` | Enable Fluentd aggregator statefulset | `true` | -| `aggregator.image.registry` | Fluentd aggregator image registry override | `""` | -| `aggregator.image.repository` | Fluentd aggregator image repository override | `""` | -| `aggregator.replicaCount` | Number of aggregator pods to deploy in the Stateful Set | `1` | -| `aggregator.podSecurityContext.enabled` | Enable security context for aggregator pods | `true` | -| `aggregator.podSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `aggregator.podSecurityContext.runAsUser` | User ID for aggregator's containers | `1001` | -| `aggregator.podSecurityContext.runAsGroup` | Group ID for aggregator's containers | `1001` | -| `aggregator.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `aggregator.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `aggregator.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `aggregator.podSecurityContext.fsGroup` | Group ID for aggregator's containers filesystem | `1001` | -| `aggregator.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `aggregator.hostAliases` | Add deployment host aliases | `[]` | -| `aggregator.containerSecurityContext.enabled` | Enable security context for the aggregator container | `true` | -| `aggregator.containerSecurityContext.privileged` | Run as privileged | `false` | -| `aggregator.containerSecurityContext.allowPrivilegeEscalation` | Allow Privilege Escalation | `false` | -| `aggregator.containerSecurityContext.readOnlyRootFilesystem` | Require the use of a read only root file system | `false` | -| `aggregator.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` | -| `aggregator.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `aggregator.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `30` | -| `aggregator.extraGems` | List of extra gems to be installed. Can be used to install additional fluentd plugins. | `[]` | -| `aggregator.configFile` | Name of the config file that will be used by Fluentd at launch under the `/opt/bitnami/fluentd/conf` directory | `fluentd.conf` | -| `aggregator.configMap` | Name of the config map that contains the Fluentd configuration files | `""` | -| `aggregator.configMapFiles` | Files to be added to be config map. Ignored if `aggregator.configMap` is set | `{}` | -| `aggregator.port` | Port the Aggregator container will listen for logs. Leave it blank to ignore. | `24224` | -| `aggregator.extraArgs` | Extra arguments for the Fluentd command line | `""` | -| `aggregator.extraEnvVars` | Extra environment variables to pass to the container | `[]` | -| `aggregator.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Fluentd Aggregator nodes | `""` | -| `aggregator.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Fluentd Aggregator nodes | `""` | -| `aggregator.containerPorts` | Ports the aggregator containers will listen on | `[]` | -| `aggregator.service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) for the aggregators | `ClusterIP` | -| `aggregator.service.ports` | Array containing the aggregator service ports | `{}` | -| `aggregator.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` (optional, cloud specific) | `""` | -| `aggregator.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | -| `aggregator.service.clusterIP` | Static clusterIP or None for headless services | `""` | -| `aggregator.service.annotations` | Provide any additional annotations which may be required | `{}` | -| `aggregator.service.externalTrafficPolicy` | Fluentd Aggregator service external traffic policy | `Cluster` | -| `aggregator.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `aggregator.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `aggregator.service.annotationsHeadless` | Provide any additional annotations which may be required on headless service | `{}` | -| `aggregator.service.headless.annotations` | Annotations for the headless service. | `{}` | -| `aggregator.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `aggregator.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `aggregator.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `aggregator.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `aggregator.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `aggregator.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `aggregator.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `aggregator.ingress.enabled` | Set to true to enable ingress record generation | `false` | -| `aggregator.ingress.pathType` | Ingress Path type. How the path matching is interpreted | `ImplementationSpecific` | -| `aggregator.ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | -| `aggregator.ingress.hostname` | Default host for the ingress resource | `fluentd.local` | -| `aggregator.ingress.path` | Default path for the ingress resource | `/` | -| `aggregator.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | -| `aggregator.ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | -| `aggregator.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `aggregator.ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `aggregator.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `aggregator.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `aggregator.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `aggregator.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | -| `aggregator.startupProbe.enabled` | Enable startupProbe | `true` | -| `aggregator.startupProbe.httpGet.path` | Request path for startupProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | -| `aggregator.startupProbe.httpGet.port` | Port for startupProbe | `http` | -| `aggregator.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | -| `aggregator.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `aggregator.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `aggregator.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | -| `aggregator.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `aggregator.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `aggregator.livenessProbe.httpGet.path` | Request path for livenessProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | -| `aggregator.livenessProbe.httpGet.port` | Port for livenessProbe | `http` | -| `aggregator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `aggregator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `aggregator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `aggregator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `aggregator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `aggregator.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `aggregator.readinessProbe.httpGet.path` | Request path for readinessProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | -| `aggregator.readinessProbe.httpGet.port` | Port for readinessProbe | `http` | -| `aggregator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `aggregator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `aggregator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `aggregator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `aggregator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `aggregator.customStartupProbe` | Custom liveness probe for the Fluentd Aggregator | `{}` | -| `aggregator.customLivenessProbe` | Custom liveness probe for the Fluentd Aggregator | `{}` | -| `aggregator.customReadinessProbe` | Custom rediness probe for the Fluentd Aggregator | `{}` | -| `aggregator.updateStrategy.type` | Set up update strategy. | `RollingUpdate` | -| `aggregator.resources.limits` | The resources limits for the container | `{}` | -| `aggregator.resources.requests` | The requested resources for the container | `{}` | -| `aggregator.priorityClassName` | Fluentd Aggregator pods' priorityClassName | `""` | -| `aggregator.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `aggregator.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `aggregator.podManagementPolicy` | podManagementPolicy to manage scaling operation of Fluentd Aggregator pods | `""` | -| `aggregator.podAffinityPreset` | Aggregator Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `aggregator.podAntiAffinityPreset` | Aggregator Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `aggregator.nodeAffinityPreset.type` | Aggregator Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `aggregator.nodeAffinityPreset.key` | Aggregator Node label key to match Ignored if `affinity` is set. | `""` | -| `aggregator.nodeAffinityPreset.values` | Aggregator Node label values to match. Ignored if `affinity` is set. | `[]` | -| `aggregator.affinity` | Aggregator Affinity for pod assignment | `{}` | -| `aggregator.nodeSelector` | Aggregator Node labels for pod assignment | `{}` | -| `aggregator.tolerations` | Aggregator Tolerations for pod assignment | `[]` | -| `aggregator.podAnnotations` | Pod annotations | `{}` | -| `aggregator.podLabels` | Extra labels to add to Pod | `{}` | -| `aggregator.serviceAccount.create` | Specify whether a ServiceAccount should be created | `true` | -| `aggregator.serviceAccount.name` | The name of the ServiceAccount to create | `""` | -| `aggregator.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | -| `aggregator.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `aggregator.autoscaling.enabled` | Create an Horizontal Pod Autoscaler | `false` | -| `aggregator.autoscaling.minReplicas` | Minimum number of replicas for the HPA | `2` | -| `aggregator.autoscaling.maxReplicas` | Maximum number of replicas for the HPA | `5` | -| `aggregator.autoscaling.metrics` | Metrics for the HPA to manage the scaling | `[]` | -| `aggregator.persistence.enabled` | Enable persistence volume for the aggregator | `false` | -| `aggregator.persistence.storageClass` | Persistent Volume storage class | `""` | -| `aggregator.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | -| `aggregator.persistence.size` | Persistent Volume size | `10Gi` | -| `aggregator.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | -| `aggregator.persistence.annotations` | Persistent Volume Claim annotations | `{}` | -| `aggregator.command` | Override default container command (useful when using custom images) | `[]` | -| `aggregator.args` | Override default container args (useful when using custom images) | `[]` | -| `aggregator.lifecycleHooks` | Additional lifecycles to add to the pods | `{}` | -| `aggregator.initContainers` | Add init containers to aggregator pods | `[]` | -| `aggregator.sidecars` | Add sidecars to aggregator pods | `[]` | -| `aggregator.extraVolumes` | Extra volumes | `[]` | -| `aggregator.extraVolumeMounts` | Mount extra volume(s) | `[]` | -| `aggregator.extraVolumeClaimTemplates` | Optionally specify extra list of additional volume claim templates for the Fluentd Aggregator pods in StatefulSet | `[]` | -| `aggregator.initScripts` | Dictionary of init scripts. Evaluated as a template. | `{}` | -| `aggregator.initScriptsCM` | ConfigMap with the init scripts. Evaluated as a template. | `""` | -| `aggregator.initScriptsSecret` | Secret containing `/docker-entrypoint-initdb.d` scripts to be executed at initialization time that contain sensitive data. Evaluated as a template. | `""` | -| `metrics.enabled` | Enable the export of Prometheus metrics | `false` | -| `metrics.service.type` | Prometheus metrics service type | `ClusterIP` | -| `metrics.service.port` | Prometheus metrics service port | `24231` | -| `metrics.service.loadBalancerIP` | Load Balancer IP if the Prometheus metrics server type is `LoadBalancer` | `""` | -| `metrics.service.clusterIP` | Prometheus metrics service Cluster IP | `""` | -| `metrics.service.loadBalancerSourceRanges` | Prometheus metrics service Load Balancer sources | `[]` | -| `metrics.service.externalTrafficPolicy` | Prometheus metrics service external traffic policy | `Cluster` | -| `metrics.service.annotations` | Annotations for the Prometheus Exporter service service | `{}` | -| `metrics.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `metrics.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | -| `metrics.serviceMonitor.labels` | ServiceMonitor extra labels | `{}` | -| `metrics.serviceMonitor.annotations` | ServiceMonitor annotations | `{}` | -| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | -| `metrics.serviceMonitor.path` | path defines the path that promethues will use to pull metrics from the container | `/metrics` | -| `tls.enabled` | Enable TLS/SSL encrytion for internal communications | `false` | -| `tls.autoGenerated` | Generate automatically self-signed TLS certificates. | `false` | -| `tls.forwarder.existingSecret` | Name of the existing secret containing the TLS certificates for the Fluentd forwarder | `""` | -| `tls.aggregator.existingSecret` | Name of the existing secret containing the TLS certificates for the Fluentd aggregator | `""` | +| Name | Description | Value | +| -------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------- | +| `image.registry` | Fluentd image registry | `REGISTRY_NAME` | +| `image.repository` | Fluentd image repository | `REPOSITORY_NAME/fluentd` | +| `image.pullPolicy` | Fluentd image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Fluentd image pull secrets | `[]` | +| `image.debug` | Enable image debug mode | `false` | +| `forwarder.enabled` | Enable forwarder daemonset | `true` | +| `forwarder.image.registry` | Fluentd forwarder image registry override | `""` | +| `forwarder.image.repository` | Fluentd forwarder image repository override | `""` | +| `forwarder.daemonUser` | Forwarder daemon user and group (set to root by default because it reads from host paths) | `root` | +| `forwarder.daemonGroup` | Fluentd forwarder daemon system group | `root` | +| `forwarder.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `forwarder.hostAliases` | Add deployment host aliases | `[]` | +| `forwarder.podSecurityContext.enabled` | Enable security context for forwarder pods | `true` | +| `forwarder.podSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `forwarder.podSecurityContext.runAsUser` | User ID for forwarder's containers | `0` | +| `forwarder.podSecurityContext.runAsGroup` | Group ID for forwarder's containers | `0` | +| `forwarder.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `forwarder.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `forwarder.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `forwarder.podSecurityContext.fsGroup` | Group ID for forwarder's containers filesystem | `0` | +| `forwarder.containerSecurityContext.enabled` | Enable security context for the forwarder container | `true` | +| `forwarder.containerSecurityContext.privileged` | Run as privileged | `false` | +| `forwarder.containerSecurityContext.allowPrivilegeEscalation` | Allow Privilege Escalation | `false` | +| `forwarder.containerSecurityContext.readOnlyRootFilesystem` | Require the use of a read only root file system | `false` | +| `forwarder.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` | +| `forwarder.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `forwarder.hostNetwork` | Enable use of host network | `false` | +| `forwarder.dnsPolicy` | Pod-specific DNS policy | `""` | +| `forwarder.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `30` | +| `forwarder.extraGems` | List of extra gems to be installed. Can be used to install additional fluentd plugins. | `[]` | +| `forwarder.configFile` | Name of the config file that will be used by Fluentd at launch under the `/opt/bitnami/fluentd/conf` directory | `fluentd.conf` | +| `forwarder.configMap` | Name of the config map that contains the Fluentd configuration files | `""` | +| `forwarder.configMapFiles` | Files to be added to be config map. Ignored if `forwarder.configMap` is set | `{}` | +| `forwarder.extraArgs` | Extra arguments for the Fluentd command line | `""` | +| `forwarder.extraEnvVars` | Extra environment variables to pass to the container | `[]` | +| `forwarder.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Fluentd Forwarder nodes | `""` | +| `forwarder.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Fluentd Forwarder nodes | `""` | +| `forwarder.containerPorts` | Ports the forwarder containers will listen on | `[]` | +| `forwarder.service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) for the forwarders | `ClusterIP` | +| `forwarder.service.ports` | Array containing the forwarder service ports | `{}` | +| `forwarder.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` (optional, cloud specific) | `""` | +| `forwarder.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | +| `forwarder.service.externalTrafficPolicy` | Fluentd Forwarder service external traffic policy | `Cluster` | +| `forwarder.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `forwarder.service.annotations` | Provide any additional annotations which may be required | `{}` | +| `forwarder.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `forwarder.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `forwarder.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `forwarder.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `forwarder.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `forwarder.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `forwarder.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `forwarder.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `forwarder.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `forwarder.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `forwarder.startupProbe.enabled` | Enable startupProbe | `false` | +| `forwarder.startupProbe.httpGet.path` | Request path for startupProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | +| `forwarder.startupProbe.httpGet.port` | Port for startupProbe | `http` | +| `forwarder.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | +| `forwarder.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `forwarder.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `forwarder.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | +| `forwarder.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `forwarder.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `forwarder.livenessProbe.httpGet.path` | Request path for livenessProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | +| `forwarder.livenessProbe.httpGet.port` | Port for livenessProbe | `http` | +| `forwarder.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `forwarder.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `forwarder.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `forwarder.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `forwarder.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `forwarder.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `forwarder.readinessProbe.httpGet.path` | Request path for readinessProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | +| `forwarder.readinessProbe.httpGet.port` | Port for readinessProbe | `http` | +| `forwarder.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `forwarder.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `forwarder.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `forwarder.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `forwarder.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `forwarder.customStartupProbe` | Custom liveness probe for the Fluend Forwarder | `{}` | +| `forwarder.customLivenessProbe` | Custom liveness probe for the Fluend Forwarder | `{}` | +| `forwarder.customReadinessProbe` | Custom rediness probe for the Fluend Forwarder | `{}` | +| `forwarder.updateStrategy.type` | Set up update strategy. | `RollingUpdate` | +| `forwarder.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if forwarder.resources is set (forwarder.resources is recommended for production). | `none` | +| `forwarder.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `forwarder.priorityClassName` | Set Priority Class Name to allow priority control over other pods | `""` | +| `forwarder.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `forwarder.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `forwarder.podAffinityPreset` | Forwarder Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `forwarder.podAntiAffinityPreset` | Forwarder Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `forwarder.nodeAffinityPreset.type` | Forwarder Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `forwarder.nodeAffinityPreset.key` | Forwarder Node label key to match Ignored if `affinity` is set. | `""` | +| `forwarder.nodeAffinityPreset.values` | Forwarder Node label values to match. Ignored if `affinity` is set. | `[]` | +| `forwarder.affinity` | Forwarder Affinity for pod assignment | `{}` | +| `forwarder.nodeSelector` | Forwarder Node labels for pod assignment | `{}` | +| `forwarder.tolerations` | Forwarder Tolerations for pod assignment | `[]` | +| `forwarder.podAnnotations` | Pod annotations | `{}` | +| `forwarder.podLabels` | Extra labels to add to Pod | `{}` | +| `forwarder.serviceAccount.create` | Specify whether a ServiceAccount should be created. | `true` | +| `forwarder.serviceAccount.name` | The name of the ServiceAccount to create | `""` | +| `forwarder.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `forwarder.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | +| `forwarder.rbac.create` | Specify whether RBAC resources should be created and used, allowing the get, watch and list of pods/namespaces | `true` | +| `forwarder.rbac.pspEnabled` | Whether to create a PodSecurityPolicy and bound it with RBAC. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | +| `forwarder.persistence.enabled` | Enable persistence volume for the forwarder | `false` | +| `forwarder.persistence.hostPath.path` | Directory from the host node's filesystem to mount as hostPath volume for persistence. | `/opt/bitnami/fluentd/logs/buffers` | +| `forwarder.command` | Override default container command (useful when using custom images) | `[]` | +| `forwarder.args` | Override default container args (useful when using custom images) | `[]` | +| `forwarder.lifecycleHooks` | Additional lifecycles to add to the pods | `{}` | +| `forwarder.initContainers` | Additional init containers to add to the pods | `[]` | +| `forwarder.sidecars` | Add sidecars to forwarder pods | `[]` | +| `forwarder.extraVolumes` | Extra volumes | `[]` | +| `forwarder.extraVolumeMounts` | Mount extra volume(s) | `[]` | +| `forwarder.initScripts` | Dictionary of init scripts. Evaluated as a template. | `{}` | +| `forwarder.initScriptsCM` | ConfigMap with the init scripts. Evaluated as a template. | `""` | +| `forwarder.initScriptsSecret` | Secret containing `/docker-entrypoint-initdb.d` scripts to be executed at initialization time that contain sensitive data. Evaluated as a template. | `""` | +| `aggregator.enabled` | Enable Fluentd aggregator statefulset | `true` | +| `aggregator.image.registry` | Fluentd aggregator image registry override | `""` | +| `aggregator.image.repository` | Fluentd aggregator image repository override | `""` | +| `aggregator.replicaCount` | Number of aggregator pods to deploy in the Stateful Set | `1` | +| `aggregator.podSecurityContext.enabled` | Enable security context for aggregator pods | `true` | +| `aggregator.podSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `aggregator.podSecurityContext.runAsUser` | User ID for aggregator's containers | `1001` | +| `aggregator.podSecurityContext.runAsGroup` | Group ID for aggregator's containers | `1001` | +| `aggregator.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `aggregator.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `aggregator.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `aggregator.podSecurityContext.fsGroup` | Group ID for aggregator's containers filesystem | `1001` | +| `aggregator.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `aggregator.hostAliases` | Add deployment host aliases | `[]` | +| `aggregator.containerSecurityContext.enabled` | Enable security context for the aggregator container | `true` | +| `aggregator.containerSecurityContext.privileged` | Run as privileged | `false` | +| `aggregator.containerSecurityContext.allowPrivilegeEscalation` | Allow Privilege Escalation | `false` | +| `aggregator.containerSecurityContext.readOnlyRootFilesystem` | Require the use of a read only root file system | `false` | +| `aggregator.containerSecurityContext.capabilities.drop` | Drop capabilities for the securityContext | `[]` | +| `aggregator.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `aggregator.terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `30` | +| `aggregator.extraGems` | List of extra gems to be installed. Can be used to install additional fluentd plugins. | `[]` | +| `aggregator.configFile` | Name of the config file that will be used by Fluentd at launch under the `/opt/bitnami/fluentd/conf` directory | `fluentd.conf` | +| `aggregator.configMap` | Name of the config map that contains the Fluentd configuration files | `""` | +| `aggregator.configMapFiles` | Files to be added to be config map. Ignored if `aggregator.configMap` is set | `{}` | +| `aggregator.port` | Port the Aggregator container will listen for logs. Leave it blank to ignore. | `24224` | +| `aggregator.extraArgs` | Extra arguments for the Fluentd command line | `""` | +| `aggregator.extraEnvVars` | Extra environment variables to pass to the container | `[]` | +| `aggregator.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Fluentd Aggregator nodes | `""` | +| `aggregator.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Fluentd Aggregator nodes | `""` | +| `aggregator.containerPorts` | Ports the aggregator containers will listen on | `[]` | +| `aggregator.service.type` | Kubernetes service type (`ClusterIP`, `NodePort`, or `LoadBalancer`) for the aggregators | `ClusterIP` | +| `aggregator.service.ports` | Array containing the aggregator service ports | `{}` | +| `aggregator.service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` (optional, cloud specific) | `""` | +| `aggregator.service.loadBalancerSourceRanges` | Addresses that are allowed when service is LoadBalancer | `[]` | +| `aggregator.service.clusterIP` | Static clusterIP or None for headless services | `""` | +| `aggregator.service.annotations` | Provide any additional annotations which may be required | `{}` | +| `aggregator.service.externalTrafficPolicy` | Fluentd Aggregator service external traffic policy | `Cluster` | +| `aggregator.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `aggregator.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `aggregator.service.annotationsHeadless` | Provide any additional annotations which may be required on headless service | `{}` | +| `aggregator.service.headless.annotations` | Annotations for the headless service. | `{}` | +| `aggregator.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `aggregator.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `aggregator.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `aggregator.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `aggregator.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `aggregator.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `aggregator.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `aggregator.ingress.enabled` | Set to true to enable ingress record generation | `false` | +| `aggregator.ingress.pathType` | Ingress Path type. How the path matching is interpreted | `ImplementationSpecific` | +| `aggregator.ingress.apiVersion` | Override API Version (automatically detected if not set) | `""` | +| `aggregator.ingress.hostname` | Default host for the ingress resource | `fluentd.local` | +| `aggregator.ingress.path` | Default path for the ingress resource | `/` | +| `aggregator.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `aggregator.ingress.tls` | Enable TLS configuration for the hostname defined at ingress.hostname parameter | `false` | +| `aggregator.ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `aggregator.ingress.extraPaths` | Any additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | +| `aggregator.ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `aggregator.ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `aggregator.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `aggregator.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| `aggregator.startupProbe.enabled` | Enable startupProbe | `true` | +| `aggregator.startupProbe.httpGet.path` | Request path for startupProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | +| `aggregator.startupProbe.httpGet.port` | Port for startupProbe | `http` | +| `aggregator.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `60` | +| `aggregator.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `aggregator.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `aggregator.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | +| `aggregator.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `aggregator.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `aggregator.livenessProbe.httpGet.path` | Request path for livenessProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | +| `aggregator.livenessProbe.httpGet.port` | Port for livenessProbe | `http` | +| `aggregator.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `aggregator.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `aggregator.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `aggregator.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `aggregator.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `aggregator.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `aggregator.readinessProbe.httpGet.path` | Request path for readinessProbe | `/fluentd.healthcheck?json=%7B%22ping%22%3A+%22pong%22%7D` | +| `aggregator.readinessProbe.httpGet.port` | Port for readinessProbe | `http` | +| `aggregator.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `aggregator.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `aggregator.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `aggregator.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `aggregator.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `aggregator.customStartupProbe` | Custom liveness probe for the Fluentd Aggregator | `{}` | +| `aggregator.customLivenessProbe` | Custom liveness probe for the Fluentd Aggregator | `{}` | +| `aggregator.customReadinessProbe` | Custom rediness probe for the Fluentd Aggregator | `{}` | +| `aggregator.updateStrategy.type` | Set up update strategy. | `RollingUpdate` | +| `aggregator.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if aggregator.resources is set (aggregator.resources is recommended for production). | `none` | +| `aggregator.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `aggregator.priorityClassName` | Fluentd Aggregator pods' priorityClassName | `""` | +| `aggregator.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `aggregator.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `aggregator.podManagementPolicy` | podManagementPolicy to manage scaling operation of Fluentd Aggregator pods | `""` | +| `aggregator.podAffinityPreset` | Aggregator Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `aggregator.podAntiAffinityPreset` | Aggregator Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `aggregator.nodeAffinityPreset.type` | Aggregator Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `aggregator.nodeAffinityPreset.key` | Aggregator Node label key to match Ignored if `affinity` is set. | `""` | +| `aggregator.nodeAffinityPreset.values` | Aggregator Node label values to match. Ignored if `affinity` is set. | `[]` | +| `aggregator.affinity` | Aggregator Affinity for pod assignment | `{}` | +| `aggregator.nodeSelector` | Aggregator Node labels for pod assignment | `{}` | +| `aggregator.tolerations` | Aggregator Tolerations for pod assignment | `[]` | +| `aggregator.podAnnotations` | Pod annotations | `{}` | +| `aggregator.podLabels` | Extra labels to add to Pod | `{}` | +| `aggregator.serviceAccount.create` | Specify whether a ServiceAccount should be created | `true` | +| `aggregator.serviceAccount.name` | The name of the ServiceAccount to create | `""` | +| `aggregator.serviceAccount.annotations` | Additional Service Account annotations (evaluated as a template) | `{}` | +| `aggregator.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | +| `aggregator.autoscaling.enabled` | Create an Horizontal Pod Autoscaler | `false` | +| `aggregator.autoscaling.minReplicas` | Minimum number of replicas for the HPA | `2` | +| `aggregator.autoscaling.maxReplicas` | Maximum number of replicas for the HPA | `5` | +| `aggregator.autoscaling.metrics` | Metrics for the HPA to manage the scaling | `[]` | +| `aggregator.persistence.enabled` | Enable persistence volume for the aggregator | `false` | +| `aggregator.persistence.storageClass` | Persistent Volume storage class | `""` | +| `aggregator.persistence.accessModes` | Persistent Volume access modes | `["ReadWriteOnce"]` | +| `aggregator.persistence.size` | Persistent Volume size | `10Gi` | +| `aggregator.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | +| `aggregator.persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `aggregator.command` | Override default container command (useful when using custom images) | `[]` | +| `aggregator.args` | Override default container args (useful when using custom images) | `[]` | +| `aggregator.lifecycleHooks` | Additional lifecycles to add to the pods | `{}` | +| `aggregator.initContainers` | Add init containers to aggregator pods | `[]` | +| `aggregator.sidecars` | Add sidecars to aggregator pods | `[]` | +| `aggregator.extraVolumes` | Extra volumes | `[]` | +| `aggregator.extraVolumeMounts` | Mount extra volume(s) | `[]` | +| `aggregator.extraVolumeClaimTemplates` | Optionally specify extra list of additional volume claim templates for the Fluentd Aggregator pods in StatefulSet | `[]` | +| `aggregator.initScripts` | Dictionary of init scripts. Evaluated as a template. | `{}` | +| `aggregator.initScriptsCM` | ConfigMap with the init scripts. Evaluated as a template. | `""` | +| `aggregator.initScriptsSecret` | Secret containing `/docker-entrypoint-initdb.d` scripts to be executed at initialization time that contain sensitive data. Evaluated as a template. | `""` | +| `metrics.enabled` | Enable the export of Prometheus metrics | `false` | +| `metrics.service.type` | Prometheus metrics service type | `ClusterIP` | +| `metrics.service.port` | Prometheus metrics service port | `24231` | +| `metrics.service.loadBalancerIP` | Load Balancer IP if the Prometheus metrics server type is `LoadBalancer` | `""` | +| `metrics.service.clusterIP` | Prometheus metrics service Cluster IP | `""` | +| `metrics.service.loadBalancerSourceRanges` | Prometheus metrics service Load Balancer sources | `[]` | +| `metrics.service.externalTrafficPolicy` | Prometheus metrics service external traffic policy | `Cluster` | +| `metrics.service.annotations` | Annotations for the Prometheus Exporter service service | `{}` | +| `metrics.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `metrics.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| `metrics.serviceMonitor.labels` | ServiceMonitor extra labels | `{}` | +| `metrics.serviceMonitor.annotations` | ServiceMonitor annotations | `{}` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `metrics.serviceMonitor.path` | path defines the path that promethues will use to pull metrics from the container | `/metrics` | +| `tls.enabled` | Enable TLS/SSL encrytion for internal communications | `false` | +| `tls.autoGenerated` | Generate automatically self-signed TLS certificates. | `false` | +| `tls.forwarder.existingSecret` | Name of the existing secret containing the TLS certificates for the Fluentd forwarder | `""` | +| `tls.aggregator.existingSecret` | Name of the existing secret containing the TLS certificates for the Fluentd aggregator | `""` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -379,6 +379,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/fluen ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/fluentd/templates/NOTES.txt b/bitnami/fluentd/templates/NOTES.txt index dea65ac6690d30..7871342e0bf1a9 100644 --- a/bitnami/fluentd/templates/NOTES.txt +++ b/bitnami/fluentd/templates/NOTES.txt @@ -53,3 +53,4 @@ In order to replicate the container startup scripts execute this command: {{- include "fluentd.validateValues" . }} {{- include "fluentd.checkRollingTags" . -}} +{{- include "common.warnings.resources" (dict "sections" (list "aggregator" "forwarder") "context" $) }} diff --git a/bitnami/fluentd/templates/aggregator-statefulset.yaml b/bitnami/fluentd/templates/aggregator-statefulset.yaml index d29b5efdc0be2a..507db5e5584459 100644 --- a/bitnami/fluentd/templates/aggregator-statefulset.yaml +++ b/bitnami/fluentd/templates/aggregator-statefulset.yaml @@ -153,6 +153,8 @@ spec: {{- end }} {{- if .Values.aggregator.resources }} resources: {{- toYaml .Values.aggregator.resources | nindent 12 }} + {{- else if ne .Values.aggregator.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.aggregator.resourcesPreset) | nindent 12 }} {{- end }} ports: {{- if .Values.aggregator.port }} diff --git a/bitnami/fluentd/templates/forwarder-daemonset.yaml b/bitnami/fluentd/templates/forwarder-daemonset.yaml index e8dfd65b9b41ce..e54b8321b64bee 100644 --- a/bitnami/fluentd/templates/forwarder-daemonset.yaml +++ b/bitnami/fluentd/templates/forwarder-daemonset.yaml @@ -151,6 +151,8 @@ spec: {{- end }} {{- if .Values.forwarder.resources }} resources: {{- toYaml .Values.forwarder.resources | nindent 12 }} + {{- else if ne .Values.forwarder.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.forwarder.resourcesPreset) | nindent 12 }} {{- end }} ports: {{- if .Values.forwarder.containerPorts }} diff --git a/bitnami/fluentd/values.yaml b/bitnami/fluentd/values.yaml index 8d04d0765039bb..6863f8731f324b 100644 --- a/bitnami/fluentd/values.yaml +++ b/bitnami/fluentd/values.yaml @@ -18,7 +18,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @param kubeVersion Force target Kubernetes version (using Helm capabilities if not set) @@ -42,7 +41,6 @@ clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - ## Enable diagnostic mode in the deployment ## diagnosticMode: @@ -57,7 +55,6 @@ diagnosticMode: ## args: - infinity - ## @section Fluentd parameters ## Bitnami Fluentd image version @@ -437,7 +434,6 @@ forwarder: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## Configure extra options for startup probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param forwarder.startupProbe.enabled Enable startupProbe @@ -510,7 +506,6 @@ forwarder: ## @param forwarder.customReadinessProbe Custom rediness probe for the Fluend Forwarder ## customReadinessProbe: {} - ## @param forwarder.updateStrategy.type Set up update strategy. ## ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/#daemonset-update-strategy ## Example: @@ -528,20 +523,21 @@ forwarder: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param forwarder.resources.limits The resources limits for the container - ## @param forwarder.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 500m - ## memory: 1Gi - limits: {} - ## Examples: - ## requests: - ## cpu: 300m - ## memory: 512Mi - requests: {} + ## @param forwarder.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if forwarder.resources is set (forwarder.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param forwarder.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param forwarder.priorityClassName Set Priority Class Name to allow priority control over other pods ## ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/ ## @@ -618,7 +614,6 @@ forwarder: ## @param forwarder.serviceAccount.automountServiceAccountToken Automount service account token for the server service account ## automountServiceAccountToken: false - ## Role Based Access ## ref: https://kubernetes.io/docs/admin/authorization/rbac/ ## @param forwarder.rbac.create Specify whether RBAC resources should be created and used, allowing the get, watch and list of pods/namespaces @@ -858,7 +853,6 @@ aggregator: host ${hostname} - ## @param aggregator.port Port the Aggregator container will listen for logs. Leave it blank to ignore. ## You can specify other ports in the aggregator.containerPorts parameter ## @@ -1103,7 +1097,6 @@ aggregator: ## name: http ## extraRules: [] - ## Configure extra options for startup probe ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param aggregator.startupProbe.enabled Enable startupProbe @@ -1176,7 +1169,6 @@ aggregator: ## @param aggregator.customReadinessProbe Custom rediness probe for the Fluentd Aggregator ## customReadinessProbe: {} - ## @param aggregator.updateStrategy.type Set up update strategy. ## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets ## Example: @@ -1194,20 +1186,21 @@ aggregator: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param aggregator.resources.limits The resources limits for the container - ## @param aggregator.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 500m - ## memory: 1Gi - limits: {} - ## Examples: - ## requests: - ## cpu: 300m - ## memory: 512Mi - requests: {} + ## @param aggregator.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if aggregator.resources is set (aggregator.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param aggregator.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param aggregator.priorityClassName Fluentd Aggregator pods' priorityClassName ## priorityClassName: "" From b08b25fa04be7b661dc86041719c5120824716a7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 13:30:13 +0100 Subject: [PATCH 007/129] [bitnami/fluent-bit] feat: :sparkles: :lock: Add resource preset support (#23449) Signed-off-by: Javier Salmeron Garcia --- bitnami/fluent-bit/Chart.lock | 6 +- bitnami/fluent-bit/README.md | 216 ++++++++++--------- bitnami/fluent-bit/templates/NOTES.txt | 1 + bitnami/fluent-bit/templates/daemonset.yaml | 2 + bitnami/fluent-bit/templates/deployment.yaml | 2 + bitnami/fluent-bit/values.yaml | 41 ++-- 6 files changed, 134 insertions(+), 134 deletions(-) diff --git a/bitnami/fluent-bit/Chart.lock b/bitnami/fluent-bit/Chart.lock index 84c92f95b1bff8..f2bfe53e56a27b 100644 --- a/bitnami/fluent-bit/Chart.lock +++ b/bitnami/fluent-bit/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3 -generated: "2023-12-22T10:45:04.83471045Z" + version: 2.15.3 +digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 +generated: "2024-02-14T14:52:07.199095302+01:00" diff --git a/bitnami/fluent-bit/README.md b/bitnami/fluent-bit/README.md index bba2cdc1a9b94f..4ab1767007aac3 100644 --- a/bitnami/fluent-bit/README.md +++ b/bitnami/fluent-bit/README.md @@ -89,111 +89,111 @@ The command removes all the Kubernetes components associated with the chart and ### Fluent Bit daemonset configuration -| Name | Description | Value | -| --------------------------------------------------- | -------------------------------------------------------------------------------------------------- | ---------------------------- | -| `daemonset.enabled` | Use a daemonset instead of a deployment. `replicaCount` will not take effect. | `false` | -| `daemonset.podSecurityContext.enabled` | Enable security context for daemonset pods | `true` | -| `daemonset.podSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `daemonset.podSecurityContext.runAsUser` | User ID for daemonset containers | `0` | -| `daemonset.podSecurityContext.runAsGroup` | Group ID for daemonset containers | `0` | -| `daemonset.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `daemonset.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `daemonset.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `daemonset.podSecurityContext.fsGroup` | Group ID for daemonset containers filesystem | `0` | -| `daemonset.hostPaths.logs` | Path to the node logs dir | `/var/log` | -| `daemonset.hostPaths.containerLogs` | Path to the container logs dir | `/var/lib/docker/containers` | -| `daemonset.hostPaths.machineId` | Path to the machine-id file | `/etc/machine-id` | -| `hostNetwork` | Enable HOST Network | `false` | -| `command` | Command for running the container (set to default if not set). Use array form | `[]` | -| `args` | Args for running the container (set to default if not set). Use array form | `[]` | -| `lifecycleHooks` | Override default etcd container hooks | `{}` | -| `extraEnvVars` | Extra environment variables to be set on fluent-bit container | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | -| `existingConfigMap` | Name of an existing ConfigMap with the Fluent Bit config file | `""` | -| `automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `hostAliases` | Deployment pod host aliases | `[]` | -| `replicaCount` | Number of Fluent Bit replicas | `1` | -| `livenessProbe.enabled` | Enable livenessProbe on nodes | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe on containers | `true` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `15` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `customStartupProbe` | Override default startup probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `resources.limits` | The resources limits for Fluent Bit containers | `{}` | -| `resources.requests` | The requested resources for Fluent Bit containers | `{}` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for fluent-bit container | `[]` | -| `containerPorts.http` | Port for HTTP port | `2020` | -| `service.type` | Fluent Bit service type | `ClusterIP` | -| `service.ports.http` | Port for HTTP port | `2020` | -| `service.nodePorts.http` | Node port for HTTP port | `""` | -| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | -| `service.loadBalancerIP` | LoadBalancerIP if service type is `LoadBalancer` | `""` | -| `service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | -| `service.clusterIP` | Service Cluster IP | `""` | -| `service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | -| `service.annotations` | Provide any additional annotations which may be required. | `{}` | -| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `serviceAccount.create` | Enables ServiceAccount | `true` | -| `serviceAccount.name` | ServiceAccount name | `""` | -| `serviceAccount.annotations` | Annotations to add to all deployed objects | `{}` | -| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | -| `podSecurityContext.enabled` | Enabled Fluent Bit pods' Security Context | `true` | -| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `podSecurityContext.fsGroup` | Set Fluent Bit pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enabled Fluent Bit containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `containerSecurityContext.runAsUser` | Set Fluent Bit containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set Fluent Bit container's Security Context runAsNonRoot | `true` | -| `containerSecurityContext.readOnlyRootFilesystem` | Set Fluent Bit container's Security Context runAsNonRoot | `false` | -| `containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | -| `containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` | -| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `podAnnotations` | Additional pod annotations | `{}` | -| `podLabels` | Additional pod labels | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `priorityClassName` | Server priorityClassName | `""` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `schedulerName` | Alternative scheduler | `""` | -| `updateStrategy.type` | Fluent Bit deployment strategy type | `RollingUpdate` | -| `updateStrategy.rollingUpdate` | Fluent Bit deployment rolling update configuration parameters | `{}` | -| `extraVolumes` | Optionally specify extra list of additional volumes for fluent-bit container | `[]` | -| `initContainers` | Add additional init containers to the fluent-bit pods | `[]` | -| `sidecars` | Add additional sidecar containers to the fluent-bit pods | `[]` | +| Name | Description | Value | +| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | +| `daemonset.enabled` | Use a daemonset instead of a deployment. `replicaCount` will not take effect. | `false` | +| `daemonset.podSecurityContext.enabled` | Enable security context for daemonset pods | `true` | +| `daemonset.podSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `daemonset.podSecurityContext.runAsUser` | User ID for daemonset containers | `0` | +| `daemonset.podSecurityContext.runAsGroup` | Group ID for daemonset containers | `0` | +| `daemonset.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `daemonset.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `daemonset.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `daemonset.podSecurityContext.fsGroup` | Group ID for daemonset containers filesystem | `0` | +| `daemonset.hostPaths.logs` | Path to the node logs dir | `/var/log` | +| `daemonset.hostPaths.containerLogs` | Path to the container logs dir | `/var/lib/docker/containers` | +| `daemonset.hostPaths.machineId` | Path to the machine-id file | `/etc/machine-id` | +| `hostNetwork` | Enable HOST Network | `false` | +| `command` | Command for running the container (set to default if not set). Use array form | `[]` | +| `args` | Args for running the container (set to default if not set). Use array form | `[]` | +| `lifecycleHooks` | Override default etcd container hooks | `{}` | +| `extraEnvVars` | Extra environment variables to be set on fluent-bit container | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | +| `existingConfigMap` | Name of an existing ConfigMap with the Fluent Bit config file | `""` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `hostAliases` | Deployment pod host aliases | `[]` | +| `replicaCount` | Number of Fluent Bit replicas | `1` | +| `livenessProbe.enabled` | Enable livenessProbe on nodes | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe on containers | `true` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `15` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `customStartupProbe` | Override default startup probe | `{}` | +| `customReadinessProbe` | Override default readiness probe | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for fluent-bit container | `[]` | +| `containerPorts.http` | Port for HTTP port | `2020` | +| `service.type` | Fluent Bit service type | `ClusterIP` | +| `service.ports.http` | Port for HTTP port | `2020` | +| `service.nodePorts.http` | Node port for HTTP port | `""` | +| `service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | +| `service.loadBalancerIP` | LoadBalancerIP if service type is `LoadBalancer` | `""` | +| `service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | +| `service.clusterIP` | Service Cluster IP | `""` | +| `service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | +| `service.annotations` | Provide any additional annotations which may be required. | `{}` | +| `service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `serviceAccount.create` | Enables ServiceAccount | `true` | +| `serviceAccount.name` | ServiceAccount name | `""` | +| `serviceAccount.annotations` | Annotations to add to all deployed objects | `{}` | +| `serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | +| `podSecurityContext.enabled` | Enabled Fluent Bit pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Set Fluent Bit pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled Fluent Bit containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `containerSecurityContext.runAsUser` | Set Fluent Bit containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set Fluent Bit container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set Fluent Bit container's Security Context runAsNonRoot | `false` | +| `containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `podAnnotations` | Additional pod annotations | `{}` | +| `podLabels` | Additional pod labels | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `priorityClassName` | Server priorityClassName | `""` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `schedulerName` | Alternative scheduler | `""` | +| `updateStrategy.type` | Fluent Bit deployment strategy type | `RollingUpdate` | +| `updateStrategy.rollingUpdate` | Fluent Bit deployment rolling update configuration parameters | `{}` | +| `extraVolumes` | Optionally specify extra list of additional volumes for fluent-bit container | `[]` | +| `initContainers` | Add additional init containers to the fluent-bit pods | `[]` | +| `sidecars` | Add additional sidecar containers to the fluent-bit pods | `[]` | ### Fluent Bit configuration @@ -268,6 +268,12 @@ The command removes all the Kubernetes components associated with the chart and ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/fluent-bit/templates/NOTES.txt b/bitnami/fluent-bit/templates/NOTES.txt index 0221fa298f71c9..9c2807d2574622 100644 --- a/bitnami/fluent-bit/templates/NOTES.txt +++ b/bitnami/fluent-bit/templates/NOTES.txt @@ -21,3 +21,4 @@ APP VERSION: {{ .Chart.AppVersion }} {{- end }} {{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.resources" (dict "sections" (list "") "context" $) }} diff --git a/bitnami/fluent-bit/templates/daemonset.yaml b/bitnami/fluent-bit/templates/daemonset.yaml index e7fd8e2af06eec..404f0413909f4a 100644 --- a/bitnami/fluent-bit/templates/daemonset.yaml +++ b/bitnami/fluent-bit/templates/daemonset.yaml @@ -131,6 +131,8 @@ spec: {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: config diff --git a/bitnami/fluent-bit/templates/deployment.yaml b/bitnami/fluent-bit/templates/deployment.yaml index 49d68359f7457e..2ec7aa10d83721 100644 --- a/bitnami/fluent-bit/templates/deployment.yaml +++ b/bitnami/fluent-bit/templates/deployment.yaml @@ -130,6 +130,8 @@ spec: {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: config diff --git a/bitnami/fluent-bit/values.yaml b/bitnami/fluent-bit/values.yaml index 4fa2e65b3c802f..caed1f7837c319 100644 --- a/bitnami/fluent-bit/values.yaml +++ b/bitnami/fluent-bit/values.yaml @@ -19,7 +19,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @@ -52,7 +51,6 @@ diagnosticMode: ## args: - infinity - ## @section Fluent Bit parameters ## @@ -87,7 +85,6 @@ image: ## Enable debug mode ## debug: false - ## @section Fluent Bit daemonset configuration ## Running as daemonset eases kubernetes pod monitoring and ensures its integrity ## If daemonset is enabled, Fluent Bit deployment will be disabled @@ -227,22 +224,21 @@ customReadinessProbe: {} ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for Fluent Bit containers -## @param resources.requests The requested resources for Fluent Bit containers -## -resources: - ## Example: - ## limits: - ## cpu: 2 - ## memory: 4Gi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 2 - ## memory: 4Gi - ## - requests: {} +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "none" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} ## @param extraVolumeMounts Optionally specify extra list of additional volumeMounts for fluent-bit container ## extraVolumeMounts: [] @@ -495,7 +491,6 @@ initContainers: [] ## @param sidecars Add additional sidecar containers to the fluent-bit pods ## sidecars: [] - ## @section Fluent Bit configuration ## config: @@ -522,7 +517,6 @@ config: inputs: | [INPUT] Name cpu - ## @param config.filters [string] Set of plugins that can be used to filter, modify, or enrich log data that is processed by Fluent Bit. ## https://docs.fluentbit.io/manual/pipeline/filters ## Example: @@ -582,7 +576,6 @@ rbac: ## - list ## rules: [] - ## @section Autoscaling ## autoscaling: @@ -636,7 +629,6 @@ autoscaling: ## @param autoscaling.hpa.behavior HPA Behavior ## behavior: {} - ## Configure the ingress resource that allows you to access the ## fluent-bit Console. Set up the URL ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ @@ -741,7 +733,6 @@ ingress: ## name: http ## extraRules: [] - ## Fluent Bit Pod Disruption Budget ## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ ## @param pdb.create Deploy a PodDisruptionBudget object for Fluent Bit deployment @@ -752,7 +743,6 @@ pdb: create: false minAvailable: "" maxUnavailable: "50%" - ## Prometheus metrics ## metrics: @@ -807,7 +797,6 @@ metrics: ## prometheus: my-prometheus ## selector: {} - ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] From f739444f482b3e81ce0a11d247631deb27e9c0b2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 13:30:22 +0100 Subject: [PATCH 008/129] [bitnami/elasticsearch] feat: :sparkles: :lock: Add resource preset support (#23445) Signed-off-by: Javier Salmeron Garcia --- bitnami/elasticsearch/Chart.lock | 6 +- bitnami/elasticsearch/README.md | 1046 +++++++++-------- bitnami/elasticsearch/templates/NOTES.txt | 1 + .../templates/coordinating/statefulset.yaml | 4 + .../templates/data/statefulset.yaml | 6 + .../templates/ingest/statefulset.yaml | 4 + .../templates/master/statefulset.yaml | 6 + .../templates/metrics/deployment.yaml | 2 + bitnami/elasticsearch/values.yaml | 236 ++-- 9 files changed, 666 insertions(+), 645 deletions(-) diff --git a/bitnami/elasticsearch/Chart.lock b/bitnami/elasticsearch/Chart.lock index d1ea9daf097c90..48a760da403059 100644 --- a/bitnami/elasticsearch/Chart.lock +++ b/bitnami/elasticsearch/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 10.9.0 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:e94d8d8bcdaa5899103f1fe008d3b7b4b8c278ae6293ee8ad430b293d4f0ab10 -generated: "2024-02-09T16:38:36.334076893Z" + version: 2.15.3 +digest: sha256:6932d55cb650da7bf34b315468dc941b1467007c4997f2d55866e400678dcafd +generated: "2024-02-14T14:48:42.754392379+01:00" diff --git a/bitnami/elasticsearch/README.md b/bitnami/elasticsearch/README.md index 7f09b96eda2e5e..ee8fcc19433329 100644 --- a/bitnami/elasticsearch/README.md +++ b/bitnami/elasticsearch/README.md @@ -170,541 +170,541 @@ helm delete --purge my-release ### Master-elegible nodes parameters -| Name | Description | Value | -| ----------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `master.masterOnly` | Deploy the Elasticsearch master-elegible nodes as master-only nodes. Recommended for high-demand deployments. | `true` | -| `master.replicaCount` | Number of master-elegible replicas to deploy | `2` | -| `master.extraRoles` | Append extra roles to the node role | `[]` | -| `master.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `master.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `master.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `master.nameOverride` | String to partially override elasticsearch.master.fullname | `""` | -| `master.fullnameOverride` | String to fully override elasticsearch.master.fullname | `""` | -| `master.servicenameOverride` | String to fully override elasticsearch.master.servicename | `""` | -| `master.annotations` | Annotations for the master statefulset | `{}` | -| `master.updateStrategy.type` | Master-elegible nodes statefulset stategy type | `RollingUpdate` | -| `master.resources.limits` | The resources limits for elasticsearch containers | `{}` | -| `master.resources.requests` | The requested resources for elasticsearch containers | `{}` | -| `master.heapSize` | Elasticsearch master-eligible node heap size. | `128m` | -| `master.podSecurityContext.enabled` | Enabled master-elegible pods' Security Context | `true` | -| `master.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `master.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `master.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `master.podSecurityContext.fsGroup` | Set master-elegible pod's Security Context fsGroup | `1001` | -| `master.containerSecurityContext.enabled` | Enabled master-elegible containers' Security Context | `true` | -| `master.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `master.containerSecurityContext.runAsUser` | Set master-elegible containers' Security Context runAsUser | `1001` | -| `master.containerSecurityContext.runAsNonRoot` | Set master-elegible containers' Security Context runAsNonRoot | `true` | -| `master.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `master.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `master.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `master.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `master.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `master.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `master.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `master.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `master.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `master.hostAliases` | master-elegible pods host aliases | `[]` | -| `master.podLabels` | Extra labels for master-elegible pods | `{}` | -| `master.podAnnotations` | Annotations for master-elegible pods | `{}` | -| `master.podAffinityPreset` | Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `master.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `master.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `master.nodeAffinityPreset.key` | Node label key to match. Ignored if `master.affinity` is set | `""` | -| `master.nodeAffinityPreset.values` | Node label values to match. Ignored if `master.affinity` is set | `[]` | -| `master.affinity` | Affinity for master-elegible pods assignment | `{}` | -| `master.nodeSelector` | Node labels for master-elegible pods assignment | `{}` | -| `master.tolerations` | Tolerations for master-elegible pods assignment | `[]` | -| `master.priorityClassName` | master-elegible pods' priorityClassName | `""` | -| `master.schedulerName` | Name of the k8s scheduler (other than default) for master-elegible pods | `""` | -| `master.terminationGracePeriodSeconds` | In seconds, time the given to the Elasticsearch Master pod needs to terminate gracefully | `""` | -| `master.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `master.podManagementPolicy` | podManagementPolicy to manage scaling operation of Elasticsearch master pods | `Parallel` | -| `master.startupProbe.enabled` | Enable/disable the startup probe (master nodes pod) | `false` | -| `master.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated (master nodes pod) | `90` | -| `master.startupProbe.periodSeconds` | How often to perform the probe (master nodes pod) | `10` | -| `master.startupProbe.timeoutSeconds` | When the probe times out (master nodes pod) | `5` | -| `master.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (master nodes pod) | `1` | -| `master.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `master.livenessProbe.enabled` | Enable/disable the liveness probe (master-eligible nodes pod) | `true` | -| `master.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (master-eligible nodes pod) | `180` | -| `master.livenessProbe.periodSeconds` | How often to perform the probe (master-eligible nodes pod) | `10` | -| `master.livenessProbe.timeoutSeconds` | When the probe times out (master-eligible nodes pod) | `5` | -| `master.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (master-eligible nodes pod) | `1` | -| `master.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `master.readinessProbe.enabled` | Enable/disable the readiness probe (master-eligible nodes pod) | `true` | -| `master.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated (master-eligible nodes pod) | `90` | -| `master.readinessProbe.periodSeconds` | How often to perform the probe (master-eligible nodes pod) | `10` | -| `master.readinessProbe.timeoutSeconds` | When the probe times out (master-eligible nodes pod) | `5` | -| `master.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (master-eligible nodes pod) | `1` | -| `master.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `master.customStartupProbe` | Override default startup probe | `{}` | -| `master.customLivenessProbe` | Override default liveness probe | `{}` | -| `master.customReadinessProbe` | Override default readiness probe | `{}` | -| `master.command` | Override default container command (useful when using custom images) | `[]` | -| `master.args` | Override default container args (useful when using custom images) | `[]` | -| `master.lifecycleHooks` | for the master-elegible container(s) to automate configuration before or after startup | `{}` | -| `master.extraEnvVars` | Array with extra environment variables to add to master-elegible nodes | `[]` | -| `master.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for master-elegible nodes | `""` | -| `master.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for master-elegible nodes | `""` | -| `master.extraVolumes` | Optionally specify extra list of additional volumes for the master-elegible pod(s) | `[]` | -| `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the master-elegible container(s) | `[]` | -| `master.sidecars` | Add additional sidecar containers to the master-elegible pod(s) | `[]` | -| `master.initContainers` | Add additional init containers to the master-elegible pod(s) | `[]` | -| `master.persistence.enabled` | Enable persistence using a `PersistentVolumeClaim` | `true` | -| `master.persistence.storageClass` | Persistent Volume Storage Class | `""` | -| `master.persistence.existingClaim` | Existing Persistent Volume Claim | `""` | -| `master.persistence.existingVolume` | Existing Persistent Volume for use as volume match label selector to the `volumeClaimTemplate`. Ignored when `master.persistence.selector` is set. | `""` | -| `master.persistence.selector` | Configure custom selector for existing Persistent Volume. Overwrites `master.persistence.existingVolume` | `{}` | -| `master.persistence.annotations` | Persistent Volume Claim annotations | `{}` | -| `master.persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | -| `master.persistence.size` | Persistent Volume Size | `8Gi` | -| `master.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `master.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | -| `master.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `master.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `master.autoscaling.enabled` | Whether enable horizontal pod autoscale | `false` | -| `master.autoscaling.minReplicas` | Configure a minimum amount of pods | `3` | -| `master.autoscaling.maxReplicas` | Configure a maximum amount of pods | `11` | -| `master.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `""` | -| `master.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `""` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- | +| `master.masterOnly` | Deploy the Elasticsearch master-elegible nodes as master-only nodes. Recommended for high-demand deployments. | `true` | +| `master.replicaCount` | Number of master-elegible replicas to deploy | `2` | +| `master.extraRoles` | Append extra roles to the node role | `[]` | +| `master.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `master.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `master.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `master.nameOverride` | String to partially override elasticsearch.master.fullname | `""` | +| `master.fullnameOverride` | String to fully override elasticsearch.master.fullname | `""` | +| `master.servicenameOverride` | String to fully override elasticsearch.master.servicename | `""` | +| `master.annotations` | Annotations for the master statefulset | `{}` | +| `master.updateStrategy.type` | Master-elegible nodes statefulset stategy type | `RollingUpdate` | +| `master.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production). | `none` | +| `master.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `master.heapSize` | Elasticsearch master-eligible node heap size. | `128m` | +| `master.podSecurityContext.enabled` | Enabled master-elegible pods' Security Context | `true` | +| `master.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `master.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `master.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `master.podSecurityContext.fsGroup` | Set master-elegible pod's Security Context fsGroup | `1001` | +| `master.containerSecurityContext.enabled` | Enabled master-elegible containers' Security Context | `true` | +| `master.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `master.containerSecurityContext.runAsUser` | Set master-elegible containers' Security Context runAsUser | `1001` | +| `master.containerSecurityContext.runAsNonRoot` | Set master-elegible containers' Security Context runAsNonRoot | `true` | +| `master.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `master.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `master.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `master.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `master.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `master.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `master.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `master.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `master.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `master.hostAliases` | master-elegible pods host aliases | `[]` | +| `master.podLabels` | Extra labels for master-elegible pods | `{}` | +| `master.podAnnotations` | Annotations for master-elegible pods | `{}` | +| `master.podAffinityPreset` | Pod affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `master.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `master.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `master.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `master.nodeAffinityPreset.key` | Node label key to match. Ignored if `master.affinity` is set | `""` | +| `master.nodeAffinityPreset.values` | Node label values to match. Ignored if `master.affinity` is set | `[]` | +| `master.affinity` | Affinity for master-elegible pods assignment | `{}` | +| `master.nodeSelector` | Node labels for master-elegible pods assignment | `{}` | +| `master.tolerations` | Tolerations for master-elegible pods assignment | `[]` | +| `master.priorityClassName` | master-elegible pods' priorityClassName | `""` | +| `master.schedulerName` | Name of the k8s scheduler (other than default) for master-elegible pods | `""` | +| `master.terminationGracePeriodSeconds` | In seconds, time the given to the Elasticsearch Master pod needs to terminate gracefully | `""` | +| `master.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `master.podManagementPolicy` | podManagementPolicy to manage scaling operation of Elasticsearch master pods | `Parallel` | +| `master.startupProbe.enabled` | Enable/disable the startup probe (master nodes pod) | `false` | +| `master.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated (master nodes pod) | `90` | +| `master.startupProbe.periodSeconds` | How often to perform the probe (master nodes pod) | `10` | +| `master.startupProbe.timeoutSeconds` | When the probe times out (master nodes pod) | `5` | +| `master.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (master nodes pod) | `1` | +| `master.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `master.livenessProbe.enabled` | Enable/disable the liveness probe (master-eligible nodes pod) | `true` | +| `master.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (master-eligible nodes pod) | `180` | +| `master.livenessProbe.periodSeconds` | How often to perform the probe (master-eligible nodes pod) | `10` | +| `master.livenessProbe.timeoutSeconds` | When the probe times out (master-eligible nodes pod) | `5` | +| `master.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (master-eligible nodes pod) | `1` | +| `master.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `master.readinessProbe.enabled` | Enable/disable the readiness probe (master-eligible nodes pod) | `true` | +| `master.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated (master-eligible nodes pod) | `90` | +| `master.readinessProbe.periodSeconds` | How often to perform the probe (master-eligible nodes pod) | `10` | +| `master.readinessProbe.timeoutSeconds` | When the probe times out (master-eligible nodes pod) | `5` | +| `master.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (master-eligible nodes pod) | `1` | +| `master.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `master.customStartupProbe` | Override default startup probe | `{}` | +| `master.customLivenessProbe` | Override default liveness probe | `{}` | +| `master.customReadinessProbe` | Override default readiness probe | `{}` | +| `master.command` | Override default container command (useful when using custom images) | `[]` | +| `master.args` | Override default container args (useful when using custom images) | `[]` | +| `master.lifecycleHooks` | for the master-elegible container(s) to automate configuration before or after startup | `{}` | +| `master.extraEnvVars` | Array with extra environment variables to add to master-elegible nodes | `[]` | +| `master.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for master-elegible nodes | `""` | +| `master.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for master-elegible nodes | `""` | +| `master.extraVolumes` | Optionally specify extra list of additional volumes for the master-elegible pod(s) | `[]` | +| `master.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the master-elegible container(s) | `[]` | +| `master.sidecars` | Add additional sidecar containers to the master-elegible pod(s) | `[]` | +| `master.initContainers` | Add additional init containers to the master-elegible pod(s) | `[]` | +| `master.persistence.enabled` | Enable persistence using a `PersistentVolumeClaim` | `true` | +| `master.persistence.storageClass` | Persistent Volume Storage Class | `""` | +| `master.persistence.existingClaim` | Existing Persistent Volume Claim | `""` | +| `master.persistence.existingVolume` | Existing Persistent Volume for use as volume match label selector to the `volumeClaimTemplate`. Ignored when `master.persistence.selector` is set. | `""` | +| `master.persistence.selector` | Configure custom selector for existing Persistent Volume. Overwrites `master.persistence.existingVolume` | `{}` | +| `master.persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `master.persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | +| `master.persistence.size` | Persistent Volume Size | `8Gi` | +| `master.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `master.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `master.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | +| `master.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `master.autoscaling.enabled` | Whether enable horizontal pod autoscale | `false` | +| `master.autoscaling.minReplicas` | Configure a minimum amount of pods | `3` | +| `master.autoscaling.maxReplicas` | Configure a maximum amount of pods | `11` | +| `master.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `""` | +| `master.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `""` | ### Data-only nodes parameters -| Name | Description | Value | -| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- | -| `data.replicaCount` | Number of data-only replicas to deploy | `2` | -| `data.extraRoles` | Append extra roles to the node role | `[]` | -| `data.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `data.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `data.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `data.nameOverride` | String to partially override elasticsearch.data.fullname | `""` | -| `data.fullnameOverride` | String to fully override elasticsearch.data.fullname | `""` | -| `data.servicenameOverride` | String to fully override elasticsearch.data.servicename | `""` | -| `data.annotations` | Annotations for the data statefulset | `{}` | -| `data.updateStrategy.type` | Data-only nodes statefulset stategy type | `RollingUpdate` | -| `data.resources.limits` | The resources limits for the data containers | `{}` | -| `data.resources.requests` | The requested resources for the data containers | `{}` | -| `data.heapSize` | Elasticsearch data node heap size. | `1024m` | -| `data.podSecurityContext.enabled` | Enabled data pods' Security Context | `true` | -| `data.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `data.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `data.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `data.podSecurityContext.fsGroup` | Set data pod's Security Context fsGroup | `1001` | -| `data.containerSecurityContext.enabled` | Enabled data containers' Security Context | `true` | -| `data.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `data.containerSecurityContext.runAsUser` | Set data containers' Security Context runAsUser | `1001` | -| `data.containerSecurityContext.runAsNonRoot` | Set data containers' Security Context runAsNonRoot | `true` | -| `data.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `data.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `data.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `data.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `data.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `data.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `data.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `data.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `data.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `data.hostAliases` | data pods host aliases | `[]` | -| `data.podLabels` | Extra labels for data pods | `{}` | -| `data.podAnnotations` | Annotations for data pods | `{}` | -| `data.podAffinityPreset` | Pod affinity preset. Ignored if `data.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `data.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `data.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `data.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `data.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `data.nodeAffinityPreset.key` | Node label key to match. Ignored if `data.affinity` is set | `""` | -| `data.nodeAffinityPreset.values` | Node label values to match. Ignored if `data.affinity` is set | `[]` | -| `data.affinity` | Affinity for data pods assignment | `{}` | -| `data.nodeSelector` | Node labels for data pods assignment | `{}` | -| `data.tolerations` | Tolerations for data pods assignment | `[]` | -| `data.priorityClassName` | data pods' priorityClassName | `""` | -| `data.schedulerName` | Name of the k8s scheduler (other than default) for data pods | `""` | -| `data.terminationGracePeriodSeconds` | In seconds, time the given to the Elasticsearch data pod needs to terminate gracefully | `""` | -| `data.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `data.podManagementPolicy` | podManagementPolicy to manage scaling operation of Elasticsearch data pods | `Parallel` | -| `data.startupProbe.enabled` | Enable/disable the startup probe (data nodes pod) | `false` | -| `data.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated (data nodes pod) | `90` | -| `data.startupProbe.periodSeconds` | How often to perform the probe (data nodes pod) | `10` | -| `data.startupProbe.timeoutSeconds` | When the probe times out (data nodes pod) | `5` | -| `data.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (data nodes pod) | `1` | -| `data.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `data.livenessProbe.enabled` | Enable/disable the liveness probe (data nodes pod) | `true` | -| `data.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (data nodes pod) | `180` | -| `data.livenessProbe.periodSeconds` | How often to perform the probe (data nodes pod) | `10` | -| `data.livenessProbe.timeoutSeconds` | When the probe times out (data nodes pod) | `5` | -| `data.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (data nodes pod) | `1` | -| `data.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `data.readinessProbe.enabled` | Enable/disable the readiness probe (data nodes pod) | `true` | -| `data.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated (data nodes pod) | `90` | -| `data.readinessProbe.periodSeconds` | How often to perform the probe (data nodes pod) | `10` | -| `data.readinessProbe.timeoutSeconds` | When the probe times out (data nodes pod) | `5` | -| `data.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (data nodes pod) | `1` | -| `data.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `data.customStartupProbe` | Override default startup probe | `{}` | -| `data.customLivenessProbe` | Override default liveness probe | `{}` | -| `data.customReadinessProbe` | Override default readiness probe | `{}` | -| `data.command` | Override default container command (useful when using custom images) | `[]` | -| `data.args` | Override default container args (useful when using custom images) | `[]` | -| `data.lifecycleHooks` | for the data container(s) to automate configuration before or after startup | `{}` | -| `data.extraEnvVars` | Array with extra environment variables to add to data nodes | `[]` | -| `data.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for data nodes | `""` | -| `data.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for data nodes | `""` | -| `data.extraVolumes` | Optionally specify extra list of additional volumes for the data pod(s) | `[]` | -| `data.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the data container(s) | `[]` | -| `data.sidecars` | Add additional sidecar containers to the data pod(s) | `[]` | -| `data.initContainers` | Add additional init containers to the data pod(s) | `[]` | -| `data.persistence.enabled` | Enable persistence using a `PersistentVolumeClaim` | `true` | -| `data.persistence.storageClass` | Persistent Volume Storage Class | `""` | -| `data.persistence.existingClaim` | Existing Persistent Volume Claim | `""` | -| `data.persistence.existingVolume` | Existing Persistent Volume for use as volume match label selector to the `volumeClaimTemplate`. Ignored when `data.persistence.selector` is set. | `""` | -| `data.persistence.selector` | Configure custom selector for existing Persistent Volume. Overwrites `data.persistence.existingVolume` | `{}` | -| `data.persistence.annotations` | Persistent Volume Claim annotations | `{}` | -| `data.persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | -| `data.persistence.size` | Persistent Volume Size | `8Gi` | -| `data.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `data.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | -| `data.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `data.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `data.autoscaling.enabled` | Whether enable horizontal pod autoscale | `false` | -| `data.autoscaling.minReplicas` | Configure a minimum amount of pods | `3` | -| `data.autoscaling.maxReplicas` | Configure a maximum amount of pods | `11` | -| `data.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `""` | -| `data.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `""` | +| Name | Description | Value | +| --------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `data.replicaCount` | Number of data-only replicas to deploy | `2` | +| `data.extraRoles` | Append extra roles to the node role | `[]` | +| `data.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `data.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `data.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `data.nameOverride` | String to partially override elasticsearch.data.fullname | `""` | +| `data.fullnameOverride` | String to fully override elasticsearch.data.fullname | `""` | +| `data.servicenameOverride` | String to fully override elasticsearch.data.servicename | `""` | +| `data.annotations` | Annotations for the data statefulset | `{}` | +| `data.updateStrategy.type` | Data-only nodes statefulset stategy type | `RollingUpdate` | +| `data.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if data.resources is set (data.resources is recommended for production). | `none` | +| `data.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `data.heapSize` | Elasticsearch data node heap size. | `1024m` | +| `data.podSecurityContext.enabled` | Enabled data pods' Security Context | `true` | +| `data.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `data.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `data.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `data.podSecurityContext.fsGroup` | Set data pod's Security Context fsGroup | `1001` | +| `data.containerSecurityContext.enabled` | Enabled data containers' Security Context | `true` | +| `data.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `data.containerSecurityContext.runAsUser` | Set data containers' Security Context runAsUser | `1001` | +| `data.containerSecurityContext.runAsNonRoot` | Set data containers' Security Context runAsNonRoot | `true` | +| `data.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `data.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `data.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `data.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `data.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `data.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `data.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `data.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `data.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `data.hostAliases` | data pods host aliases | `[]` | +| `data.podLabels` | Extra labels for data pods | `{}` | +| `data.podAnnotations` | Annotations for data pods | `{}` | +| `data.podAffinityPreset` | Pod affinity preset. Ignored if `data.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `data.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `data.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `data.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `data.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `data.nodeAffinityPreset.key` | Node label key to match. Ignored if `data.affinity` is set | `""` | +| `data.nodeAffinityPreset.values` | Node label values to match. Ignored if `data.affinity` is set | `[]` | +| `data.affinity` | Affinity for data pods assignment | `{}` | +| `data.nodeSelector` | Node labels for data pods assignment | `{}` | +| `data.tolerations` | Tolerations for data pods assignment | `[]` | +| `data.priorityClassName` | data pods' priorityClassName | `""` | +| `data.schedulerName` | Name of the k8s scheduler (other than default) for data pods | `""` | +| `data.terminationGracePeriodSeconds` | In seconds, time the given to the Elasticsearch data pod needs to terminate gracefully | `""` | +| `data.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `data.podManagementPolicy` | podManagementPolicy to manage scaling operation of Elasticsearch data pods | `Parallel` | +| `data.startupProbe.enabled` | Enable/disable the startup probe (data nodes pod) | `false` | +| `data.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated (data nodes pod) | `90` | +| `data.startupProbe.periodSeconds` | How often to perform the probe (data nodes pod) | `10` | +| `data.startupProbe.timeoutSeconds` | When the probe times out (data nodes pod) | `5` | +| `data.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (data nodes pod) | `1` | +| `data.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `data.livenessProbe.enabled` | Enable/disable the liveness probe (data nodes pod) | `true` | +| `data.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (data nodes pod) | `180` | +| `data.livenessProbe.periodSeconds` | How often to perform the probe (data nodes pod) | `10` | +| `data.livenessProbe.timeoutSeconds` | When the probe times out (data nodes pod) | `5` | +| `data.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (data nodes pod) | `1` | +| `data.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `data.readinessProbe.enabled` | Enable/disable the readiness probe (data nodes pod) | `true` | +| `data.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated (data nodes pod) | `90` | +| `data.readinessProbe.periodSeconds` | How often to perform the probe (data nodes pod) | `10` | +| `data.readinessProbe.timeoutSeconds` | When the probe times out (data nodes pod) | `5` | +| `data.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (data nodes pod) | `1` | +| `data.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `data.customStartupProbe` | Override default startup probe | `{}` | +| `data.customLivenessProbe` | Override default liveness probe | `{}` | +| `data.customReadinessProbe` | Override default readiness probe | `{}` | +| `data.command` | Override default container command (useful when using custom images) | `[]` | +| `data.args` | Override default container args (useful when using custom images) | `[]` | +| `data.lifecycleHooks` | for the data container(s) to automate configuration before or after startup | `{}` | +| `data.extraEnvVars` | Array with extra environment variables to add to data nodes | `[]` | +| `data.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for data nodes | `""` | +| `data.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for data nodes | `""` | +| `data.extraVolumes` | Optionally specify extra list of additional volumes for the data pod(s) | `[]` | +| `data.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the data container(s) | `[]` | +| `data.sidecars` | Add additional sidecar containers to the data pod(s) | `[]` | +| `data.initContainers` | Add additional init containers to the data pod(s) | `[]` | +| `data.persistence.enabled` | Enable persistence using a `PersistentVolumeClaim` | `true` | +| `data.persistence.storageClass` | Persistent Volume Storage Class | `""` | +| `data.persistence.existingClaim` | Existing Persistent Volume Claim | `""` | +| `data.persistence.existingVolume` | Existing Persistent Volume for use as volume match label selector to the `volumeClaimTemplate`. Ignored when `data.persistence.selector` is set. | `""` | +| `data.persistence.selector` | Configure custom selector for existing Persistent Volume. Overwrites `data.persistence.existingVolume` | `{}` | +| `data.persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `data.persistence.accessModes` | Persistent Volume Access Modes | `["ReadWriteOnce"]` | +| `data.persistence.size` | Persistent Volume Size | `8Gi` | +| `data.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `data.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `data.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | +| `data.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `data.autoscaling.enabled` | Whether enable horizontal pod autoscale | `false` | +| `data.autoscaling.minReplicas` | Configure a minimum amount of pods | `3` | +| `data.autoscaling.maxReplicas` | Configure a maximum amount of pods | `11` | +| `data.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `""` | +| `data.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `""` | ### Coordinating-only nodes parameters -| Name | Description | Value | -| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------- | ---------------- | -| `coordinating.replicaCount` | Number of coordinating-only replicas to deploy | `2` | -| `coordinating.extraRoles` | Append extra roles to the node role | `[]` | -| `coordinating.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `coordinating.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `coordinating.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `coordinating.nameOverride` | String to partially override elasticsearch.coordinating.fullname | `""` | -| `coordinating.fullnameOverride` | String to fully override elasticsearch.coordinating.fullname | `""` | -| `coordinating.servicenameOverride` | String to fully override elasticsearch.coordinating.servicename | `""` | -| `coordinating.annotations` | Annotations for the coordinating-only statefulset | `{}` | -| `coordinating.updateStrategy.type` | Coordinating-only nodes statefulset stategy type | `RollingUpdate` | -| `coordinating.resources.limits` | The resources limits for the coordinating-only containers | `{}` | -| `coordinating.resources.requests` | The requested resources for the coordinating-only containers | `{}` | -| `coordinating.heapSize` | Elasticsearch coordinating node heap size. | `128m` | -| `coordinating.podSecurityContext.enabled` | Enabled coordinating-only pods' Security Context | `true` | -| `coordinating.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `coordinating.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `coordinating.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `coordinating.podSecurityContext.fsGroup` | Set coordinating-only pod's Security Context fsGroup | `1001` | -| `coordinating.containerSecurityContext.enabled` | Enabled coordinating-only containers' Security Context | `true` | -| `coordinating.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `coordinating.containerSecurityContext.runAsUser` | Set coordinating-only containers' Security Context runAsUser | `1001` | -| `coordinating.containerSecurityContext.runAsNonRoot` | Set coordinating-only containers' Security Context runAsNonRoot | `true` | -| `coordinating.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `coordinating.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `coordinating.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `coordinating.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `coordinating.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `coordinating.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `coordinating.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `coordinating.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `coordinating.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `coordinating.hostAliases` | coordinating-only pods host aliases | `[]` | -| `coordinating.podLabels` | Extra labels for coordinating-only pods | `{}` | -| `coordinating.podAnnotations` | Annotations for coordinating-only pods | `{}` | -| `coordinating.podAffinityPreset` | Pod affinity preset. Ignored if `coordinating.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `coordinating.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `coordinating.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `coordinating.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `coordinating.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `coordinating.nodeAffinityPreset.key` | Node label key to match. Ignored if `coordinating.affinity` is set | `""` | -| `coordinating.nodeAffinityPreset.values` | Node label values to match. Ignored if `coordinating.affinity` is set | `[]` | -| `coordinating.affinity` | Affinity for coordinating-only pods assignment | `{}` | -| `coordinating.nodeSelector` | Node labels for coordinating-only pods assignment | `{}` | -| `coordinating.tolerations` | Tolerations for coordinating-only pods assignment | `[]` | -| `coordinating.priorityClassName` | coordinating-only pods' priorityClassName | `""` | -| `coordinating.schedulerName` | Name of the k8s scheduler (other than default) for coordinating-only pods | `""` | -| `coordinating.terminationGracePeriodSeconds` | In seconds, time the given to the Elasticsearch coordinating pod needs to terminate gracefully | `""` | -| `coordinating.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `coordinating.podManagementPolicy` | podManagementPolicy to manage scaling operation of Elasticsearch coordinating pods | `Parallel` | -| `coordinating.startupProbe.enabled` | Enable/disable the startup probe (coordinating-only nodes pod) | `false` | -| `coordinating.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated (coordinating-only nodes pod) | `90` | -| `coordinating.startupProbe.periodSeconds` | How often to perform the probe (coordinating-only nodes pod) | `10` | -| `coordinating.startupProbe.timeoutSeconds` | When the probe times out (coordinating-only nodes pod) | `5` | -| `coordinating.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (coordinating-only nodes pod) | `1` | -| `coordinating.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `coordinating.livenessProbe.enabled` | Enable/disable the liveness probe (coordinating-only nodes pod) | `true` | -| `coordinating.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (coordinating-only nodes pod) | `180` | -| `coordinating.livenessProbe.periodSeconds` | How often to perform the probe (coordinating-only nodes pod) | `10` | -| `coordinating.livenessProbe.timeoutSeconds` | When the probe times out (coordinating-only nodes pod) | `5` | -| `coordinating.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (coordinating-only nodes pod) | `1` | -| `coordinating.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `coordinating.readinessProbe.enabled` | Enable/disable the readiness probe (coordinating-only nodes pod) | `true` | -| `coordinating.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated (coordinating-only nodes pod) | `90` | -| `coordinating.readinessProbe.periodSeconds` | How often to perform the probe (coordinating-only nodes pod) | `10` | -| `coordinating.readinessProbe.timeoutSeconds` | When the probe times out (coordinating-only nodes pod) | `5` | -| `coordinating.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (coordinating-only nodes pod) | `1` | -| `coordinating.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `coordinating.customStartupProbe` | Override default startup probe | `{}` | -| `coordinating.customLivenessProbe` | Override default liveness probe | `{}` | -| `coordinating.customReadinessProbe` | Override default readiness probe | `{}` | -| `coordinating.command` | Override default container command (useful when using custom images) | `[]` | -| `coordinating.args` | Override default container args (useful when using custom images) | `[]` | -| `coordinating.lifecycleHooks` | for the coordinating-only container(s) to automate configuration before or after startup | `{}` | -| `coordinating.extraEnvVars` | Array with extra environment variables to add to coordinating-only nodes | `[]` | -| `coordinating.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for coordinating-only nodes | `""` | -| `coordinating.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for coordinating-only nodes | `""` | -| `coordinating.extraVolumes` | Optionally specify extra list of additional volumes for the coordinating-only pod(s) | `[]` | -| `coordinating.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the coordinating-only container(s) | `[]` | -| `coordinating.sidecars` | Add additional sidecar containers to the coordinating-only pod(s) | `[]` | -| `coordinating.initContainers` | Add additional init containers to the coordinating-only pod(s) | `[]` | -| `coordinating.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `coordinating.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | -| `coordinating.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `coordinating.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `coordinating.autoscaling.enabled` | Whether enable horizontal pod autoscale | `false` | -| `coordinating.autoscaling.minReplicas` | Configure a minimum amount of pods | `3` | -| `coordinating.autoscaling.maxReplicas` | Configure a maximum amount of pods | `11` | -| `coordinating.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `""` | -| `coordinating.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `""` | +| Name | Description | Value | +| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------- | +| `coordinating.replicaCount` | Number of coordinating-only replicas to deploy | `2` | +| `coordinating.extraRoles` | Append extra roles to the node role | `[]` | +| `coordinating.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `coordinating.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `coordinating.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `coordinating.nameOverride` | String to partially override elasticsearch.coordinating.fullname | `""` | +| `coordinating.fullnameOverride` | String to fully override elasticsearch.coordinating.fullname | `""` | +| `coordinating.servicenameOverride` | String to fully override elasticsearch.coordinating.servicename | `""` | +| `coordinating.annotations` | Annotations for the coordinating-only statefulset | `{}` | +| `coordinating.updateStrategy.type` | Coordinating-only nodes statefulset stategy type | `RollingUpdate` | +| `coordinating.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if coordinating.resources is set (coordinating.resources is recommended for production). | `none` | +| `coordinating.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `coordinating.heapSize` | Elasticsearch coordinating node heap size. | `128m` | +| `coordinating.podSecurityContext.enabled` | Enabled coordinating-only pods' Security Context | `true` | +| `coordinating.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `coordinating.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `coordinating.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `coordinating.podSecurityContext.fsGroup` | Set coordinating-only pod's Security Context fsGroup | `1001` | +| `coordinating.containerSecurityContext.enabled` | Enabled coordinating-only containers' Security Context | `true` | +| `coordinating.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `coordinating.containerSecurityContext.runAsUser` | Set coordinating-only containers' Security Context runAsUser | `1001` | +| `coordinating.containerSecurityContext.runAsNonRoot` | Set coordinating-only containers' Security Context runAsNonRoot | `true` | +| `coordinating.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `coordinating.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `coordinating.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `coordinating.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `coordinating.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `coordinating.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `coordinating.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `coordinating.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `coordinating.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `coordinating.hostAliases` | coordinating-only pods host aliases | `[]` | +| `coordinating.podLabels` | Extra labels for coordinating-only pods | `{}` | +| `coordinating.podAnnotations` | Annotations for coordinating-only pods | `{}` | +| `coordinating.podAffinityPreset` | Pod affinity preset. Ignored if `coordinating.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `coordinating.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `coordinating.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `coordinating.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `coordinating.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `coordinating.nodeAffinityPreset.key` | Node label key to match. Ignored if `coordinating.affinity` is set | `""` | +| `coordinating.nodeAffinityPreset.values` | Node label values to match. Ignored if `coordinating.affinity` is set | `[]` | +| `coordinating.affinity` | Affinity for coordinating-only pods assignment | `{}` | +| `coordinating.nodeSelector` | Node labels for coordinating-only pods assignment | `{}` | +| `coordinating.tolerations` | Tolerations for coordinating-only pods assignment | `[]` | +| `coordinating.priorityClassName` | coordinating-only pods' priorityClassName | `""` | +| `coordinating.schedulerName` | Name of the k8s scheduler (other than default) for coordinating-only pods | `""` | +| `coordinating.terminationGracePeriodSeconds` | In seconds, time the given to the Elasticsearch coordinating pod needs to terminate gracefully | `""` | +| `coordinating.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `coordinating.podManagementPolicy` | podManagementPolicy to manage scaling operation of Elasticsearch coordinating pods | `Parallel` | +| `coordinating.startupProbe.enabled` | Enable/disable the startup probe (coordinating-only nodes pod) | `false` | +| `coordinating.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated (coordinating-only nodes pod) | `90` | +| `coordinating.startupProbe.periodSeconds` | How often to perform the probe (coordinating-only nodes pod) | `10` | +| `coordinating.startupProbe.timeoutSeconds` | When the probe times out (coordinating-only nodes pod) | `5` | +| `coordinating.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (coordinating-only nodes pod) | `1` | +| `coordinating.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `coordinating.livenessProbe.enabled` | Enable/disable the liveness probe (coordinating-only nodes pod) | `true` | +| `coordinating.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (coordinating-only nodes pod) | `180` | +| `coordinating.livenessProbe.periodSeconds` | How often to perform the probe (coordinating-only nodes pod) | `10` | +| `coordinating.livenessProbe.timeoutSeconds` | When the probe times out (coordinating-only nodes pod) | `5` | +| `coordinating.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (coordinating-only nodes pod) | `1` | +| `coordinating.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `coordinating.readinessProbe.enabled` | Enable/disable the readiness probe (coordinating-only nodes pod) | `true` | +| `coordinating.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated (coordinating-only nodes pod) | `90` | +| `coordinating.readinessProbe.periodSeconds` | How often to perform the probe (coordinating-only nodes pod) | `10` | +| `coordinating.readinessProbe.timeoutSeconds` | When the probe times out (coordinating-only nodes pod) | `5` | +| `coordinating.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (coordinating-only nodes pod) | `1` | +| `coordinating.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `coordinating.customStartupProbe` | Override default startup probe | `{}` | +| `coordinating.customLivenessProbe` | Override default liveness probe | `{}` | +| `coordinating.customReadinessProbe` | Override default readiness probe | `{}` | +| `coordinating.command` | Override default container command (useful when using custom images) | `[]` | +| `coordinating.args` | Override default container args (useful when using custom images) | `[]` | +| `coordinating.lifecycleHooks` | for the coordinating-only container(s) to automate configuration before or after startup | `{}` | +| `coordinating.extraEnvVars` | Array with extra environment variables to add to coordinating-only nodes | `[]` | +| `coordinating.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for coordinating-only nodes | `""` | +| `coordinating.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for coordinating-only nodes | `""` | +| `coordinating.extraVolumes` | Optionally specify extra list of additional volumes for the coordinating-only pod(s) | `[]` | +| `coordinating.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the coordinating-only container(s) | `[]` | +| `coordinating.sidecars` | Add additional sidecar containers to the coordinating-only pod(s) | `[]` | +| `coordinating.initContainers` | Add additional init containers to the coordinating-only pod(s) | `[]` | +| `coordinating.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `coordinating.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `coordinating.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | +| `coordinating.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `coordinating.autoscaling.enabled` | Whether enable horizontal pod autoscale | `false` | +| `coordinating.autoscaling.minReplicas` | Configure a minimum amount of pods | `3` | +| `coordinating.autoscaling.maxReplicas` | Configure a maximum amount of pods | `11` | +| `coordinating.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `""` | +| `coordinating.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `""` | ### Ingest-only nodes parameters -| Name | Description | Value | -| ----------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- | ---------------------------- | -| `ingest.enabled` | Enable ingest nodes | `true` | -| `ingest.replicaCount` | Number of ingest-only replicas to deploy | `2` | -| `ingest.extraRoles` | Append extra roles to the node role | `[]` | -| `ingest.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `ingest.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `ingest.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `ingest.nameOverride` | String to partially override elasticsearch.ingest.fullname | `""` | -| `ingest.fullnameOverride` | String to fully override elasticsearch.ingest.fullname | `""` | -| `ingest.servicenameOverride` | String to fully override ingest.master.servicename | `""` | -| `ingest.annotations` | Annotations for the ingest statefulset | `{}` | -| `ingest.containerPorts.restAPI` | Elasticsearch REST API port | `9200` | -| `ingest.containerPorts.transport` | Elasticsearch Transport port | `9300` | -| `ingest.updateStrategy.type` | Ingest-only nodes statefulset stategy type | `RollingUpdate` | -| `ingest.resources.limits` | The resources limits for the ingest-only containers | `{}` | -| `ingest.resources.requests` | The requested resources for the ingest-only containers | `{}` | -| `ingest.heapSize` | Elasticsearch ingest-only node heap size. | `128m` | -| `ingest.podSecurityContext.enabled` | Enabled ingest-only pods' Security Context | `true` | -| `ingest.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `ingest.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `ingest.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `ingest.podSecurityContext.fsGroup` | Set ingest-only pod's Security Context fsGroup | `1001` | -| `ingest.containerSecurityContext.enabled` | Enabled ingest-only containers' Security Context | `true` | -| `ingest.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `ingest.containerSecurityContext.runAsUser` | Set ingest-only containers' Security Context runAsUser | `1001` | -| `ingest.containerSecurityContext.runAsNonRoot` | Set ingest-only containers' Security Context runAsNonRoot | `true` | -| `ingest.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `ingest.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `ingest.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `ingest.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `ingest.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `ingest.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `ingest.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `ingest.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `ingest.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `ingest.hostAliases` | ingest-only pods host aliases | `[]` | -| `ingest.podLabels` | Extra labels for ingest-only pods | `{}` | -| `ingest.podAnnotations` | Annotations for ingest-only pods | `{}` | -| `ingest.podAffinityPreset` | Pod affinity preset. Ignored if `ingest.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ingest.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `ingest.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ingest.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `ingest.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ingest.nodeAffinityPreset.key` | Node label key to match. Ignored if `ingest.affinity` is set | `""` | -| `ingest.nodeAffinityPreset.values` | Node label values to match. Ignored if `ingest.affinity` is set | `[]` | -| `ingest.affinity` | Affinity for ingest-only pods assignment | `{}` | -| `ingest.nodeSelector` | Node labels for ingest-only pods assignment | `{}` | -| `ingest.tolerations` | Tolerations for ingest-only pods assignment | `[]` | -| `ingest.priorityClassName` | ingest-only pods' priorityClassName | `""` | -| `ingest.schedulerName` | Name of the k8s scheduler (other than default) for ingest-only pods | `""` | -| `ingest.terminationGracePeriodSeconds` | In seconds, time the given to the Elasticsearch ingest pod needs to terminate gracefully | `""` | -| `ingest.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `ingest.podManagementPolicy` | podManagementPolicy to manage scaling operation of Elasticsearch ingest pods | `Parallel` | -| `ingest.startupProbe.enabled` | Enable/disable the startup probe (ingest-only nodes pod) | `false` | -| `ingest.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated (ingest-only nodes pod) | `90` | -| `ingest.startupProbe.periodSeconds` | How often to perform the probe (ingest-only nodes pod) | `10` | -| `ingest.startupProbe.timeoutSeconds` | When the probe times out (ingest-only nodes pod) | `5` | -| `ingest.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (ingest-only nodes pod) | `1` | -| `ingest.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `ingest.livenessProbe.enabled` | Enable/disable the liveness probe (ingest-only nodes pod) | `true` | -| `ingest.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (ingest-only nodes pod) | `180` | -| `ingest.livenessProbe.periodSeconds` | How often to perform the probe (ingest-only nodes pod) | `10` | -| `ingest.livenessProbe.timeoutSeconds` | When the probe times out (ingest-only nodes pod) | `5` | -| `ingest.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (ingest-only nodes pod) | `1` | -| `ingest.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `ingest.readinessProbe.enabled` | Enable/disable the readiness probe (ingest-only nodes pod) | `true` | -| `ingest.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated (ingest-only nodes pod) | `90` | -| `ingest.readinessProbe.periodSeconds` | How often to perform the probe (ingest-only nodes pod) | `10` | -| `ingest.readinessProbe.timeoutSeconds` | When the probe times out (ingest-only nodes pod) | `5` | -| `ingest.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (ingest-only nodes pod) | `1` | -| `ingest.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `ingest.customStartupProbe` | Override default startup probe | `{}` | -| `ingest.customLivenessProbe` | Override default liveness probe | `{}` | -| `ingest.customReadinessProbe` | Override default readiness probe | `{}` | -| `ingest.command` | Override default container command (useful when using custom images) | `[]` | -| `ingest.args` | Override default container args (useful when using custom images) | `[]` | -| `ingest.lifecycleHooks` | for the ingest-only container(s) to automate configuration before or after startup | `{}` | -| `ingest.extraEnvVars` | Array with extra environment variables to add to ingest-only nodes | `[]` | -| `ingest.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ingest-only nodes | `""` | -| `ingest.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ingest-only nodes | `""` | -| `ingest.extraVolumes` | Optionally specify extra list of additional volumes for the ingest-only pod(s) | `[]` | -| `ingest.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ingest-only container(s) | `[]` | -| `ingest.sidecars` | Add additional sidecar containers to the ingest-only pod(s) | `[]` | -| `ingest.initContainers` | Add additional init containers to the ingest-only pod(s) | `[]` | -| `ingest.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `ingest.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | -| `ingest.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `ingest.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `ingest.autoscaling.enabled` | Whether enable horizontal pod autoscale | `false` | -| `ingest.autoscaling.minReplicas` | Configure a minimum amount of pods | `3` | -| `ingest.autoscaling.maxReplicas` | Configure a maximum amount of pods | `11` | -| `ingest.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `""` | -| `ingest.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `""` | -| `ingest.service.enabled` | Enable Ingest-only service | `false` | -| `ingest.service.type` | Elasticsearch ingest-only service type | `ClusterIP` | -| `ingest.service.ports.restAPI` | Elasticsearch service REST API port | `9200` | -| `ingest.service.ports.transport` | Elasticsearch service transport port | `9300` | -| `ingest.service.nodePorts.restAPI` | Node port for REST API | `""` | -| `ingest.service.nodePorts.transport` | Node port for REST API | `""` | -| `ingest.service.clusterIP` | Elasticsearch ingest-only service Cluster IP | `""` | -| `ingest.service.loadBalancerIP` | Elasticsearch ingest-only service Load Balancer IP | `""` | -| `ingest.service.loadBalancerSourceRanges` | Elasticsearch ingest-only service Load Balancer sources | `[]` | -| `ingest.service.externalTrafficPolicy` | Elasticsearch ingest-only service external traffic policy | `Cluster` | -| `ingest.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `ingest.service.annotations` | Additional custom annotations for Elasticsearch ingest-only service | `{}` | -| `ingest.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `ingest.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `ingest.ingress.enabled` | Enable ingress record generation for Elasticsearch | `false` | -| `ingest.ingress.pathType` | Ingress path type | `ImplementationSpecific` | -| `ingest.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingest.ingress.hostname` | Default host for the ingress record | `elasticsearch-ingest.local` | -| `ingest.ingress.path` | Default path for the ingress record | `/` | -| `ingest.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | -| `ingest.ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | -| `ingest.ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | -| `ingest.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `ingest.ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | -| `ingest.ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | -| `ingest.ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | -| `ingest.ingress.secrets` | Custom TLS certificates as secrets | `[]` | -| `ingest.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------------------- | +| `ingest.enabled` | Enable ingest nodes | `true` | +| `ingest.replicaCount` | Number of ingest-only replicas to deploy | `2` | +| `ingest.extraRoles` | Append extra roles to the node role | `[]` | +| `ingest.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `ingest.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `ingest.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `ingest.nameOverride` | String to partially override elasticsearch.ingest.fullname | `""` | +| `ingest.fullnameOverride` | String to fully override elasticsearch.ingest.fullname | `""` | +| `ingest.servicenameOverride` | String to fully override ingest.master.servicename | `""` | +| `ingest.annotations` | Annotations for the ingest statefulset | `{}` | +| `ingest.containerPorts.restAPI` | Elasticsearch REST API port | `9200` | +| `ingest.containerPorts.transport` | Elasticsearch Transport port | `9300` | +| `ingest.updateStrategy.type` | Ingest-only nodes statefulset stategy type | `RollingUpdate` | +| `ingest.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ingest.resources is set (ingest.resources is recommended for production). | `none` | +| `ingest.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `ingest.heapSize` | Elasticsearch ingest-only node heap size. | `128m` | +| `ingest.podSecurityContext.enabled` | Enabled ingest-only pods' Security Context | `true` | +| `ingest.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `ingest.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `ingest.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `ingest.podSecurityContext.fsGroup` | Set ingest-only pod's Security Context fsGroup | `1001` | +| `ingest.containerSecurityContext.enabled` | Enabled ingest-only containers' Security Context | `true` | +| `ingest.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `ingest.containerSecurityContext.runAsUser` | Set ingest-only containers' Security Context runAsUser | `1001` | +| `ingest.containerSecurityContext.runAsNonRoot` | Set ingest-only containers' Security Context runAsNonRoot | `true` | +| `ingest.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `ingest.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `ingest.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `ingest.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `ingest.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `ingest.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `ingest.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `ingest.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `ingest.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `ingest.hostAliases` | ingest-only pods host aliases | `[]` | +| `ingest.podLabels` | Extra labels for ingest-only pods | `{}` | +| `ingest.podAnnotations` | Annotations for ingest-only pods | `{}` | +| `ingest.podAffinityPreset` | Pod affinity preset. Ignored if `ingest.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `ingest.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `ingest.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `ingest.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `ingest.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `ingest.nodeAffinityPreset.key` | Node label key to match. Ignored if `ingest.affinity` is set | `""` | +| `ingest.nodeAffinityPreset.values` | Node label values to match. Ignored if `ingest.affinity` is set | `[]` | +| `ingest.affinity` | Affinity for ingest-only pods assignment | `{}` | +| `ingest.nodeSelector` | Node labels for ingest-only pods assignment | `{}` | +| `ingest.tolerations` | Tolerations for ingest-only pods assignment | `[]` | +| `ingest.priorityClassName` | ingest-only pods' priorityClassName | `""` | +| `ingest.schedulerName` | Name of the k8s scheduler (other than default) for ingest-only pods | `""` | +| `ingest.terminationGracePeriodSeconds` | In seconds, time the given to the Elasticsearch ingest pod needs to terminate gracefully | `""` | +| `ingest.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `ingest.podManagementPolicy` | podManagementPolicy to manage scaling operation of Elasticsearch ingest pods | `Parallel` | +| `ingest.startupProbe.enabled` | Enable/disable the startup probe (ingest-only nodes pod) | `false` | +| `ingest.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated (ingest-only nodes pod) | `90` | +| `ingest.startupProbe.periodSeconds` | How often to perform the probe (ingest-only nodes pod) | `10` | +| `ingest.startupProbe.timeoutSeconds` | When the probe times out (ingest-only nodes pod) | `5` | +| `ingest.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (ingest-only nodes pod) | `1` | +| `ingest.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `ingest.livenessProbe.enabled` | Enable/disable the liveness probe (ingest-only nodes pod) | `true` | +| `ingest.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (ingest-only nodes pod) | `180` | +| `ingest.livenessProbe.periodSeconds` | How often to perform the probe (ingest-only nodes pod) | `10` | +| `ingest.livenessProbe.timeoutSeconds` | When the probe times out (ingest-only nodes pod) | `5` | +| `ingest.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (ingest-only nodes pod) | `1` | +| `ingest.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `ingest.readinessProbe.enabled` | Enable/disable the readiness probe (ingest-only nodes pod) | `true` | +| `ingest.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated (ingest-only nodes pod) | `90` | +| `ingest.readinessProbe.periodSeconds` | How often to perform the probe (ingest-only nodes pod) | `10` | +| `ingest.readinessProbe.timeoutSeconds` | When the probe times out (ingest-only nodes pod) | `5` | +| `ingest.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (ingest-only nodes pod) | `1` | +| `ingest.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `ingest.customStartupProbe` | Override default startup probe | `{}` | +| `ingest.customLivenessProbe` | Override default liveness probe | `{}` | +| `ingest.customReadinessProbe` | Override default readiness probe | `{}` | +| `ingest.command` | Override default container command (useful when using custom images) | `[]` | +| `ingest.args` | Override default container args (useful when using custom images) | `[]` | +| `ingest.lifecycleHooks` | for the ingest-only container(s) to automate configuration before or after startup | `{}` | +| `ingest.extraEnvVars` | Array with extra environment variables to add to ingest-only nodes | `[]` | +| `ingest.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ingest-only nodes | `""` | +| `ingest.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ingest-only nodes | `""` | +| `ingest.extraVolumes` | Optionally specify extra list of additional volumes for the ingest-only pod(s) | `[]` | +| `ingest.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ingest-only container(s) | `[]` | +| `ingest.sidecars` | Add additional sidecar containers to the ingest-only pod(s) | `[]` | +| `ingest.initContainers` | Add additional init containers to the ingest-only pod(s) | `[]` | +| `ingest.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `ingest.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `ingest.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | +| `ingest.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `ingest.autoscaling.enabled` | Whether enable horizontal pod autoscale | `false` | +| `ingest.autoscaling.minReplicas` | Configure a minimum amount of pods | `3` | +| `ingest.autoscaling.maxReplicas` | Configure a maximum amount of pods | `11` | +| `ingest.autoscaling.targetCPU` | Define the CPU target to trigger the scaling actions (utilization percentage) | `""` | +| `ingest.autoscaling.targetMemory` | Define the memory target to trigger the scaling actions (utilization percentage) | `""` | +| `ingest.service.enabled` | Enable Ingest-only service | `false` | +| `ingest.service.type` | Elasticsearch ingest-only service type | `ClusterIP` | +| `ingest.service.ports.restAPI` | Elasticsearch service REST API port | `9200` | +| `ingest.service.ports.transport` | Elasticsearch service transport port | `9300` | +| `ingest.service.nodePorts.restAPI` | Node port for REST API | `""` | +| `ingest.service.nodePorts.transport` | Node port for REST API | `""` | +| `ingest.service.clusterIP` | Elasticsearch ingest-only service Cluster IP | `""` | +| `ingest.service.loadBalancerIP` | Elasticsearch ingest-only service Load Balancer IP | `""` | +| `ingest.service.loadBalancerSourceRanges` | Elasticsearch ingest-only service Load Balancer sources | `[]` | +| `ingest.service.externalTrafficPolicy` | Elasticsearch ingest-only service external traffic policy | `Cluster` | +| `ingest.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `ingest.service.annotations` | Additional custom annotations for Elasticsearch ingest-only service | `{}` | +| `ingest.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `ingest.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `ingest.ingress.enabled` | Enable ingress record generation for Elasticsearch | `false` | +| `ingest.ingress.pathType` | Ingress path type | `ImplementationSpecific` | +| `ingest.ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingest.ingress.hostname` | Default host for the ingress record | `elasticsearch-ingest.local` | +| `ingest.ingress.path` | Default path for the ingress record | `/` | +| `ingest.ingress.annotations` | Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations. | `{}` | +| `ingest.ingress.tls` | Enable TLS configuration for the host defined at `ingress.hostname` parameter | `false` | +| `ingest.ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingest.ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingest.ingress.extraHosts` | An array with additional hostname(s) to be covered with the ingress record | `[]` | +| `ingest.ingress.extraPaths` | An array with additional arbitrary paths that may need to be added to the ingress under the main host | `[]` | +| `ingest.ingress.extraTls` | TLS configuration for additional hostname(s) to be covered with this ingress record | `[]` | +| `ingest.ingress.secrets` | Custom TLS certificates as secrets | `[]` | +| `ingest.ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | ### Metrics parameters -| Name | Description | Value | -| ------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------ | ---------------------------------------- | -| `metrics.enabled` | Enable prometheus exporter | `false` | -| `metrics.nameOverride` | Metrics pod name | `""` | -| `metrics.fullnameOverride` | String to fully override common.names.fullname | `""` | -| `metrics.image.registry` | Metrics exporter image registry | `REGISTRY_NAME` | -| `metrics.image.repository` | Metrics exporter image repository | `REPOSITORY_NAME/elasticsearch-exporter` | -| `metrics.image.digest` | Metrics exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | Metrics exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Metrics exporter image pull secrets | `[]` | -| `metrics.annotations` | Annotations for metrics | `{}` | -| `metrics.extraArgs` | Extra arguments to add to the default exporter command | `[]` | -| `metrics.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `metrics.hostAliases` | Add deployment host aliases | `[]` | -| `metrics.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `metrics.priorityClassName` | Elasticsearch metrics exporter pods' priorityClassName | `""` | -| `metrics.containerPorts.http` | Metrics HTTP port | `9114` | -| `metrics.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `metrics.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `metrics.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `metrics.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `metrics.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `metrics.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `metrics.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `metrics.service.type` | Metrics exporter endpoint service type | `ClusterIP` | -| `metrics.service.port` | Metrics exporter endpoint service port | `9114` | -| `metrics.service.annotations` | Provide any additional annotations which may be required. | `{}` | -| `metrics.podAffinityPreset` | Metrics Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `metrics.podAntiAffinityPreset` | Metrics Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `metrics.nodeAffinityPreset.type` | Metrics Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `metrics.nodeAffinityPreset.key` | Metrics Node label key to match Ignored if `affinity` is set. | `""` | -| `metrics.nodeAffinityPreset.values` | Metrics Node label values to match. Ignored if `affinity` is set. | `[]` | -| `metrics.affinity` | Metrics Affinity for pod assignment | `{}` | -| `metrics.nodeSelector` | Metrics Node labels for pod assignment | `{}` | -| `metrics.tolerations` | Metrics Tolerations for pod assignment | `[]` | -| `metrics.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `metrics.resources.limits` | The resources limits for the container | `{}` | -| `metrics.resources.requests` | The requested resources for the container | `{}` | -| `metrics.livenessProbe.enabled` | Enable/disable the liveness probe (metrics pod) | `true` | -| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (metrics pod) | `60` | -| `metrics.livenessProbe.periodSeconds` | How often to perform the probe (metrics pod) | `10` | -| `metrics.livenessProbe.timeoutSeconds` | When the probe times out (metrics pod) | `5` | -| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (metrics pod) | `1` | -| `metrics.readinessProbe.enabled` | Enable/disable the readiness probe (metrics pod) | `true` | -| `metrics.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated (metrics pod) | `5` | -| `metrics.readinessProbe.periodSeconds` | How often to perform the probe (metrics pod) | `10` | -| `metrics.readinessProbe.timeoutSeconds` | When the probe times out (metrics pod) | `1` | -| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (metrics pod) | `1` | -| `metrics.startupProbe.enabled` | Enable/disable the startup probe (metrics pod) | `false` | -| `metrics.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated (metrics pod) | `5` | -| `metrics.startupProbe.periodSeconds` | How often to perform the probe (metrics pod) | `10` | -| `metrics.startupProbe.timeoutSeconds` | When the probe times out (metrics pod) | `1` | -| `metrics.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | -| `metrics.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (metrics pod) | `1` | -| `metrics.customStartupProbe` | Custom liveness probe for the Web component | `{}` | -| `metrics.customLivenessProbe` | Custom liveness probe for the Web component | `{}` | -| `metrics.customReadinessProbe` | Custom readiness probe for the Web component | `{}` | -| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` | -| `metrics.podLabels` | Extra labels to add to Pod | `{}` | -| `metrics.podSecurityContext.enabled` | Enabled Elasticsearch metrics exporter pods' Security Context | `true` | -| `metrics.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `metrics.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `metrics.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `metrics.podSecurityContext.fsGroup` | Set Elasticsearch metrics exporter pod's Security Context fsGroup | `1001` | -| `metrics.containerSecurityContext.enabled` | Enabled Elasticsearch metrics exporter containers' Security Context | `true` | -| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `metrics.containerSecurityContext.runAsUser` | Set Elasticsearch metrics exporter containers' Security Context runAsUser | `1001` | -| `metrics.containerSecurityContext.runAsNonRoot` | Set Elasticsearch metrics exporter container's Security Context runAsNonRoot | `true` | -| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `metrics.command` | Override default container command (useful when using custom images) | `[]` | -| `metrics.args` | Override default container args (useful when using custom images) | `[]` | -| `metrics.extraEnvVars` | Array with extra environment variables to add to Elasticsearch metrics exporter nodes | `[]` | -| `metrics.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Elasticsearch metrics exporter nodes | `""` | -| `metrics.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Elasticsearch metrics exporter nodes | `""` | -| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Elasticsearch metrics exporter pod(s) | `[]` | -| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Elasticsearch metrics exporter container(s) | `[]` | -| `metrics.sidecars` | Add additional sidecar containers to the Elasticsearch metrics exporter pod(s) | `[]` | -| `metrics.initContainers` | Add additional init containers to the Elasticsearch metrics exporter pod(s) | `[]` | -| `metrics.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `metrics.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | -| `metrics.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `metrics.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | -| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | -| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` | -| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | -| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | -| `metrics.prometheusRule.enabled` | Creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` | -| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | -| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` | +| Name | Description | Value | +| ------------------------------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------- | +| `metrics.enabled` | Enable prometheus exporter | `false` | +| `metrics.nameOverride` | Metrics pod name | `""` | +| `metrics.fullnameOverride` | String to fully override common.names.fullname | `""` | +| `metrics.image.registry` | Metrics exporter image registry | `REGISTRY_NAME` | +| `metrics.image.repository` | Metrics exporter image repository | `REPOSITORY_NAME/elasticsearch-exporter` | +| `metrics.image.digest` | Metrics exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | Metrics exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Metrics exporter image pull secrets | `[]` | +| `metrics.annotations` | Annotations for metrics | `{}` | +| `metrics.extraArgs` | Extra arguments to add to the default exporter command | `[]` | +| `metrics.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `metrics.hostAliases` | Add deployment host aliases | `[]` | +| `metrics.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `metrics.priorityClassName` | Elasticsearch metrics exporter pods' priorityClassName | `""` | +| `metrics.containerPorts.http` | Metrics HTTP port | `9114` | +| `metrics.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `metrics.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `metrics.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `metrics.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `metrics.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `metrics.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `metrics.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `metrics.service.type` | Metrics exporter endpoint service type | `ClusterIP` | +| `metrics.service.port` | Metrics exporter endpoint service port | `9114` | +| `metrics.service.annotations` | Provide any additional annotations which may be required. | `{}` | +| `metrics.podAffinityPreset` | Metrics Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `metrics.podAntiAffinityPreset` | Metrics Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `metrics.nodeAffinityPreset.type` | Metrics Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `metrics.nodeAffinityPreset.key` | Metrics Node label key to match Ignored if `affinity` is set. | `""` | +| `metrics.nodeAffinityPreset.values` | Metrics Node label values to match. Ignored if `affinity` is set. | `[]` | +| `metrics.affinity` | Metrics Affinity for pod assignment | `{}` | +| `metrics.nodeSelector` | Metrics Node labels for pod assignment | `{}` | +| `metrics.tolerations` | Metrics Tolerations for pod assignment | `[]` | +| `metrics.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` | +| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `metrics.livenessProbe.enabled` | Enable/disable the liveness probe (metrics pod) | `true` | +| `metrics.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated (metrics pod) | `60` | +| `metrics.livenessProbe.periodSeconds` | How often to perform the probe (metrics pod) | `10` | +| `metrics.livenessProbe.timeoutSeconds` | When the probe times out (metrics pod) | `5` | +| `metrics.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `metrics.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (metrics pod) | `1` | +| `metrics.readinessProbe.enabled` | Enable/disable the readiness probe (metrics pod) | `true` | +| `metrics.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated (metrics pod) | `5` | +| `metrics.readinessProbe.periodSeconds` | How often to perform the probe (metrics pod) | `10` | +| `metrics.readinessProbe.timeoutSeconds` | When the probe times out (metrics pod) | `1` | +| `metrics.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `metrics.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (metrics pod) | `1` | +| `metrics.startupProbe.enabled` | Enable/disable the startup probe (metrics pod) | `false` | +| `metrics.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated (metrics pod) | `5` | +| `metrics.startupProbe.periodSeconds` | How often to perform the probe (metrics pod) | `10` | +| `metrics.startupProbe.timeoutSeconds` | When the probe times out (metrics pod) | `1` | +| `metrics.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` | +| `metrics.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed (metrics pod) | `1` | +| `metrics.customStartupProbe` | Custom liveness probe for the Web component | `{}` | +| `metrics.customLivenessProbe` | Custom liveness probe for the Web component | `{}` | +| `metrics.customReadinessProbe` | Custom readiness probe for the Web component | `{}` | +| `metrics.podAnnotations` | Metrics exporter pod Annotation and Labels | `{}` | +| `metrics.podLabels` | Extra labels to add to Pod | `{}` | +| `metrics.podSecurityContext.enabled` | Enabled Elasticsearch metrics exporter pods' Security Context | `true` | +| `metrics.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `metrics.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `metrics.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `metrics.podSecurityContext.fsGroup` | Set Elasticsearch metrics exporter pod's Security Context fsGroup | `1001` | +| `metrics.containerSecurityContext.enabled` | Enabled Elasticsearch metrics exporter containers' Security Context | `true` | +| `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `metrics.containerSecurityContext.runAsUser` | Set Elasticsearch metrics exporter containers' Security Context runAsUser | `1001` | +| `metrics.containerSecurityContext.runAsNonRoot` | Set Elasticsearch metrics exporter container's Security Context runAsNonRoot | `true` | +| `metrics.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `metrics.command` | Override default container command (useful when using custom images) | `[]` | +| `metrics.args` | Override default container args (useful when using custom images) | `[]` | +| `metrics.extraEnvVars` | Array with extra environment variables to add to Elasticsearch metrics exporter nodes | `[]` | +| `metrics.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Elasticsearch metrics exporter nodes | `""` | +| `metrics.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Elasticsearch metrics exporter nodes | `""` | +| `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Elasticsearch metrics exporter pod(s) | `[]` | +| `metrics.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Elasticsearch metrics exporter container(s) | `[]` | +| `metrics.sidecars` | Add additional sidecar containers to the Elasticsearch metrics exporter pod(s) | `[]` | +| `metrics.initContainers` | Add additional init containers to the Elasticsearch metrics exporter pod(s) | `[]` | +| `metrics.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `metrics.serviceAccount.name` | Name of the service account to use. If not set and create is true, a name is generated using the fullname template. | `""` | +| `metrics.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | +| `metrics.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `metrics.serviceMonitor.enabled` | Create ServiceMonitor Resource for scraping metrics using PrometheusOperator | `false` | +| `metrics.serviceMonitor.namespace` | Namespace which Prometheus is running in | `""` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in prometheus. | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.serviceMonitor.selector` | ServiceMonitor selector labels | `{}` | +| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `metrics.serviceMonitor.honorLabels` | honorLabels chooses the metric's labels on collisions with target labels | `false` | +| `metrics.prometheusRule.enabled` | Creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` | +| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | +| `metrics.prometheusRule.additionalLabels` | Additional labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` | ### Init Container Parameters -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | -| `sysctlImage.enabled` | Enable kernel settings modifier image | `true` | -| `sysctlImage.registry` | Kernel settings modifier image registry | `REGISTRY_NAME` | -| `sysctlImage.repository` | Kernel settings modifier image repository | `REPOSITORY_NAME/os-shell` | -| `sysctlImage.digest` | Kernel settings modifier image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `sysctlImage.pullPolicy` | Kernel settings modifier image pull policy | `IfNotPresent` | -| `sysctlImage.pullSecrets` | Kernel settings modifier image pull secrets | `[]` | -| `sysctlImage.resources.limits` | The resources limits for the container | `{}` | -| `sysctlImage.resources.requests` | The requested resources for the container | `{}` | +| Name | Description | Value | +| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `sysctlImage.enabled` | Enable kernel settings modifier image | `true` | +| `sysctlImage.registry` | Kernel settings modifier image registry | `REGISTRY_NAME` | +| `sysctlImage.repository` | Kernel settings modifier image repository | `REPOSITORY_NAME/os-shell` | +| `sysctlImage.digest` | Kernel settings modifier image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `sysctlImage.pullPolicy` | Kernel settings modifier image pull policy | `IfNotPresent` | +| `sysctlImage.pullSecrets` | Kernel settings modifier image pull secrets | `[]` | +| `sysctlImage.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sysctlImage.resources is set (sysctlImage.resources is recommended for production). | `none` | +| `sysctlImage.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | ### Kibana Parameters @@ -736,6 +736,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/elast ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/elasticsearch/templates/NOTES.txt b/bitnami/elasticsearch/templates/NOTES.txt index 5eaa5a2a58c8d9..873e14a62d242b 100644 --- a/bitnami/elasticsearch/templates/NOTES.txt +++ b/bitnami/elasticsearch/templates/NOTES.txt @@ -137,3 +137,4 @@ In order to replicate the container startup scripts execute this command: {{- end }} {{ include "elasticsearch.validateValues" . }} +{{- include "common.warnings.resources" (dict "sections" (list "coordinating" "data" "ingest" "master" "metrics" "sysctlImage" "volumePermissions") "context" $) }} diff --git a/bitnami/elasticsearch/templates/coordinating/statefulset.yaml b/bitnami/elasticsearch/templates/coordinating/statefulset.yaml index 626cbc23783ad0..8ec3216f782f1a 100644 --- a/bitnami/elasticsearch/templates/coordinating/statefulset.yaml +++ b/bitnami/elasticsearch/templates/coordinating/statefulset.yaml @@ -101,6 +101,8 @@ spec: runAsUser: 0 {{- if .Values.sysctlImage.resources }} resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }} + {{- else if ne .Values.sysctlImage.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.sysctlImage.resourcesPreset) | nindent 12 }} {{- end }} {{- end }} {{- if .Values.coordinating.initContainers }} @@ -226,6 +228,8 @@ spec: {{- end }} {{- if .Values.coordinating.resources }} resources: {{- toYaml .Values.coordinating.resources | nindent 12 }} + {{- else if ne .Values.coordinating.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.coordinating.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data diff --git a/bitnami/elasticsearch/templates/data/statefulset.yaml b/bitnami/elasticsearch/templates/data/statefulset.yaml index 8e719a29573569..a5ece5ea684e1e 100644 --- a/bitnami/elasticsearch/templates/data/statefulset.yaml +++ b/bitnami/elasticsearch/templates/data/statefulset.yaml @@ -101,6 +101,8 @@ spec: runAsUser: 0 {{- if .Values.sysctlImage.resources }} resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }} + {{- else if ne .Values.sysctlImage.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.sysctlImage.resourcesPreset) | nindent 12 }} {{- end }} {{- end }} {{- if and .Values.volumePermissions.enabled .Values.data.persistence.enabled }} @@ -118,6 +120,8 @@ spec: runAsUser: 0 {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data @@ -251,6 +255,8 @@ spec: {{- end }} {{- if .Values.data.resources }} resources: {{- toYaml .Values.data.resources | nindent 12 }} + {{- else if ne .Values.data.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.data.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data diff --git a/bitnami/elasticsearch/templates/ingest/statefulset.yaml b/bitnami/elasticsearch/templates/ingest/statefulset.yaml index 606ff295b91d1e..e8dab618514799 100644 --- a/bitnami/elasticsearch/templates/ingest/statefulset.yaml +++ b/bitnami/elasticsearch/templates/ingest/statefulset.yaml @@ -101,6 +101,8 @@ spec: runAsUser: 0 {{- if .Values.sysctlImage.resources }} resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }} + {{- else if ne .Values.sysctlImage.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.sysctlImage.resourcesPreset) | nindent 12 }} {{- end }} {{- end }} {{- if .Values.ingest.initContainers }} @@ -227,6 +229,8 @@ spec: {{- end }} {{- if .Values.ingest.resources }} resources: {{- toYaml .Values.ingest.resources | nindent 12 }} + {{- else if ne .Values.ingest.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.ingest.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data diff --git a/bitnami/elasticsearch/templates/master/statefulset.yaml b/bitnami/elasticsearch/templates/master/statefulset.yaml index 70adc8869321db..e434c6defd3241 100644 --- a/bitnami/elasticsearch/templates/master/statefulset.yaml +++ b/bitnami/elasticsearch/templates/master/statefulset.yaml @@ -101,6 +101,8 @@ spec: runAsUser: 0 {{- if .Values.sysctlImage.resources }} resources: {{- toYaml .Values.sysctlImage.resources | nindent 12 }} + {{- else if ne .Values.sysctlImage.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.sysctlImage.resourcesPreset) | nindent 12 }} {{- end }} {{- end }} {{- if and .Values.volumePermissions.enabled .Values.master.persistence.enabled }} @@ -118,6 +120,8 @@ spec: runAsUser: 0 {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data @@ -253,6 +257,8 @@ spec: {{- end }} {{- if .Values.master.resources }} resources: {{- toYaml .Values.master.resources | nindent 12 }} + {{- else if ne .Values.master.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.master.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data diff --git a/bitnami/elasticsearch/templates/metrics/deployment.yaml b/bitnami/elasticsearch/templates/metrics/deployment.yaml index c008b5baa57110..2f14df9ee915e9 100644 --- a/bitnami/elasticsearch/templates/metrics/deployment.yaml +++ b/bitnami/elasticsearch/templates/metrics/deployment.yaml @@ -169,6 +169,8 @@ spec: {{- end }} {{- if .Values.metrics.resources }} resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- else if ne .Values.metrics.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} {{- end }} {{- if .Values.metrics.extraVolumeMounts }} volumeMounts: {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraVolumeMounts "context" $) | nindent 12 }} diff --git a/bitnami/elasticsearch/values.yaml b/bitnami/elasticsearch/values.yaml index f17e0a9c5420be..9ca96b4bb3dbbe 100644 --- a/bitnami/elasticsearch/values.yaml +++ b/bitnami/elasticsearch/values.yaml @@ -27,7 +27,6 @@ global: ports: restAPI: 9200 kibanaEnabled: false - ## @section Common parameters ## @param kubeVersion Override Kubernetes version @@ -54,7 +53,6 @@ extraDeploy: [] ## @param namespaceOverride String to fully override common.names.namespace ## namespaceOverride: "" - ## Enable diagnostic mode in the deployment ## diagnosticMode: @@ -69,7 +67,6 @@ diagnosticMode: ## args: - infinity - ## @section Elasticsearch cluster Parameters ## @param clusterName Elasticsearch cluster name @@ -176,7 +173,6 @@ initContainers: [] ## @param useIstioLabels Use this variable to add Istio labels to all pods ## useIstioLabels: true - ## Bitnami Elasticsearch image ## @param image.registry [default: REGISTRY_NAME] Elasticsearch image registry ## @param image.repository [default: REPOSITORY_NAME/elasticsearch] Elasticsearch image repository @@ -207,7 +203,6 @@ image: ## Enable debug mode ## debug: false - ## X-Pack security parameters ## Note: TLS configuration is required in order to configure password authentication ## @@ -290,7 +285,6 @@ security: ## @param security.tls.secretKey Name of the secret key containing the PEM key password ## secretKey: "" - ## @section Traffic Exposure Parameters ## @@ -351,7 +345,6 @@ service: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} - ## Elasticsearch ingress parameters ## ref: http://kubernetes.io/docs/concepts/services-networking/ingress/ ## @@ -456,9 +449,7 @@ ingress: ## name: http ## extraRules: [] - ## @section Master-elegible nodes parameters - master: ## @param master.masterOnly Deploy the Elasticsearch master-elegible nodes as master-only nodes. Recommended for high-demand deployments. ## If you are @@ -466,11 +457,9 @@ master: ## @param master.replicaCount Number of master-elegible replicas to deploy ## replicaCount: 2 - ## @param master.extraRoles Append extra roles to the node role ## extraRoles: [] - ## Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param master.pdb.create Enable/disable a Pod Disruption Budget creation @@ -481,7 +470,6 @@ master: create: false minAvailable: 1 maxUnavailable: "" - ## @param master.nameOverride String to partially override elasticsearch.master.fullname ## nameOverride: "" @@ -505,20 +493,21 @@ master: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param master.resources.limits The resources limits for elasticsearch containers - ## @param master.resources.requests The requested resources for elasticsearch containers - ## - resources: - ## Example: - ## limits: - ## cpu: 500m - ## memory: 1Gi - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - requests: {} + ## @param master.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if master.resources is set (master.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param master.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param master.heapSize Elasticsearch master-eligible node heap size. ## Note: The recommended heapSize is half of the container's memory. ## If omitted, it will be automatically set. @@ -849,18 +838,14 @@ master: maxReplicas: 11 targetCPU: "" targetMemory: "" - ## @section Data-only nodes parameters - data: ## @param data.replicaCount Number of data-only replicas to deploy ## replicaCount: 2 - ## @param data.extraRoles Append extra roles to the node role ## extraRoles: [] - ## Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param data.pdb.create Enable/disable a Pod Disruption Budget creation @@ -871,7 +856,6 @@ data: create: false minAvailable: 1 maxUnavailable: "" - ## @param data.nameOverride String to partially override elasticsearch.data.fullname ## nameOverride: "" @@ -891,14 +875,21 @@ data: type: RollingUpdate ## Elasticsearch resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param data.resources.limits The resources limits for the data containers - ## @param data.resources.requests [object] The requested resources for the data containers - ## - resources: - limits: {} - requests: - cpu: 25m - memory: 2048Mi + ## @param data.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if data.resources is set (data.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param data.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param data.heapSize Elasticsearch data node heap size. ## Note: The recommended heapSize is half of the container's memory. ## If omitted, it will be automatically set. @@ -1229,19 +1220,15 @@ data: maxReplicas: 11 targetCPU: "" targetMemory: "" - ## @section Coordinating-only nodes parameters - coordinating: ## @param coordinating.replicaCount Number of coordinating-only replicas to deploy ## replicaCount: 2 - ## @param coordinating.extraRoles Append extra roles to the node role ## NOTE: In Elasticsearch, all nodes act as coordinators, coordinating-only nodes do not have any other role by default. ## extraRoles: [] - ## Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param coordinating.pdb.create Enable/disable a Pod Disruption Budget creation @@ -1252,7 +1239,6 @@ coordinating: create: false minAvailable: 1 maxUnavailable: "" - ## @param coordinating.nameOverride String to partially override elasticsearch.coordinating.fullname ## nameOverride: "" @@ -1272,14 +1258,21 @@ coordinating: type: RollingUpdate ## Elasticsearch resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param coordinating.resources.limits The resources limits for the coordinating-only containers - ## @param coordinating.resources.requests [object] The requested resources for the coordinating-only containers - ## - resources: - limits: {} - requests: - cpu: 25m - memory: 256Mi + ## @param coordinating.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if coordinating.resources is set (coordinating.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param coordinating.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param coordinating.heapSize Elasticsearch coordinating node heap size. ## Note: The recommended heapSize is half of the container's memory. ## If omitted, it will be automatically set. @@ -1571,9 +1564,7 @@ coordinating: maxReplicas: 11 targetCPU: "" targetMemory: "" - ## @section Ingest-only nodes parameters - ingest: ## @param ingest.enabled Enable ingest nodes ## @@ -1581,11 +1572,9 @@ ingest: ## @param ingest.replicaCount Number of ingest-only replicas to deploy ## replicaCount: 2 - ## @param ingest.extraRoles Append extra roles to the node role ## extraRoles: [] - ## Pod Disruption Budget configuration ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param ingest.pdb.create Enable/disable a Pod Disruption Budget creation @@ -1596,7 +1585,6 @@ ingest: create: false minAvailable: 1 maxUnavailable: "" - ## @param ingest.nameOverride String to partially override elasticsearch.ingest.fullname ## nameOverride: "" @@ -1622,14 +1610,21 @@ ingest: type: RollingUpdate ## Elasticsearch resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param ingest.resources.limits The resources limits for the ingest-only containers - ## @param ingest.resources.requests [object] The requested resources for the ingest-only containers - ## - resources: - limits: {} - requests: - cpu: 25m - memory: 256Mi + ## @param ingest.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ingest.resources is set (ingest.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param ingest.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param ingest.heapSize Elasticsearch ingest-only node heap size. ## Note: The recommended heapSize is half of the container's memory. ## If omitted, it will be automatically set. @@ -1921,7 +1916,6 @@ ingest: maxReplicas: 11 targetCPU: "" targetMemory: "" - ## Elasticsearch Ingest-only Service ## Recommended for heavy ingestion, improves performance by sending ingest traffic directly into the ingest nodes. ## NOTE: Ingest nodes will only accept index requests with an associated pipeline, any other request won't be rerouted. @@ -2088,8 +2082,6 @@ ingest: ## name: http ## extraRules: [] - - ## @section Metrics parameters ## Elasticsearch Prometheus exporter configuration @@ -2279,20 +2271,21 @@ metrics: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resources.limits The resources limits for the container - ## @param metrics.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} + ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Elasticsearch metrics container's liveness probe ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param metrics.livenessProbe.enabled Enable/disable the liveness probe (metrics pod) @@ -2502,18 +2495,17 @@ metrics: ## additionalLabels: {} ## @param metrics.prometheusRule.rules Prometheus Rule definitions - # - alert: es cluster error - # annotations: - # summary: "es cluster error" - # description: "es cluster error, cluster state {{`{{`}} $labels.color {{`}}`}}" - # expr: elasticsearch_cluster_health_status{color="red"} ==1 or elasticsearch_cluster_health_status{color="yellow"} ==1 - # for: 1m - # labels: - # severity: critical - # group: PaaS + # - alert: es cluster error + # annotations: + # summary: "es cluster error" + # description: "es cluster error, cluster state {{`{{`}} $labels.color {{`}}`}}" + # expr: elasticsearch_cluster_health_status{color="red"} ==1 or elasticsearch_cluster_health_status{color="yellow"} ==1 + # for: 1m + # labels: + # severity: critical + # group: PaaS ## rules: [] - ## @section Init Container Parameters ## 'volumePermissions' init container parameters @@ -2551,21 +2543,21 @@ volumePermissions: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Kernel settings modifier image ## sysctlImage: @@ -2602,21 +2594,21 @@ sysctlImage: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param sysctlImage.resources.limits The resources limits for the container - ## @param sysctlImage.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} - + ## @param sysctlImage.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sysctlImage.resources is set (sysctlImage.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param sysctlImage.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @section Kibana Parameters ## Bundled Kibana parameters From af1380f4dae1ea196a1ec1811ec64cde92c3aab1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 13:30:58 +0100 Subject: [PATCH 009/129] [bitnami/dokuwiki] feat: :sparkles: :lock: Add resource preset support (#23442) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [bitnami/dokuwiki] feat: :sparkles: :lock: Add resource preset support Signed-off-by: Javier Salmeron Garcia * fix: :rotating_light: Remove unnecessary "else" Signed-off-by: Javier Salmeron Garcia * Update bitnami/dokuwiki/Chart.yaml Co-authored-by: Celia Garcia <61272496+CeliaGMqrz@users.noreply.github.com> Signed-off-by: Javier J. Salmerón-García --------- Signed-off-by: Javier Salmeron Garcia Signed-off-by: Javier J. Salmerón-García Co-authored-by: Celia Garcia <61272496+CeliaGMqrz@users.noreply.github.com> --- bitnami/dokuwiki/Chart.lock | 6 +- bitnami/dokuwiki/Chart.yaml | 2 +- bitnami/dokuwiki/README.md | 229 +++++++++++---------- bitnami/dokuwiki/templates/NOTES.txt | 1 + bitnami/dokuwiki/templates/deployment.yaml | 10 + bitnami/dokuwiki/values.yaml | 80 +++---- 6 files changed, 176 insertions(+), 152 deletions(-) diff --git a/bitnami/dokuwiki/Chart.lock b/bitnami/dokuwiki/Chart.lock index 82648f12ae38ea..35827d5e9f7cef 100644 --- a/bitnami/dokuwiki/Chart.lock +++ b/bitnami/dokuwiki/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3 -generated: "2023-12-31T18:03:49.125232494Z" + version: 2.15.3 +digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 +generated: "2024-02-14T14:46:08.208549898+01:00" diff --git a/bitnami/dokuwiki/Chart.yaml b/bitnami/dokuwiki/Chart.yaml index bab6e361fd0c90..448f1803b68c13 100644 --- a/bitnami/dokuwiki/Chart.yaml +++ b/bitnami/dokuwiki/Chart.yaml @@ -35,4 +35,4 @@ maintainers: name: dokuwiki sources: - https://github.com/bitnami/charts/tree/main/bitnami/dokuwiki -version: 14.6.0 +version: 14.7.0 diff --git a/bitnami/dokuwiki/README.md b/bitnami/dokuwiki/README.md index adf8cc7e34278d..64d4fb13620671 100644 --- a/bitnami/dokuwiki/README.md +++ b/bitnami/dokuwiki/README.md @@ -77,97 +77,97 @@ The command removes all the Kubernetes components associated with the chart and ### Dokuwiki parameters -| Name | Description | Value | -| --------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `image.registry` | DokuWiki image registry | `REGISTRY_NAME` | -| `image.repository` | DokuWiki image repository | `REPOSITORY_NAME/dokuwiki` | -| `image.digest` | DokuWiki image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Image pull policy | `[]` | -| `image.debug` | Enable image debugging | `false` | -| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `dokuwikiUsername` | User of the application | `user` | -| `dokuwikiPassword` | Application password | `""` | -| `existingSecret` | Use an existing secret with the dokuwiki password | `""` | -| `dokuwikiEmail` | Admin email | `user@example.com` | -| `dokuwikiFullName` | User's Full Name | `User Name` | -| `dokuwikiWikiName` | Wiki name | `My Wiki` | -| `customPostInitScripts` | Custom post-init.d user scripts | `{}` | -| `updateStrategy` | Strategy to use to update Pods | `{}` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | PVC Storage Class for DokuWiki volume | `""` | -| `persistence.accessModes` | PVC Access Mode for DokuWiki volume | `[]` | -| `persistence.size` | PVC Storage Request for DokuWiki volume | `8Gi` | -| `persistence.existingClaim` | Name of an existing PVC to be used | `""` | -| `persistence.annotations` | Annotations to add to the PVC | `{}` | -| `podSecurityContext.enabled` | Enable securityContext on for DokuWiki deployment | `true` | -| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `podSecurityContext.fsGroup` | Group to configure permissions for volumes | `1001` | -| `containerSecurityContext.enabled` | Enabled Dokuwiki containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `containerSecurityContext.runAsUser` | Set Dokuwiki containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` | -| `containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | -| `containerSecurityContext.readOnlyRootFilesystem` | Set primary container's Security Context readOnlyRootFilesystem | `false` | -| `containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` | -| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `resources.requests` | The requested resources for the container | `{}` | -| `resources.limits` | The requested limits for the container | `{}` | -| `livenessProbe.enabled` | Enable/disable the liveness probe | `true` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | -| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | -| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `livenessProbe.failureThreshold` | Minimum consecutive failures to be considered failed | `6` | -| `livenessProbe.successThreshold` | Minimum consecutive successes to be considered successful | `1` | -| `readinessProbe.enabled` | Enable/disable the readiness probe | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before readinessProbe is initiated | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `readinessProbe.failureThreshold` | Minimum consecutive failures to be considered failed | `6` | -| `readinessProbe.successThreshold` | Minimum consecutive successes to be considered successful | `1` | -| `startupProbe.enabled` | Enable/disable the startup probe | `false` | -| `startupProbe.initialDelaySeconds` | Delay before startup probe is initiated | `120` | -| `startupProbe.periodSeconds` | How often to perform the probe | `10` | -| `startupProbe.timeoutSeconds` | When the probe times out | `5` | -| `startupProbe.failureThreshold` | Minimum consecutive failures to be considered failed | `6` | -| `startupProbe.successThreshold` | Minimum consecutive successes to be considered successful | `1` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `extraEnvVars` | An array to add extra env vars | `[]` | -| `extraEnvVarsCM` | ConfigMap containing extra env vars | `""` | -| `extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` | -| `podAnnotations` | Pod annotations | `{}` | -| `customLivenessProbe` | Override default liveness probe | `{}` | -| `customReadinessProbe` | Override default readiness probe | `{}` | -| `customStartupProbe` | Override default startup probe | `{}` | -| `extraVolumes` | Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` | -| `extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. | `[]` | -| `lifecycleHooks` | LifecycleHook to set additional configuration at startup. Evaluated as a template | `{}` | -| `podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` | -| `initContainers` | Attach additional init containers to the pod (evaluated as a template) | `[]` | -| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` | -| `priorityClassName` | Priority class assigned to the Pods | `""` | -| `schedulerName` | Alternative scheduler | `""` | -| `terminationGracePeriodSeconds` | In seconds, time the given to the pod to terminate gracefully | `""` | -| `containerPorts.http` | Container HTTP port | `8080` | -| `containerPorts.https` | Container HTTPS port | `8443` | -| `serviceAccount.create` | Enable creation of ServiceAccount for WordPress pod | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | -| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| Name | Description | Value | +| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `image.registry` | DokuWiki image registry | `REGISTRY_NAME` | +| `image.repository` | DokuWiki image repository | `REPOSITORY_NAME/dokuwiki` | +| `image.digest` | DokuWiki image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Image pull policy | `[]` | +| `image.debug` | Enable image debugging | `false` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `dokuwikiUsername` | User of the application | `user` | +| `dokuwikiPassword` | Application password | `""` | +| `existingSecret` | Use an existing secret with the dokuwiki password | `""` | +| `dokuwikiEmail` | Admin email | `user@example.com` | +| `dokuwikiFullName` | User's Full Name | `User Name` | +| `dokuwikiWikiName` | Wiki name | `My Wiki` | +| `customPostInitScripts` | Custom post-init.d user scripts | `{}` | +| `updateStrategy` | Strategy to use to update Pods | `{}` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.storageClass` | PVC Storage Class for DokuWiki volume | `""` | +| `persistence.accessModes` | PVC Access Mode for DokuWiki volume | `[]` | +| `persistence.size` | PVC Storage Request for DokuWiki volume | `8Gi` | +| `persistence.existingClaim` | Name of an existing PVC to be used | `""` | +| `persistence.annotations` | Annotations to add to the PVC | `{}` | +| `podSecurityContext.enabled` | Enable securityContext on for DokuWiki deployment | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Group to configure permissions for volumes | `1001` | +| `containerSecurityContext.enabled` | Enabled Dokuwiki containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `containerSecurityContext.runAsUser` | Set Dokuwiki containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set primary container's Security Context readOnlyRootFilesystem | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `livenessProbe.enabled` | Enable/disable the liveness probe | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | +| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | +| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | +| `livenessProbe.failureThreshold` | Minimum consecutive failures to be considered failed | `6` | +| `livenessProbe.successThreshold` | Minimum consecutive successes to be considered successful | `1` | +| `readinessProbe.enabled` | Enable/disable the readiness probe | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readinessProbe is initiated | `30` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | When the probe times out | `5` | +| `readinessProbe.failureThreshold` | Minimum consecutive failures to be considered failed | `6` | +| `readinessProbe.successThreshold` | Minimum consecutive successes to be considered successful | `1` | +| `startupProbe.enabled` | Enable/disable the startup probe | `false` | +| `startupProbe.initialDelaySeconds` | Delay before startup probe is initiated | `120` | +| `startupProbe.periodSeconds` | How often to perform the probe | `10` | +| `startupProbe.timeoutSeconds` | When the probe times out | `5` | +| `startupProbe.failureThreshold` | Minimum consecutive failures to be considered failed | `6` | +| `startupProbe.successThreshold` | Minimum consecutive successes to be considered successful | `1` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match Ignored if `affinity` is set. | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `extraEnvVars` | An array to add extra env vars | `[]` | +| `extraEnvVarsCM` | ConfigMap containing extra env vars | `""` | +| `extraEnvVarsSecret` | Secret containing extra env vars (in case of sensitive data) | `""` | +| `podAnnotations` | Pod annotations | `{}` | +| `customLivenessProbe` | Override default liveness probe | `{}` | +| `customReadinessProbe` | Override default readiness probe | `{}` | +| `customStartupProbe` | Override default startup probe | `{}` | +| `extraVolumes` | Array of extra volumes to be added to the deployment (evaluated as template). Requires setting `extraVolumeMounts` | `[]` | +| `extraVolumeMounts` | Array of extra volume mounts to be added to the container (evaluated as template). Normally used with `extraVolumes`. | `[]` | +| `lifecycleHooks` | LifecycleHook to set additional configuration at startup. Evaluated as a template | `{}` | +| `podLabels` | Add additional labels to the pod (evaluated as a template) | `{}` | +| `initContainers` | Attach additional init containers to the pod (evaluated as a template) | `[]` | +| `sidecars` | Attach additional containers to the pod (evaluated as a template) | `[]` | +| `priorityClassName` | Priority class assigned to the Pods | `""` | +| `schedulerName` | Alternative scheduler | `""` | +| `terminationGracePeriodSeconds` | In seconds, time the given to the pod to terminate gracefully | `""` | +| `containerPorts.http` | Container HTTP port | `8080` | +| `containerPorts.https` | Container HTTPS port | `8443` | +| `serviceAccount.create` | Enable creation of ServiceAccount for WordPress pod | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | ### Traffic Exposure Parameters @@ -202,29 +202,30 @@ The command removes all the Kubernetes components associated with the chart and ### Volume Permissions parameters -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | +| Name | Description | Value | +| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory (for cases where the default k8s `runAsUser` and `fsUser` values do not work) | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | ### Metrics parameters -| Name | Description | Value | -| --------------------------- | --------------------------------------------------------------------------------------------------------------- | --------------------------------- | -| `metrics.enabled` | Start a exporter side-car | `false` | -| `metrics.image.registry` | Apache exporter image registry | `REGISTRY_NAME` | -| `metrics.image.repository` | Apache exporter image name | `REPOSITORY_NAME/apache-exporter` | -| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{}` | -| `metrics.resources` | Exporter resource requests/limit | `{}` | +| Name | Description | Value | +| --------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | +| `metrics.enabled` | Start a exporter side-car | `false` | +| `metrics.image.registry` | Apache exporter image registry | `REGISTRY_NAME` | +| `metrics.image.repository` | Apache exporter image name | `REPOSITORY_NAME/apache-exporter` | +| `metrics.image.digest` | Apache exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{}` | +| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` | +| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | ### Certificate injection parameters @@ -275,6 +276,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/dokuw ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/dokuwiki/templates/NOTES.txt b/bitnami/dokuwiki/templates/NOTES.txt index d04d0c7b318144..a835320919df58 100644 --- a/bitnami/dokuwiki/templates/NOTES.txt +++ b/bitnami/dokuwiki/templates/NOTES.txt @@ -58,3 +58,4 @@ APP VERSION: {{ .Chart.AppVersion }} {{- $requiredDockuwikiPasswordErrors := include "common.validations.values.multiple.empty" (dict "required" $requiredPasswords "context" $) -}} {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" (list $requiredDockuwikiPasswordErrors) "context" $) -}} +{{- include "common.warnings.resources" (dict "sections" (list "metrics" "" "volumePermissions") "context" $) }} diff --git a/bitnami/dokuwiki/templates/deployment.yaml b/bitnami/dokuwiki/templates/deployment.yaml index 6adda945173520..469f5fc3dce9c5 100644 --- a/bitnami/dokuwiki/templates/deployment.yaml +++ b/bitnami/dokuwiki/templates/deployment.yaml @@ -83,6 +83,8 @@ spec: runAsUser: 0 {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: dokuwiki-data @@ -230,7 +232,11 @@ spec: successThreshold: {{ .Values.startupProbe.successThreshold }} failureThreshold: {{ .Values.startupProbe.failureThreshold }} {{- end }} + {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} + {{- end }} {{- if .Values.lifecycleHooks }} lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} {{- end }} @@ -291,7 +297,11 @@ spec: port: metrics initialDelaySeconds: 5 timeoutSeconds: 1 + {{- if .Values.metrics.resources }} resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- else if ne .Values.metrics.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} + {{- end }} {{- end }} {{- if .Values.sidecars }} {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} diff --git a/bitnami/dokuwiki/values.yaml b/bitnami/dokuwiki/values.yaml index 18c5f12c0c0a6b..ce3f7903f9ac62 100644 --- a/bitnami/dokuwiki/values.yaml +++ b/bitnami/dokuwiki/values.yaml @@ -19,7 +19,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @@ -44,7 +43,6 @@ commonLabels: {} ## @param extraDeploy Array of extra objects to deploy with the release (evaluated as a template). ## extraDeploy: [] - ## @section Dokuwiki parameters ## @@ -131,18 +129,15 @@ dokuwikiWikiName: My Wiki ## ... ## customPostInitScripts: {} - ## @param updateStrategy Strategy to use to update Pods ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies ## updateStrategy: {} - ## @param topologySpreadConstraints Topology Spread Constraints for pod assignment ## https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ ## The value is evaluated as a template ## topologySpreadConstraints: [] - ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## @param persistence.enabled Enable persistence using PVC @@ -202,17 +197,23 @@ containerSecurityContext: seccompProfile: type: "RuntimeDefault" readOnlyRootFilesystem: false - ## Configure resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -## @param resources.requests [object] The requested resources for the container -## @param resources.limits [object] The requested limits for the container -## -resources: - requests: - memory: 512Mi - cpu: 300m - limits: {} +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "none" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} ## Configure extra options for liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) ## @param livenessProbe.enabled Enable/disable the liveness probe @@ -358,14 +359,12 @@ schedulerName: "" ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods ## terminationGracePeriodSeconds: "" - ## @param containerPorts.http Container HTTP port ## @param containerPorts.https Container HTTPS port ## containerPorts: http: 8080 https: 8443 - ## Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## @@ -384,7 +383,6 @@ serviceAccount: ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount ## annotations: {} - ## @section Traffic Exposure Parameters ## @@ -547,7 +545,6 @@ ingress: ## name: http ## extraRules: [] - ## @section Volume Permissions parameters ## @@ -583,23 +580,21 @@ volumePermissions: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - ## - requests: {} - + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @section Metrics parameters ## @@ -635,11 +630,22 @@ metrics: podAnnotations: prometheus.io/scrape: "true" prometheus.io/port: "9117" - ## @param metrics.resources Exporter resource requests/limit + ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ ## resources: {} - ## @section Certificate injection parameters ## From fcfad88e137c92a38e67adfe3b544d249924a1d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 13:31:21 +0100 Subject: [PATCH 010/129] [bitnami/deepspeed] feat: :sparkles: :lock: Add resource preset support (#23440) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Javier Salmeron Garcia Signed-off-by: Javier J. Salmerón-García --- bitnami/deepspeed/README.md | 378 +++++++++--------- bitnami/deepspeed/templates/NOTES.txt | 1 + bitnami/deepspeed/templates/_helpers.tpl | 2 + .../templates/client/client-dep-job.yaml | 2 + .../templates/worker/worker-statefulset.yaml | 2 + bitnami/deepspeed/values.yaml | 89 ++--- 6 files changed, 242 insertions(+), 232 deletions(-) diff --git a/bitnami/deepspeed/README.md b/bitnami/deepspeed/README.md index 5bbbe0b23bedcd..6d9a0efa17f4a1 100644 --- a/bitnami/deepspeed/README.md +++ b/bitnami/deepspeed/README.md @@ -109,89 +109,89 @@ The command removes all the Kubernetes components associated with the chart and ### Client Deployment Parameters -| Name | Description | Value | -| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------ | ---------------- | -| `client.enabled` | Enable Client deployment | `true` | -| `client.useJob` | Deploy as job | `false` | -| `client.backoffLimit` | set backoff limit of the job | `10` | -| `client.extraEnvVars` | Array with extra environment variables to add to client nodes | `[]` | -| `client.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for client nodes | `""` | -| `client.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for client nodes | `""` | -| `client.annotations` | Annotations for the client deployment | `{}` | -| `client.command` | Override default container command (useful when using custom images) | `[]` | -| `client.args` | Override default container args (useful when using custom images) | `[]` | -| `client.terminationGracePeriodSeconds` | Client termination grace period (in seconds) | `""` | -| `client.livenessProbe.enabled` | Enable livenessProbe on Client nodes | `true` | -| `client.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `client.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | -| `client.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `20` | -| `client.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `client.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `client.readinessProbe.enabled` | Enable readinessProbe on Client nodes | `true` | -| `client.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `client.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | -| `client.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `20` | -| `client.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `client.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `client.startupProbe.enabled` | Enable startupProbe on Client containers | `false` | -| `client.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `client.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | -| `client.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `client.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `client.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `client.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `client.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `client.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `client.resources.limits` | The resources limits for the client containers | `{}` | -| `client.resources.requests` | The requested resources for the client containers | `{}` | -| `client.podSecurityContext.enabled` | Enabled Client pods' Security Context | `true` | -| `client.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `client.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `client.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `client.podSecurityContext.fsGroup` | Set Client pod's Security Context fsGroup | `1001` | -| `client.containerSecurityContext.enabled` | Enabled Client containers' Security Context | `true` | -| `client.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `client.containerSecurityContext.runAsUser` | Set Client containers' Security Context runAsUser | `1001` | -| `client.containerSecurityContext.runAsGroup` | Set Client containers' Security Context runAsGroup | `1001` | -| `client.containerSecurityContext.runAsNonRoot` | Set Client containers' Security Context runAsNonRoot | `true` | -| `client.containerSecurityContext.readOnlyRootFilesystem` | Set Client containers' Security Context runAsNonRoot | `true` | -| `client.containerSecurityContext.privileged` | Set Client containers' Security Context privileged | `false` | -| `client.containerSecurityContext.allowPrivilegeEscalation` | Set Client container's privilege escalation | `false` | -| `client.containerSecurityContext.capabilities.drop` | Set Client container's Security Context runAsNonRoot | `["ALL"]` | -| `client.containerSecurityContext.seccompProfile.type` | Set Client container's Security Context seccomp profile | `RuntimeDefault` | -| `client.lifecycleHooks` | for the client container(s) to automate configuration before or after startup | `{}` | -| `client.runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` | -| `client.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `client.hostAliases` | client pods host aliases | `[]` | -| `client.labels` | Extra labels for the client deployment | `{}` | -| `client.podLabels` | Extra labels for client pods | `{}` | -| `client.podAnnotations` | Annotations for client pods | `{}` | -| `client.podAffinityPreset` | Pod affinity preset. Ignored if `client.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `client.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `client.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `client.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `client.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `client.nodeAffinityPreset.key` | Node label key to match. Ignored if `client.affinity` is set | `""` | -| `client.nodeAffinityPreset.values` | Node label values to match. Ignored if `client.affinity` is set | `[]` | -| `client.affinity` | Affinity for Client pods assignment | `{}` | -| `client.nodeSelector` | Node labels for Client pods assignment | `{}` | -| `client.tolerations` | Tolerations for Client pods assignment | `[]` | -| `client.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `client.priorityClassName` | Client pods' priorityClassName | `""` | -| `client.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `client.updateStrategy.type` | Client statefulset strategy type | `RollingUpdate` | -| `client.updateStrategy.rollingUpdate` | Client statefulset rolling update configuration parameters | `{}` | -| `client.extraVolumes` | Optionally specify extra list of additional volumes for the Client pod(s) | `[]` | -| `client.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Client container(s) | `[]` | -| `client.sidecars` | Add additional sidecar containers to the Client pod(s) | `[]` | -| `client.enableDefaultInitContainers` | Deploy default init containers | `true` | -| `client.initContainers` | Add additional init containers to the Client pod(s) | `[]` | -| `client.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | -| `client.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `client.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `client.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `client.serviceAccount.create` | Enable creation of ServiceAccount for Client pods | `true` | -| `client.serviceAccount.name` | The name of the ServiceAccount to use | `""` | -| `client.serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | -| `client.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| Name | Description | Value | +| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------- | +| `client.enabled` | Enable Client deployment | `true` | +| `client.useJob` | Deploy as job | `false` | +| `client.backoffLimit` | set backoff limit of the job | `10` | +| `client.extraEnvVars` | Array with extra environment variables to add to client nodes | `[]` | +| `client.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for client nodes | `""` | +| `client.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for client nodes | `""` | +| `client.annotations` | Annotations for the client deployment | `{}` | +| `client.command` | Override default container command (useful when using custom images) | `[]` | +| `client.args` | Override default container args (useful when using custom images) | `[]` | +| `client.terminationGracePeriodSeconds` | Client termination grace period (in seconds) | `""` | +| `client.livenessProbe.enabled` | Enable livenessProbe on Client nodes | `true` | +| `client.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `client.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `client.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `20` | +| `client.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `client.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `client.readinessProbe.enabled` | Enable readinessProbe on Client nodes | `true` | +| `client.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `client.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | +| `client.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `20` | +| `client.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `client.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `client.startupProbe.enabled` | Enable startupProbe on Client containers | `false` | +| `client.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `client.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | +| `client.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `client.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `client.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `client.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `client.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `client.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `client.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if client.resources is set (client.resources is recommended for production). | `none` | +| `client.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `client.podSecurityContext.enabled` | Enabled Client pods' Security Context | `true` | +| `client.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `client.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `client.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `client.podSecurityContext.fsGroup` | Set Client pod's Security Context fsGroup | `1001` | +| `client.containerSecurityContext.enabled` | Enabled Client containers' Security Context | `true` | +| `client.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `client.containerSecurityContext.runAsUser` | Set Client containers' Security Context runAsUser | `1001` | +| `client.containerSecurityContext.runAsGroup` | Set Client containers' Security Context runAsGroup | `1001` | +| `client.containerSecurityContext.runAsNonRoot` | Set Client containers' Security Context runAsNonRoot | `true` | +| `client.containerSecurityContext.readOnlyRootFilesystem` | Set Client containers' Security Context runAsNonRoot | `true` | +| `client.containerSecurityContext.privileged` | Set Client containers' Security Context privileged | `false` | +| `client.containerSecurityContext.allowPrivilegeEscalation` | Set Client container's privilege escalation | `false` | +| `client.containerSecurityContext.capabilities.drop` | Set Client container's Security Context runAsNonRoot | `["ALL"]` | +| `client.containerSecurityContext.seccompProfile.type` | Set Client container's Security Context seccomp profile | `RuntimeDefault` | +| `client.lifecycleHooks` | for the client container(s) to automate configuration before or after startup | `{}` | +| `client.runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` | +| `client.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `client.hostAliases` | client pods host aliases | `[]` | +| `client.labels` | Extra labels for the client deployment | `{}` | +| `client.podLabels` | Extra labels for client pods | `{}` | +| `client.podAnnotations` | Annotations for client pods | `{}` | +| `client.podAffinityPreset` | Pod affinity preset. Ignored if `client.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `client.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `client.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `client.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `client.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `client.nodeAffinityPreset.key` | Node label key to match. Ignored if `client.affinity` is set | `""` | +| `client.nodeAffinityPreset.values` | Node label values to match. Ignored if `client.affinity` is set | `[]` | +| `client.affinity` | Affinity for Client pods assignment | `{}` | +| `client.nodeSelector` | Node labels for Client pods assignment | `{}` | +| `client.tolerations` | Tolerations for Client pods assignment | `[]` | +| `client.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `client.priorityClassName` | Client pods' priorityClassName | `""` | +| `client.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `client.updateStrategy.type` | Client statefulset strategy type | `RollingUpdate` | +| `client.updateStrategy.rollingUpdate` | Client statefulset rolling update configuration parameters | `{}` | +| `client.extraVolumes` | Optionally specify extra list of additional volumes for the Client pod(s) | `[]` | +| `client.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Client container(s) | `[]` | +| `client.sidecars` | Add additional sidecar containers to the Client pod(s) | `[]` | +| `client.enableDefaultInitContainers` | Deploy default init containers | `true` | +| `client.initContainers` | Add additional init containers to the Client pod(s) | `[]` | +| `client.networkPolicy.enabled` | Enable creation of NetworkPolicy resources | `true` | +| `client.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `client.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `client.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `client.serviceAccount.create` | Enable creation of ServiceAccount for Client pods | `true` | +| `client.serviceAccount.name` | The name of the ServiceAccount to use | `""` | +| `client.serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | +| `client.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | ### Deepspeed Client persistence paramaters @@ -210,84 +210,84 @@ The command removes all the Kubernetes components associated with the chart and ### Worker Deployment Parameters -| Name | Description | Value | -| ---------------------------------------------------------- | -------------------------------------------------------------------------------------------------- | ---------------- | -| `worker.enabled` | Enable Worker deployment | `true` | -| `worker.slotsPerNode` | Number of slots available per worker node | `1` | -| `worker.extraEnvVars` | Array with extra environment variables to add to client nodes | `[]` | -| `worker.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for client nodes | `""` | -| `worker.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for client nodes | `""` | -| `worker.command` | Override default container command (useful when using custom images) | `[]` | -| `worker.args` | Override default container args (useful when using custom images) | `[]` | -| `worker.replicaCount` | Number of Worker replicas to deploy | `3` | -| `worker.terminationGracePeriodSeconds` | Worker termination grace period (in seconds) | `""` | -| `worker.containerPorts.ssh` | SSH port for Worker | `2222` | -| `worker.livenessProbe.enabled` | Enable livenessProbe on Worker nodes | `true` | -| `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | -| `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | -| `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | -| `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `worker.readinessProbe.enabled` | Enable readinessProbe on Worker nodes | `true` | -| `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | -| `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | -| `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | -| `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `worker.startupProbe.enabled` | Enable startupProbe on Worker containers | `false` | -| `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | -| `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | -| `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `worker.resources.limits` | The resources limits for the client containers | `{}` | -| `worker.resources.requests` | The requested resources for the client containers | `{}` | -| `worker.podSecurityContext.enabled` | Enabled Worker pods' Security Context | `true` | -| `worker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `worker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `worker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `worker.podSecurityContext.fsGroup` | Set Worker pod's Security Context fsGroup | `1001` | -| `worker.containerSecurityContext.enabled` | Enabled Worker containers' Security Context | `true` | -| `worker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `worker.containerSecurityContext.runAsUser` | Set Worker containers' Security Context runAsUser | `1001` | -| `worker.containerSecurityContext.runAsGroup` | Set Worker containers' Security Context runAsGroup | `1001` | -| `worker.containerSecurityContext.runAsNonRoot` | Set Worker containers' Security Context runAsNonRoot | `true` | -| `worker.containerSecurityContext.readOnlyRootFilesystem` | Set Worker containers' Security Context runAsNonRoot | `true` | -| `worker.containerSecurityContext.allowPrivilegeEscalation` | Set Worker container's privilege escalation | `false` | -| `worker.containerSecurityContext.capabilities.drop` | Set Worker container's Security Context runAsNonRoot | `["ALL"]` | -| `worker.containerSecurityContext.seccompProfile.type` | Set Worker container's Security Context seccomp profile | `RuntimeDefault` | -| `worker.containerSecurityContext.privileged` | Set Worker container's Security Context privileged | `false` | -| `worker.lifecycleHooks` | for the client container(s) to automate configuration before or after startup | `{}` | -| `worker.runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` | -| `worker.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `worker.hostAliases` | client pods host aliases | `[]` | -| `worker.labels` | Labels for the worker deployment | `{}` | -| `worker.annotations` | Annotations for the worker deployment | `{}` | -| `worker.podLabels` | Extra labels for client pods | `{}` | -| `worker.podAnnotations` | Annotations for client pods | `{}` | -| `worker.podAffinityPreset` | Pod affinity preset. Ignored if `client.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `worker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `client.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `worker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `client.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `worker.nodeAffinityPreset.key` | Node label key to match. Ignored if `client.affinity` is set | `""` | -| `worker.nodeAffinityPreset.values` | Node label values to match. Ignored if `client.affinity` is set | `[]` | -| `worker.affinity` | Affinity for Worker pods assignment | `{}` | -| `worker.nodeSelector` | Node labels for Worker pods assignment | `{}` | -| `worker.tolerations` | Tolerations for Worker pods assignment | `[]` | -| `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `worker.podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `Parallel` | -| `worker.priorityClassName` | Worker pods' priorityClassName | `""` | -| `worker.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `worker.updateStrategy.type` | Worker statefulset strategy type | `RollingUpdate` | -| `worker.updateStrategy.rollingUpdate` | Worker statefulset rolling update configuration parameters | `{}` | -| `worker.extraVolumes` | Optionally specify extra list of additional volumes for the Worker pod(s) | `[]` | -| `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Worker container(s) | `[]` | -| `worker.sidecars` | Add additional sidecar containers to the Worker pod(s) | `[]` | -| `worker.enableDefaultInitContainers` | Deploy default init containers | `true` | -| `worker.initContainers` | Add additional init containers to the Worker pod(s) | `[]` | -| `worker.headlessServiceAnnotations` | Annotations for the headless service | `{}` | +| Name | Description | Value | +| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------- | +| `worker.enabled` | Enable Worker deployment | `true` | +| `worker.slotsPerNode` | Number of slots available per worker node | `1` | +| `worker.extraEnvVars` | Array with extra environment variables to add to client nodes | `[]` | +| `worker.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for client nodes | `""` | +| `worker.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for client nodes | `""` | +| `worker.command` | Override default container command (useful when using custom images) | `[]` | +| `worker.args` | Override default container args (useful when using custom images) | `[]` | +| `worker.replicaCount` | Number of Worker replicas to deploy | `3` | +| `worker.terminationGracePeriodSeconds` | Worker termination grace period (in seconds) | `""` | +| `worker.containerPorts.ssh` | SSH port for Worker | `2222` | +| `worker.livenessProbe.enabled` | Enable livenessProbe on Worker nodes | `true` | +| `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `5` | +| `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `worker.readinessProbe.enabled` | Enable readinessProbe on Worker nodes | `true` | +| `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | +| `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `5` | +| `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `worker.startupProbe.enabled` | Enable startupProbe on Worker containers | `false` | +| `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `30` | +| `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `5` | +| `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `worker.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production). | `none` | +| `worker.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `worker.podSecurityContext.enabled` | Enabled Worker pods' Security Context | `true` | +| `worker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `worker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `worker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `worker.podSecurityContext.fsGroup` | Set Worker pod's Security Context fsGroup | `1001` | +| `worker.containerSecurityContext.enabled` | Enabled Worker containers' Security Context | `true` | +| `worker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `worker.containerSecurityContext.runAsUser` | Set Worker containers' Security Context runAsUser | `1001` | +| `worker.containerSecurityContext.runAsGroup` | Set Worker containers' Security Context runAsGroup | `1001` | +| `worker.containerSecurityContext.runAsNonRoot` | Set Worker containers' Security Context runAsNonRoot | `true` | +| `worker.containerSecurityContext.readOnlyRootFilesystem` | Set Worker containers' Security Context runAsNonRoot | `true` | +| `worker.containerSecurityContext.allowPrivilegeEscalation` | Set Worker container's privilege escalation | `false` | +| `worker.containerSecurityContext.capabilities.drop` | Set Worker container's Security Context runAsNonRoot | `["ALL"]` | +| `worker.containerSecurityContext.seccompProfile.type` | Set Worker container's Security Context seccomp profile | `RuntimeDefault` | +| `worker.containerSecurityContext.privileged` | Set Worker container's Security Context privileged | `false` | +| `worker.lifecycleHooks` | for the client container(s) to automate configuration before or after startup | `{}` | +| `worker.runtimeClassName` | Name of the runtime class to be used by pod(s) | `""` | +| `worker.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `worker.hostAliases` | client pods host aliases | `[]` | +| `worker.labels` | Labels for the worker deployment | `{}` | +| `worker.annotations` | Annotations for the worker deployment | `{}` | +| `worker.podLabels` | Extra labels for client pods | `{}` | +| `worker.podAnnotations` | Annotations for client pods | `{}` | +| `worker.podAffinityPreset` | Pod affinity preset. Ignored if `client.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `worker.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `client.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `worker.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `client.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `worker.nodeAffinityPreset.key` | Node label key to match. Ignored if `client.affinity` is set | `""` | +| `worker.nodeAffinityPreset.values` | Node label values to match. Ignored if `client.affinity` is set | `[]` | +| `worker.affinity` | Affinity for Worker pods assignment | `{}` | +| `worker.nodeSelector` | Node labels for Worker pods assignment | `{}` | +| `worker.tolerations` | Tolerations for Worker pods assignment | `[]` | +| `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `worker.podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `Parallel` | +| `worker.priorityClassName` | Worker pods' priorityClassName | `""` | +| `worker.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `worker.updateStrategy.type` | Worker statefulset strategy type | `RollingUpdate` | +| `worker.updateStrategy.rollingUpdate` | Worker statefulset rolling update configuration parameters | `{}` | +| `worker.extraVolumes` | Optionally specify extra list of additional volumes for the Worker pod(s) | `[]` | +| `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Worker container(s) | `[]` | +| `worker.sidecars` | Add additional sidecar containers to the Worker pod(s) | `[]` | +| `worker.enableDefaultInitContainers` | Deploy default init containers | `true` | +| `worker.initContainers` | Add additional init containers to the Worker pod(s) | `[]` | +| `worker.headlessServiceAnnotations` | Annotations for the headless service | `{}` | ### Worker Traffic Exposure Parameters @@ -322,31 +322,31 @@ The command removes all the Kubernetes components associated with the chart and ### Deepspeed Worker persistence paramaters -| Name | Description | Value | -| -------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `worker.persistence.enabled` | Use a PVC to persist data | `false` | -| `worker.persistence.storageClass` | discourse & sidekiq data Persistent Volume Storage Class | `""` | -| `worker.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | -| `worker.persistence.mountPath` | Path to mount the volume at | `/bitnami/deepspeed/data` | -| `worker.persistence.accessModes` | Persistent Volume Access Mode | `["ReadWriteOnce"]` | -| `worker.persistence.selector` | Selector to match an existing Persistent Volume for the worker data PVC | `{}` | -| `worker.persistence.dataSource` | Custom PVC data source | `{}` | -| `worker.persistence.size` | Size of data volume | `8Gi` | -| `worker.persistence.labels` | Persistent Volume labels | `{}` | -| `worker.persistence.annotations` | Persistent Volume annotations | `{}` | -| `gitImage.registry` | Git image registry | `REGISTRY_NAME` | -| `gitImage.repository` | Git image repository | `REPOSITORY_NAME/git` | -| `gitImage.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `gitImage.pullPolicy` | Git image pull policy | `IfNotPresent` | -| `gitImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the container | `{}` | +| Name | Description | Value | +| ------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `worker.persistence.enabled` | Use a PVC to persist data | `false` | +| `worker.persistence.storageClass` | discourse & sidekiq data Persistent Volume Storage Class | `""` | +| `worker.persistence.existingClaim` | Use a existing PVC which must be created manually before bound | `""` | +| `worker.persistence.mountPath` | Path to mount the volume at | `/bitnami/deepspeed/data` | +| `worker.persistence.accessModes` | Persistent Volume Access Mode | `["ReadWriteOnce"]` | +| `worker.persistence.selector` | Selector to match an existing Persistent Volume for the worker data PVC | `{}` | +| `worker.persistence.dataSource` | Custom PVC data source | `{}` | +| `worker.persistence.size` | Size of data volume | `8Gi` | +| `worker.persistence.labels` | Persistent Volume labels | `{}` | +| `worker.persistence.annotations` | Persistent Volume annotations | `{}` | +| `gitImage.registry` | Git image registry | `REGISTRY_NAME` | +| `gitImage.repository` | Git image repository | `REPOSITORY_NAME/git` | +| `gitImage.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `gitImage.pullPolicy` | Git image pull policy | `IfNotPresent` | +| `gitImage.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.enabled` | Enable init container that changes volume permissions in the data directory | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -371,6 +371,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/deeps ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/deepspeed/templates/NOTES.txt b/bitnami/deepspeed/templates/NOTES.txt index 31d4e2b4b1df63..184a26f2b6af57 100644 --- a/bitnami/deepspeed/templates/NOTES.txt +++ b/bitnami/deepspeed/templates/NOTES.txt @@ -76,3 +76,4 @@ Then configure your SSH client to use that key. {{- end }} {{ include "deepspeed.v0.validateValues" . }} {{ include "deepspeed.v0.checkRollingTags" . }} +{{- include "common.warnings.resources" (dict "sections" (list "client" "volumePermissions" "worker") "context" $) }} diff --git a/bitnami/deepspeed/templates/_helpers.tpl b/bitnami/deepspeed/templates/_helpers.tpl index 21744fe0b654de..a4af24a6102fa2 100644 --- a/bitnami/deepspeed/templates/_helpers.tpl +++ b/bitnami/deepspeed/templates/_helpers.tpl @@ -373,6 +373,8 @@ Return the volume-permissions init container runAsUser: 0 {{- if .context.Values.volumePermissions.resources }} resources: {{- toYaml .context.Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .context.Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .context.Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data diff --git a/bitnami/deepspeed/templates/client/client-dep-job.yaml b/bitnami/deepspeed/templates/client/client-dep-job.yaml index 39f508ac468bdb..96234ffd254fe3 100644 --- a/bitnami/deepspeed/templates/client/client-dep-job.yaml +++ b/bitnami/deepspeed/templates/client/client-dep-job.yaml @@ -148,6 +148,8 @@ spec: {{- end }} {{- if .Values.client.resources }} resources: {{- toYaml .Values.client.resources | nindent 12 }} + {{- else if ne .Values.client.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.client.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.client.customLivenessProbe }} diff --git a/bitnami/deepspeed/templates/worker/worker-statefulset.yaml b/bitnami/deepspeed/templates/worker/worker-statefulset.yaml index a0b8ecd100d322..41c331cce6a606 100644 --- a/bitnami/deepspeed/templates/worker/worker-statefulset.yaml +++ b/bitnami/deepspeed/templates/worker/worker-statefulset.yaml @@ -146,6 +146,8 @@ spec: {{- end }} {{- if .Values.worker.resources }} resources: {{- toYaml .Values.worker.resources | nindent 12 }} + {{- else if ne .Values.worker.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.worker.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.worker.customLivenessProbe }} diff --git a/bitnami/deepspeed/values.yaml b/bitnami/deepspeed/values.yaml index 945760d3677deb..7f967b317130c1 100644 --- a/bitnami/deepspeed/values.yaml +++ b/bitnami/deepspeed/values.yaml @@ -19,7 +19,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @@ -44,7 +43,6 @@ clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - ## Enable diagnostic mode in the deployments/statefulsets ## diagnosticMode: @@ -59,7 +57,6 @@ diagnosticMode: ## args: - infinity - ## @section Source code parameters ## Bitnami Deepspeed image version @@ -89,7 +86,6 @@ image: ## - myRegistryKeySecretName ## pullSecrets: [] - ## Source code parameters ## source: @@ -120,7 +116,6 @@ source: ## mountPath: /.ssh/ ## extraVolumeMounts: [] - ## Configuration parameters ## config: @@ -131,15 +126,12 @@ config: {{- range $i, $e := until $workers }} {{ include "deepspeed.v0.worker.fullname" $ }}-{{ $i }}.{{ printf "%s-headless" (include "deepspeed.v0.worker.fullname" $) }} slots={{ $.Values.worker.slotsPerNode }} {{- end }} - ## @param config.overrideHostFile Override default host file with the content in this value ## overrideHostFile: "" - ## @param config.existingHostFileConfigMap Name of a ConfigMap containing the hostfile ## existingHostFileConfigMap: "" - ## @param config.defaultSSHClient [string] Default SSH client configuration for the client node (only edit if you know what you are doing) ## defaultSSHClient: | @@ -150,11 +142,9 @@ config: IdentityFile /bitnami/ssh/client-private-key/id_rsa StrictHostKeyChecking no {{- end }} - ## @param config.overrideSSHClient Override default SSH cliient configuration with the content in this value ## overrideSSHClient: "" - ## @param config.existingSSHClientConfigMap Name of a ConfigMap containing the SSH client configuration ## existingSSHClientConfigMap: "" @@ -165,22 +155,18 @@ config: PasswordAuthentication no UsePAM no PermitUserEnvironment yes - ## @param config.overrideSSHServer Overidde SSH Server configuration with the content in this value ## overrideSSHServer: "" - ## @param config.existingSSHServerConfigMap Name of a ConfigMap with with the SSH Server configuration ## existingSSHServerConfigMap: "" - ## @param config.sshPrivateKey Private key for the client node to connect to the worker nodes ## sshPrivateKey: "" ## @param config.existingSSHKeySecret Name of a secret containing the ssh private key ## existingSSHKeySecret: "" - ## @section Client Deployment Parameters ## client: @@ -273,12 +259,21 @@ client: customStartupProbe: {} ## client resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param client.resources.limits The resources limits for the client containers - ## @param client.resources.requests The requested resources for the client containers + ## @param client.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if client.resources is set (client.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - resources: - limits: {} - requests: {} + resourcesPreset: "none" + ## @param client.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param client.podSecurityContext.enabled Enabled Client pods' Security Context @@ -539,8 +534,6 @@ client: ## @param client.persistence.annotations Persistent Volume annotations ## annotations: {} - - ## @section Worker Deployment Parameters ## worker: @@ -634,12 +627,21 @@ worker: customStartupProbe: {} ## client resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param worker.resources.limits The resources limits for the client containers - ## @param worker.resources.requests The requested resources for the client containers + ## @param worker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - resources: - limits: {} - requests: {} + resourcesPreset: "none" + ## @param worker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param worker.podSecurityContext.enabled Enabled Worker pods' Security Context @@ -799,11 +801,9 @@ worker: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @param worker.headlessServiceAnnotations Annotations for the headless service ## headlessServiceAnnotations: {} - ## @section Worker Traffic Exposure Parameters ## externalAccess: @@ -879,7 +879,6 @@ worker: ## @param worker.externalAccess.service.extraPorts Extra ports to expose in the Worker service ## extraPorts: [] - serviceAccount: ## @param worker.serviceAccount.create Enable creation of ServiceAccount for Data Coordinator pods ## @@ -895,7 +894,6 @@ worker: ## @param worker.serviceAccount.annotations Additional custom annotations for the ServiceAccount ## annotations: {} - ## Network Policy configuration ## ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## @@ -996,7 +994,6 @@ worker: ## @param worker.persistence.annotations Persistent Volume annotations ## annotations: {} - ## Bitnami git image version ## ref: https://hub.docker.com/r/bitnami/git/tags/ ## @param gitImage.registry [default: REGISTRY_NAME] Git image registry @@ -1020,7 +1017,6 @@ gitImage: ## - myRegistryKeySecretName ## pullSecrets: [] - ## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section. ## volumePermissions: @@ -1054,17 +1050,18 @@ volumePermissions: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param volumePermissions.resources.limits The resources limits for the container - ## @param volumePermissions.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} From 47c0da6cbb306e92b8a926ff781f5b78c8ee18e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 13:31:27 +0100 Subject: [PATCH 011/129] [bitnami/contour] feat: :sparkles: :lock: Add resource preset support (#23439) * [bitnami/contour] feat: :sparkles: :lock: Add resource preset support Signed-off-by: Javier Salmeron Garcia * fix: :bug: Set value in correct spot Signed-off-by: Javier Salmeron Garcia --------- Signed-off-by: Javier Salmeron Garcia --- bitnami/contour/Chart.lock | 6 +- bitnami/contour/README.md | 806 +++++++++--------- bitnami/contour/templates/NOTES.txt | 1 + .../templates/default-backend/deployment.yaml | 2 + .../contour/templates/envoy/daemonset.yaml | 2 + .../contour/templates/envoy/deployment.yaml | 4 + bitnami/contour/values.yaml | 133 ++- 7 files changed, 473 insertions(+), 481 deletions(-) diff --git a/bitnami/contour/Chart.lock b/bitnami/contour/Chart.lock index f3b04dfa0517a4..37cb3e4bbbdd8d 100644 --- a/bitnami/contour/Chart.lock +++ b/bitnami/contour/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3 -generated: "2024-01-10T09:57:04.828314536Z" + version: 2.15.3 +digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 +generated: "2024-02-14T14:43:29.097717224+01:00" diff --git a/bitnami/contour/README.md b/bitnami/contour/README.md index a68c31c8f0ddbe..c05cefb000192d 100644 --- a/bitnami/contour/README.md +++ b/bitnami/contour/README.md @@ -85,412 +85,412 @@ helm uninstall my-release ### Contour parameters -| Name | Description | Value | -| ------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | -| `existingConfigMap` | Specifies the name of an externally-defined ConfigMap to use as the configuration (this is mutually exclusive with `configInline`) | `""` | -| `configInline` | Specifies Contour's configuration directly in YAML format | `{}` | -| `contour.enabled` | Contour Deployment creation. | `true` | -| `contour.image.registry` | Contour image registry | `REGISTRY_NAME` | -| `contour.image.repository` | Contour image name | `REPOSITORY_NAME/contour` | -| `contour.image.digest` | Contour image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `contour.image.pullPolicy` | Contour Image pull policy | `IfNotPresent` | -| `contour.image.pullSecrets` | Contour Image pull secrets | `[]` | -| `contour.image.debug` | Enable image debug mode | `false` | -| `contour.contourConfigName` | Contour Deployment with ContourConfiguration CRD. | `contour` | -| `contour.configPath` | Contour Deployment with configmap. | `true` | -| `contour.replicaCount` | Number of Contour Pod replicas | `1` | -| `contour.priorityClassName` | Priority class assigned to the pods | `""` | -| `contour.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `contour.terminationGracePeriodSeconds` | In seconds, time the given to the Contour pod needs to terminate gracefully | `""` | -| `contour.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `contour.containerPorts.xds` | Set xds port inside Contour pod | `8001` | -| `contour.containerPorts.metrics` | Set metrics port inside Contour pod | `8000` | -| `contour.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `contour.hostAliases` | Add deployment host aliases | `[]` | -| `contour.updateStrategy` | Strategy to use to update Pods | `{}` | -| `contour.extraArgs` | Extra arguments passed to Contour container | `[]` | -| `contour.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` | -| `contour.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` | -| `contour.manageCRDs` | Manage the creation, upgrade and deletion of Contour CRDs. | `true` | -| `contour.envoyServiceNamespace` | Namespace of the envoy service to inspect for Ingress status details. | `""` | -| `contour.envoyServiceName` | Name of the envoy service to inspect for Ingress status details. | `""` | -| `contour.leaderElectionResourceName` | Name of the contour (Lease) leader election will lease. | `""` | -| `contour.ingressStatusAddress` | Address to set in Ingress object status. It is exclusive with `envoyServiceName` and `envoyServiceNamespace`. | `""` | -| `contour.podAffinityPreset` | Contour Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `contour.podAntiAffinityPreset` | Contour Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `contour.podLabels` | Extra labels for Contour pods | `{}` | -| `contour.lifecycleHooks` | lifecycleHooks for the container to automate configuration before or after startup. | `{}` | -| `contour.customLivenessProbe` | Override default liveness probe | `{}` | -| `contour.customReadinessProbe` | Override default readiness probe | `{}` | -| `contour.customStartupProbe` | Override default startup probe | `{}` | -| `contour.nodeAffinityPreset.type` | Contour Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `contour.nodeAffinityPreset.key` | Contour Node label key to match Ignored if `affinity` is set. | `""` | -| `contour.nodeAffinityPreset.values` | Contour Node label values to match. Ignored if `affinity` is set. | `[]` | -| `contour.command` | Override default command | `[]` | -| `contour.args` | Override default args | `[]` | -| `contour.affinity` | Affinity for Contour pod assignment | `{}` | -| `contour.nodeSelector` | Node labels for Contour pod assignment | `{}` | -| `contour.tolerations` | Tolerations for Contour pod assignment | `[]` | -| `contour.podAnnotations` | Contour Pod annotations | `{}` | -| `contour.serviceAccount.create` | Create a serviceAccount for the Contour pod | `true` | -| `contour.serviceAccount.name` | Use the serviceAccount with the specified name, a name is generated using the fullname template | `""` | -| `contour.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `contour.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `contour.podSecurityContext.enabled` | Default backend Pod securityContext | `true` | -| `contour.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `contour.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `contour.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `contour.podSecurityContext.fsGroup` | Set Default backend Pod's Security Context fsGroup | `1001` | -| `contour.containerSecurityContext.enabled` | Enabled contour containers' Security Context | `true` | -| `contour.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `contour.containerSecurityContext.runAsUser` | Set contour containers' Security Context runAsUser | `1001` | -| `contour.containerSecurityContext.runAsNonRoot` | Set contour containers' Security Context runAsNonRoot | `true` | -| `contour.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `false` | -| `contour.containerSecurityContext.privileged` | Set contour container's Security Context privileged | `false` | -| `contour.containerSecurityContext.allowPrivilegeEscalation` | Set contour container's Security Context allowPrivilegeEscalation | `false` | -| `contour.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `contour.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `contour.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | -| `contour.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | -| `contour.livenessProbe.periodSeconds` | How often to perform the probe | `20` | -| `contour.livenessProbe.timeoutSeconds` | When the probe times out | `5` | -| `contour.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | -| `contour.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `contour.readinessProbe.enabled` | Enable/disable the readiness probe | `true` | -| `contour.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `15` | -| `contour.readinessProbe.periodSeconds` | How often to perform the probe | `10` | -| `contour.readinessProbe.timeoutSeconds` | When the probe times out | `5` | -| `contour.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | -| `contour.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `contour.startupProbe.enabled` | Enable/disable the startup probe | `false` | -| `contour.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated | `15` | -| `contour.startupProbe.periodSeconds` | How often to perform the probe | `10` | -| `contour.startupProbe.timeoutSeconds` | When the probe times out | `5` | -| `contour.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | -| `contour.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `contour.certgen.serviceAccount.create` | Create a serviceAccount for the Contour pod | `true` | -| `contour.certgen.serviceAccount.name` | Use the serviceAccount with the specified name, a name is generated using the fullname template | `""` | -| `contour.certgen.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | -| `contour.certgen.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `contour.certgen.certificateLifetime` | Generated certificate lifetime (in days). | `365` | -| `contour.certgen.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `contour.certgen.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `contour.certgen.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `contour.certgen.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `contour.certgen.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `contour.certgen.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `contour.certgen.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `contour.certgen.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `contour.certgen.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `contour.tlsExistingSecret` | Name of the existingSecret to be use in Contour deployment. If it is not nil `contour.certgen` will be disabled. | `""` | -| `contour.service.type` | Service type | `ClusterIP` | -| `contour.service.ports.xds` | Contour service xds port | `8001` | -| `contour.service.ports.metrics` | Contour service xds port | `8000` | -| `contour.service.nodePorts.xds` | Node port for HTTP | `""` | -| `contour.service.clusterIP` | Contour service Cluster IP | `""` | -| `contour.service.loadBalancerIP` | Contour service Load Balancer IP | `""` | -| `contour.service.loadBalancerSourceRanges` | Contour service Load Balancer sources | `[]` | -| `contour.service.loadBalancerClass` | Contour service Load Balancer Class | `""` | -| `contour.service.externalTrafficPolicy` | Contour service external traffic policy | `Cluster` | -| `contour.service.annotations` | Additional custom annotations for Contour service | `{}` | -| `contour.service.extraPorts` | Extra port to expose on Contour service | `[]` | -| `contour.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `contour.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `contour.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `contour.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `contour.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `contour.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `contour.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `contour.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `contour.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `contour.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `contour.initContainers` | Attach additional init containers to Contour pods | `[]` | -| `contour.sidecars` | Add additional sidecar containers to the Contour pods | `[]` | -| `contour.extraVolumes` | Array to add extra volumes | `[]` | -| `contour.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | -| `contour.extraEnvVars` | Array containing extra env vars to be added to all Contour containers | `[]` | -| `contour.extraEnvVarsCM` | ConfigMap containing extra env vars to be added to all Contour containers | `""` | -| `contour.extraEnvVarsSecret` | Secret containing extra env vars to be added to all Contour containers | `""` | -| `contour.ingressClass.name` | Name of the ingress class to route through this controller. | `""` | -| `contour.ingressClass.create` | Whether to create or not the IngressClass resource | `true` | -| `contour.ingressClass.default` | Mark IngressClass resource as default for cluster | `true` | -| `contour.debug` | Enable Contour debug log level | `false` | -| `contour.logFormat` | Set contour log-format. Default text, either text or json. | `text` | -| `contour.kubernetesDebug` | Contour kubernetes debug log level, Default 0, minimum 0, maximum 9. | `0` | -| `contour.rootNamespaces` | Restrict Contour to searching these namespaces for root ingress routes. | `""` | -| `contour.overloadManager.enabled` | Enable Overload Manager | `false` | -| `contour.overloadManager.maxHeapBytes` | Overload Manager's maximum heap size in bytes | `2147483648` | +| Name | Description | Value | +| ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- | +| `existingConfigMap` | Specifies the name of an externally-defined ConfigMap to use as the configuration (this is mutually exclusive with `configInline`) | `""` | +| `configInline` | Specifies Contour's configuration directly in YAML format | `{}` | +| `contour.enabled` | Contour Deployment creation. | `true` | +| `contour.image.registry` | Contour image registry | `REGISTRY_NAME` | +| `contour.image.repository` | Contour image name | `REPOSITORY_NAME/contour` | +| `contour.image.digest` | Contour image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `contour.image.pullPolicy` | Contour Image pull policy | `IfNotPresent` | +| `contour.image.pullSecrets` | Contour Image pull secrets | `[]` | +| `contour.image.debug` | Enable image debug mode | `false` | +| `contour.contourConfigName` | Contour Deployment with ContourConfiguration CRD. | `contour` | +| `contour.configPath` | Contour Deployment with configmap. | `true` | +| `contour.replicaCount` | Number of Contour Pod replicas | `1` | +| `contour.priorityClassName` | Priority class assigned to the pods | `""` | +| `contour.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `contour.terminationGracePeriodSeconds` | In seconds, time the given to the Contour pod needs to terminate gracefully | `""` | +| `contour.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `contour.containerPorts.xds` | Set xds port inside Contour pod | `8001` | +| `contour.containerPorts.metrics` | Set metrics port inside Contour pod | `8000` | +| `contour.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `contour.hostAliases` | Add deployment host aliases | `[]` | +| `contour.updateStrategy` | Strategy to use to update Pods | `{}` | +| `contour.extraArgs` | Extra arguments passed to Contour container | `[]` | +| `contour.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if contour.resources is set (contour.resources is recommended for production). | `none` | +| `contour.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `contour.manageCRDs` | Manage the creation, upgrade and deletion of Contour CRDs. | `true` | +| `contour.envoyServiceNamespace` | Namespace of the envoy service to inspect for Ingress status details. | `""` | +| `contour.envoyServiceName` | Name of the envoy service to inspect for Ingress status details. | `""` | +| `contour.leaderElectionResourceName` | Name of the contour (Lease) leader election will lease. | `""` | +| `contour.ingressStatusAddress` | Address to set in Ingress object status. It is exclusive with `envoyServiceName` and `envoyServiceNamespace`. | `""` | +| `contour.podAffinityPreset` | Contour Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `contour.podAntiAffinityPreset` | Contour Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `contour.podLabels` | Extra labels for Contour pods | `{}` | +| `contour.lifecycleHooks` | lifecycleHooks for the container to automate configuration before or after startup. | `{}` | +| `contour.customLivenessProbe` | Override default liveness probe | `{}` | +| `contour.customReadinessProbe` | Override default readiness probe | `{}` | +| `contour.customStartupProbe` | Override default startup probe | `{}` | +| `contour.nodeAffinityPreset.type` | Contour Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `contour.nodeAffinityPreset.key` | Contour Node label key to match Ignored if `affinity` is set. | `""` | +| `contour.nodeAffinityPreset.values` | Contour Node label values to match. Ignored if `affinity` is set. | `[]` | +| `contour.command` | Override default command | `[]` | +| `contour.args` | Override default args | `[]` | +| `contour.affinity` | Affinity for Contour pod assignment | `{}` | +| `contour.nodeSelector` | Node labels for Contour pod assignment | `{}` | +| `contour.tolerations` | Tolerations for Contour pod assignment | `[]` | +| `contour.podAnnotations` | Contour Pod annotations | `{}` | +| `contour.serviceAccount.create` | Create a serviceAccount for the Contour pod | `true` | +| `contour.serviceAccount.name` | Use the serviceAccount with the specified name, a name is generated using the fullname template | `""` | +| `contour.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | +| `contour.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `contour.podSecurityContext.enabled` | Default backend Pod securityContext | `true` | +| `contour.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `contour.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `contour.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `contour.podSecurityContext.fsGroup` | Set Default backend Pod's Security Context fsGroup | `1001` | +| `contour.containerSecurityContext.enabled` | Enabled contour containers' Security Context | `true` | +| `contour.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `contour.containerSecurityContext.runAsUser` | Set contour containers' Security Context runAsUser | `1001` | +| `contour.containerSecurityContext.runAsNonRoot` | Set contour containers' Security Context runAsNonRoot | `true` | +| `contour.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `false` | +| `contour.containerSecurityContext.privileged` | Set contour container's Security Context privileged | `false` | +| `contour.containerSecurityContext.allowPrivilegeEscalation` | Set contour container's Security Context allowPrivilegeEscalation | `false` | +| `contour.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `contour.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `contour.livenessProbe.enabled` | Enable/disable the Liveness probe | `true` | +| `contour.livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `120` | +| `contour.livenessProbe.periodSeconds` | How often to perform the probe | `20` | +| `contour.livenessProbe.timeoutSeconds` | When the probe times out | `5` | +| `contour.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `6` | +| `contour.livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `contour.readinessProbe.enabled` | Enable/disable the readiness probe | `true` | +| `contour.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `15` | +| `contour.readinessProbe.periodSeconds` | How often to perform the probe | `10` | +| `contour.readinessProbe.timeoutSeconds` | When the probe times out | `5` | +| `contour.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `contour.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `contour.startupProbe.enabled` | Enable/disable the startup probe | `false` | +| `contour.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated | `15` | +| `contour.startupProbe.periodSeconds` | How often to perform the probe | `10` | +| `contour.startupProbe.timeoutSeconds` | When the probe times out | `5` | +| `contour.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `contour.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `contour.certgen.serviceAccount.create` | Create a serviceAccount for the Contour pod | `true` | +| `contour.certgen.serviceAccount.name` | Use the serviceAccount with the specified name, a name is generated using the fullname template | `""` | +| `contour.certgen.serviceAccount.automountServiceAccountToken` | Automount service account token for the server service account | `false` | +| `contour.certgen.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `contour.certgen.certificateLifetime` | Generated certificate lifetime (in days). | `365` | +| `contour.certgen.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `contour.certgen.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `contour.certgen.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `contour.certgen.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `contour.certgen.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `contour.certgen.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `contour.certgen.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `contour.certgen.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `contour.certgen.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `contour.tlsExistingSecret` | Name of the existingSecret to be use in Contour deployment. If it is not nil `contour.certgen` will be disabled. | `""` | +| `contour.service.type` | Service type | `ClusterIP` | +| `contour.service.ports.xds` | Contour service xds port | `8001` | +| `contour.service.ports.metrics` | Contour service xds port | `8000` | +| `contour.service.nodePorts.xds` | Node port for HTTP | `""` | +| `contour.service.clusterIP` | Contour service Cluster IP | `""` | +| `contour.service.loadBalancerIP` | Contour service Load Balancer IP | `""` | +| `contour.service.loadBalancerSourceRanges` | Contour service Load Balancer sources | `[]` | +| `contour.service.loadBalancerClass` | Contour service Load Balancer Class | `""` | +| `contour.service.externalTrafficPolicy` | Contour service external traffic policy | `Cluster` | +| `contour.service.annotations` | Additional custom annotations for Contour service | `{}` | +| `contour.service.extraPorts` | Extra port to expose on Contour service | `[]` | +| `contour.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `contour.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `contour.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `contour.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `contour.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `contour.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `contour.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `contour.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `contour.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `contour.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `contour.initContainers` | Attach additional init containers to Contour pods | `[]` | +| `contour.sidecars` | Add additional sidecar containers to the Contour pods | `[]` | +| `contour.extraVolumes` | Array to add extra volumes | `[]` | +| `contour.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | +| `contour.extraEnvVars` | Array containing extra env vars to be added to all Contour containers | `[]` | +| `contour.extraEnvVarsCM` | ConfigMap containing extra env vars to be added to all Contour containers | `""` | +| `contour.extraEnvVarsSecret` | Secret containing extra env vars to be added to all Contour containers | `""` | +| `contour.ingressClass.name` | Name of the ingress class to route through this controller. | `""` | +| `contour.ingressClass.create` | Whether to create or not the IngressClass resource | `true` | +| `contour.ingressClass.default` | Mark IngressClass resource as default for cluster | `true` | +| `contour.debug` | Enable Contour debug log level | `false` | +| `contour.logFormat` | Set contour log-format. Default text, either text or json. | `text` | +| `contour.kubernetesDebug` | Contour kubernetes debug log level, Default 0, minimum 0, maximum 9. | `0` | +| `contour.rootNamespaces` | Restrict Contour to searching these namespaces for root ingress routes. | `""` | +| `contour.overloadManager.enabled` | Enable Overload Manager | `false` | +| `contour.overloadManager.maxHeapBytes` | Overload Manager's maximum heap size in bytes | `2147483648` | ### Envoy parameters -| Name | Description | Value | -| ------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------- | ----------------------- | -| `envoy.enabled` | Envoy Proxy creation | `true` | -| `envoy.image.registry` | Envoy Proxy image registry | `REGISTRY_NAME` | -| `envoy.image.repository` | Envoy Proxy image repository | `REPOSITORY_NAME/envoy` | -| `envoy.image.digest` | Envoy Proxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `envoy.image.pullPolicy` | Envoy image pull policy | `IfNotPresent` | -| `envoy.image.pullSecrets` | Envoy image pull secrets | `[]` | -| `envoy.priorityClassName` | Priority class assigned to the pods | `""` | -| `envoy.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `envoy.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `envoy.extraArgs` | Extra arguments passed to Envoy container | `[]` | -| `envoy.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `envoy.hostAliases` | Add deployment host aliases | `[]` | -| `envoy.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` | -| `envoy.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` | -| `envoy.command` | Override default command | `[]` | -| `envoy.args` | Override default args | `[]` | -| `envoy.shutdownManager.enabled` | Contour shutdownManager sidecar | `true` | -| `envoy.shutdownManager.extraArgs` | Extra arguments passed to shutdown container | `[]` | -| `envoy.shutdownManager.port` | Specify Port for shutdown container | `8090` | -| `envoy.shutdownManager.resources.limits` | Specify resource limits which the container is not allowed to succeed. | `{}` | -| `envoy.shutdownManager.resources.requests` | Specify resource requests which the container needs to spawn. | `{}` | -| `envoy.shutdownManager.containerSecurityContext.enabled` | Enabled envoy shutdownManager containers' Security Context | `true` | -| `envoy.shutdownManager.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `envoy.shutdownManager.containerSecurityContext.runAsUser` | Set envoy shutdownManager containers' Security Context runAsUser | `1001` | -| `envoy.shutdownManager.containerSecurityContext.runAsNonRoot` | Set envoy shutdownManager containers' Security Context runAsNonRoot | `true` | -| `envoy.shutdownManager.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `true` | -| `envoy.shutdownManager.containerSecurityContext.privileged` | Set envoy.shutdownManager container's Security Context privileged | `false` | -| `envoy.shutdownManager.containerSecurityContext.allowPrivilegeEscalation` | Set envoy shutdownManager container's Security Context allowPrivilegeEscalation | `false` | -| `envoy.shutdownManager.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `envoy.shutdownManager.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `envoy.initConfig.containerSecurityContext.enabled` | Enabled envoy initConfig containers' Security Context | `true` | -| `envoy.initConfig.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `envoy.initConfig.containerSecurityContext.runAsUser` | Set envoy initConfig containers' Security Context runAsUser | `1001` | -| `envoy.initConfig.containerSecurityContext.runAsNonRoot` | Set envoy initConfig containers' Security Context runAsNonRoot | `true` | -| `envoy.initConfig.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `false` | -| `envoy.initConfig.containerSecurityContext.privileged` | Set contraller container's Security Context privileged | `false` | -| `envoy.initConfig.containerSecurityContext.allowPrivilegeEscalation` | Set contraller container's Security Context allowPrivilegeEscalation | `false` | -| `envoy.initConfig.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `envoy.initConfig.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `envoy.kind` | Install as deployment or daemonset | `daemonset` | -| `envoy.replicaCount` | Desired number of Controller pods | `1` | -| `envoy.lifecycleHooks` | lifecycleHooks for the container to automate configuration before or after startup. | `{}` | -| `envoy.updateStrategy` | Strategy to use to update Pods | `{}` | -| `envoy.minReadySeconds` | The minimum number of seconds for which a newly created Pod should be ready | `0` | -| `envoy.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | -| `envoy.autoscaling.enabled` | Enable autoscaling for Controller | `false` | -| `envoy.autoscaling.minReplicas` | Minimum number of Controller replicas | `1` | -| `envoy.autoscaling.maxReplicas` | Maximum number of Controller replicas | `11` | -| `envoy.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | -| `envoy.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | -| `envoy.autoscaling.behavior` | HPA Behavior | `{}` | -| `envoy.podAffinityPreset` | Envoy Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `envoy.podAntiAffinityPreset` | Envoy Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `envoy.nodeAffinityPreset.type` | Envoy Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `envoy.nodeAffinityPreset.key` | Envoy Node label key to match Ignored if `affinity` is set. | `""` | -| `envoy.nodeAffinityPreset.values` | Envoy Node label values to match. Ignored if `affinity` is set. | `[]` | -| `envoy.affinity` | Affinity for Envoy pod assignment | `{}` | -| `envoy.nodeSelector` | Node labels for Envoy pod assignment | `{}` | -| `envoy.tolerations` | Tolerations for Envoy pod assignment | `[]` | -| `envoy.podAnnotations` | Envoy Pod annotations | `{}` | -| `envoy.podLabels` | Extra labels for Envoy pods | `{}` | -| `envoy.podSecurityContext.enabled` | Envoy Pod securityContext | `false` | -| `envoy.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `envoy.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `envoy.podSecurityContext.fsGroup` | User ID for the for the mounted volumes | `0` | -| `envoy.podSecurityContext.sysctls` | Array of sysctl options to allow | `[]` | -| `envoy.containerSecurityContext.enabled` | Enabled envoy containers' Security Context | `true` | -| `envoy.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `envoy.containerSecurityContext.runAsUser` | Set envoy containers' Security Context runAsUser | `1001` | -| `envoy.containerSecurityContext.runAsNonRoot` | Set envoy containers' Security Context runAsNonRoot | `true` | -| `envoy.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `false` | -| `envoy.containerSecurityContext.privileged` | Set envoy container's Security Context privileged | `false` | -| `envoy.containerSecurityContext.allowPrivilegeEscalation` | Set envoy container's Security Context allowPrivilegeEscalation | `false` | -| `envoy.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `envoy.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `envoy.hostNetwork` | Envoy Pod host network access | `false` | -| `envoy.dnsPolicy` | Envoy Pod Dns Policy's DNS Policy | `ClusterFirst` | -| `envoy.tlsExistingSecret` | Name of the existingSecret to be use in Envoy deployment | `""` | -| `envoy.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `envoy.serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `""` | -| `envoy.serviceAccount.automountServiceAccountToken` | Whether to auto mount API credentials for a service account | `false` | -| `envoy.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | -| `envoy.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `envoy.livenessProbe.port` | LivenessProbe port | `8002` | -| `envoy.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | -| `envoy.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `envoy.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `envoy.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `envoy.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `envoy.readinessProbe.enabled` | Enable/disable the readiness probe | `true` | -| `envoy.readinessProbe.port` | ReadinessProbe port | `8002` | -| `envoy.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `10` | -| `envoy.readinessProbe.periodSeconds` | How often to perform the probe | `3` | -| `envoy.readinessProbe.timeoutSeconds` | When the probe times out | `1` | -| `envoy.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | -| `envoy.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `envoy.startupProbe.enabled` | Enable/disable the startup probe | `false` | -| `envoy.startupProbe.port` | StartupProbe port | `8002` | -| `envoy.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated | `15` | -| `envoy.startupProbe.periodSeconds` | How often to perform the probe | `10` | -| `envoy.startupProbe.timeoutSeconds` | When the probe times out | `5` | -| `envoy.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | -| `envoy.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `envoy.customLivenessProbe` | Override default liveness probe | `{}` | -| `envoy.customReadinessProbe` | Override default readiness probe | `{}` | -| `envoy.customStartupProbe` | Override default startup probe | `{}` | -| `envoy.terminationGracePeriodSeconds` | Envoy termination grace period in seconds | `300` | -| `envoy.logLevel` | Envoy log level | `info` | -| `envoy.service.name` | envoy service name | `""` | -| `envoy.service.multiAz.enabled` | enables the rendering of the multiple services | `false` | -| `envoy.service.multiAz.zones` | defines different zones their annotations and loadBalancerIPs | `[]` | -| `envoy.service.targetPorts` | Map the controller service HTTP/HTTPS port | `{}` | -| `envoy.service.type` | Type of Envoy service to create | `LoadBalancer` | -| `envoy.service.externalTrafficPolicy` | Envoy Service external cluster policy. If `envoy.service.type` is NodePort or LoadBalancer | `Local` | -| `envoy.service.labels` | Labels to add to te envoy service | `{}` | -| `envoy.service.clusterIP` | Internal envoy cluster service IP | `""` | -| `envoy.service.externalIPs` | Envoy service external IP addresses | `[]` | -| `envoy.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | -| `envoy.service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | -| `envoy.service.loadBalancerClass` | Envoy service Load Balancer Class | `""` | -| `envoy.service.ipFamilyPolicy` | , support SingleStack, PreferDualStack and RequireDualStack | `""` | -| `envoy.service.ipFamilies` | List of IP families (e.g. IPv4, IPv6) assigned to the service. | `[]` | -| `envoy.service.annotations` | Annotations for Envoy service | `{}` | -| `envoy.service.ports.http` | Sets service http port | `80` | -| `envoy.service.ports.https` | Sets service https port | `443` | -| `envoy.service.ports.metrics` | Sets service metrics port | `8002` | -| `envoy.service.nodePorts.http` | HTTP Port. If `envoy.service.type` is NodePort and this is non-empty | `""` | -| `envoy.service.nodePorts.https` | HTTPS Port. If `envoy.service.type` is NodePort and this is non-empty | `""` | -| `envoy.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | -| `envoy.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `envoy.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `envoy.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `envoy.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `envoy.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `envoy.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `envoy.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `envoy.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `envoy.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `envoy.useHostPort.http` | Enable/disable `hostPort` for TCP/80 | `true` | -| `envoy.useHostPort.https` | Enable/disable `hostPort` TCP/443 | `true` | -| `envoy.useHostPort.metrics` | Enable/disable `hostPort` for TCP/8002 | `true` | -| `envoy.useHostIP` | Enable/disable `hostIP` | `false` | -| `envoy.hostPorts.http` | Sets `hostPort` http port | `80` | -| `envoy.hostPorts.https` | Sets `hostPort` https port | `443` | -| `envoy.hostPorts.metrics` | Sets `hostPort` metrics port | `8002` | -| `envoy.hostIPs.http` | Sets `hostIP` http IP | `127.0.0.1` | -| `envoy.hostIPs.https` | Sets `hostIP` https IP | `127.0.0.1` | -| `envoy.hostIPs.metrics` | Sets `hostIP` metrics IP | `127.0.0.1` | -| `envoy.containerPorts.http` | Sets http port inside Envoy pod (change this to >1024 to run envoy as a non-root user) | `8080` | -| `envoy.containerPorts.https` | Sets https port inside Envoy pod (change this to >1024 to run envoy as a non-root user) | `8443` | -| `envoy.containerPorts.metrics` | Sets metrics port inside Envoy pod (change this to >1024 to run envoy as a non-root user) | `8002` | -| `envoy.initContainers` | Attach additional init containers to Envoy pods | `[]` | -| `envoy.sidecars` | Add additional sidecar containers to the Envoy pods | `[]` | -| `envoy.extraVolumes` | Array to add extra volumes | `[]` | -| `envoy.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | -| `envoy.extraEnvVars` | Array containing extra env vars to be added to all Envoy containers | `[]` | -| `envoy.extraEnvVarsCM` | ConfigMap containing extra env vars to be added to all Envoy containers | `""` | -| `envoy.extraEnvVarsSecret` | Secret containing extra env vars to be added to all Envoy containers | `""` | +| Name | Description | Value | +| ------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------- | +| `envoy.enabled` | Envoy Proxy creation | `true` | +| `envoy.image.registry` | Envoy Proxy image registry | `REGISTRY_NAME` | +| `envoy.image.repository` | Envoy Proxy image repository | `REPOSITORY_NAME/envoy` | +| `envoy.image.digest` | Envoy Proxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `envoy.image.pullPolicy` | Envoy image pull policy | `IfNotPresent` | +| `envoy.image.pullSecrets` | Envoy image pull secrets | `[]` | +| `envoy.priorityClassName` | Priority class assigned to the pods | `""` | +| `envoy.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `envoy.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `envoy.extraArgs` | Extra arguments passed to Envoy container | `[]` | +| `envoy.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `envoy.hostAliases` | Add deployment host aliases | `[]` | +| `envoy.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if envoy.resources is set (envoy.resources is recommended for production). | `none` | +| `envoy.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `envoy.command` | Override default command | `[]` | +| `envoy.args` | Override default args | `[]` | +| `envoy.shutdownManager.enabled` | Contour shutdownManager sidecar | `true` | +| `envoy.shutdownManager.extraArgs` | Extra arguments passed to shutdown container | `[]` | +| `envoy.shutdownManager.port` | Specify Port for shutdown container | `8090` | +| `envoy.shutdownManager.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if envoy.shutdownManager.resources is set (envoy.shutdownManager.resources is recommended for production). | `none` | +| `envoy.shutdownManager.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `envoy.shutdownManager.containerSecurityContext.enabled` | Enabled envoy shutdownManager containers' Security Context | `true` | +| `envoy.shutdownManager.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `envoy.shutdownManager.containerSecurityContext.runAsUser` | Set envoy shutdownManager containers' Security Context runAsUser | `1001` | +| `envoy.shutdownManager.containerSecurityContext.runAsNonRoot` | Set envoy shutdownManager containers' Security Context runAsNonRoot | `true` | +| `envoy.shutdownManager.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `true` | +| `envoy.shutdownManager.containerSecurityContext.privileged` | Set envoy.shutdownManager container's Security Context privileged | `false` | +| `envoy.shutdownManager.containerSecurityContext.allowPrivilegeEscalation` | Set envoy shutdownManager container's Security Context allowPrivilegeEscalation | `false` | +| `envoy.shutdownManager.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `envoy.shutdownManager.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `envoy.initConfig.containerSecurityContext.enabled` | Enabled envoy initConfig containers' Security Context | `true` | +| `envoy.initConfig.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `envoy.initConfig.containerSecurityContext.runAsUser` | Set envoy initConfig containers' Security Context runAsUser | `1001` | +| `envoy.initConfig.containerSecurityContext.runAsNonRoot` | Set envoy initConfig containers' Security Context runAsNonRoot | `true` | +| `envoy.initConfig.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `false` | +| `envoy.initConfig.containerSecurityContext.privileged` | Set contraller container's Security Context privileged | `false` | +| `envoy.initConfig.containerSecurityContext.allowPrivilegeEscalation` | Set contraller container's Security Context allowPrivilegeEscalation | `false` | +| `envoy.initConfig.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `envoy.initConfig.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `envoy.kind` | Install as deployment or daemonset | `daemonset` | +| `envoy.replicaCount` | Desired number of Controller pods | `1` | +| `envoy.lifecycleHooks` | lifecycleHooks for the container to automate configuration before or after startup. | `{}` | +| `envoy.updateStrategy` | Strategy to use to update Pods | `{}` | +| `envoy.minReadySeconds` | The minimum number of seconds for which a newly created Pod should be ready | `0` | +| `envoy.revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | +| `envoy.autoscaling.enabled` | Enable autoscaling for Controller | `false` | +| `envoy.autoscaling.minReplicas` | Minimum number of Controller replicas | `1` | +| `envoy.autoscaling.maxReplicas` | Maximum number of Controller replicas | `11` | +| `envoy.autoscaling.targetCPU` | Target CPU utilization percentage | `""` | +| `envoy.autoscaling.targetMemory` | Target Memory utilization percentage | `""` | +| `envoy.autoscaling.behavior` | HPA Behavior | `{}` | +| `envoy.podAffinityPreset` | Envoy Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `envoy.podAntiAffinityPreset` | Envoy Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `envoy.nodeAffinityPreset.type` | Envoy Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `envoy.nodeAffinityPreset.key` | Envoy Node label key to match Ignored if `affinity` is set. | `""` | +| `envoy.nodeAffinityPreset.values` | Envoy Node label values to match. Ignored if `affinity` is set. | `[]` | +| `envoy.affinity` | Affinity for Envoy pod assignment | `{}` | +| `envoy.nodeSelector` | Node labels for Envoy pod assignment | `{}` | +| `envoy.tolerations` | Tolerations for Envoy pod assignment | `[]` | +| `envoy.podAnnotations` | Envoy Pod annotations | `{}` | +| `envoy.podLabels` | Extra labels for Envoy pods | `{}` | +| `envoy.podSecurityContext.enabled` | Envoy Pod securityContext | `false` | +| `envoy.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `envoy.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `envoy.podSecurityContext.fsGroup` | User ID for the for the mounted volumes | `0` | +| `envoy.podSecurityContext.sysctls` | Array of sysctl options to allow | `[]` | +| `envoy.containerSecurityContext.enabled` | Enabled envoy containers' Security Context | `true` | +| `envoy.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `envoy.containerSecurityContext.runAsUser` | Set envoy containers' Security Context runAsUser | `1001` | +| `envoy.containerSecurityContext.runAsNonRoot` | Set envoy containers' Security Context runAsNonRoot | `true` | +| `envoy.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `false` | +| `envoy.containerSecurityContext.privileged` | Set envoy container's Security Context privileged | `false` | +| `envoy.containerSecurityContext.allowPrivilegeEscalation` | Set envoy container's Security Context allowPrivilegeEscalation | `false` | +| `envoy.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `envoy.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `envoy.hostNetwork` | Envoy Pod host network access | `false` | +| `envoy.dnsPolicy` | Envoy Pod Dns Policy's DNS Policy | `ClusterFirst` | +| `envoy.tlsExistingSecret` | Name of the existingSecret to be use in Envoy deployment | `""` | +| `envoy.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `envoy.serviceAccount.name` | The name of the ServiceAccount to use. If not set and create is true, a name is generated using the fullname template | `""` | +| `envoy.serviceAccount.automountServiceAccountToken` | Whether to auto mount API credentials for a service account | `false` | +| `envoy.serviceAccount.annotations` | Annotations for service account. Evaluated as a template. Only used if `create` is `true`. | `{}` | +| `envoy.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `envoy.livenessProbe.port` | LivenessProbe port | `8002` | +| `envoy.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `120` | +| `envoy.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `envoy.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `envoy.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `envoy.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `envoy.readinessProbe.enabled` | Enable/disable the readiness probe | `true` | +| `envoy.readinessProbe.port` | ReadinessProbe port | `8002` | +| `envoy.readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `10` | +| `envoy.readinessProbe.periodSeconds` | How often to perform the probe | `3` | +| `envoy.readinessProbe.timeoutSeconds` | When the probe times out | `1` | +| `envoy.readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `envoy.readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `envoy.startupProbe.enabled` | Enable/disable the startup probe | `false` | +| `envoy.startupProbe.port` | StartupProbe port | `8002` | +| `envoy.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated | `15` | +| `envoy.startupProbe.periodSeconds` | How often to perform the probe | `10` | +| `envoy.startupProbe.timeoutSeconds` | When the probe times out | `5` | +| `envoy.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `envoy.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `envoy.customLivenessProbe` | Override default liveness probe | `{}` | +| `envoy.customReadinessProbe` | Override default readiness probe | `{}` | +| `envoy.customStartupProbe` | Override default startup probe | `{}` | +| `envoy.terminationGracePeriodSeconds` | Envoy termination grace period in seconds | `300` | +| `envoy.logLevel` | Envoy log level | `info` | +| `envoy.service.name` | envoy service name | `""` | +| `envoy.service.multiAz.enabled` | enables the rendering of the multiple services | `false` | +| `envoy.service.multiAz.zones` | defines different zones their annotations and loadBalancerIPs | `[]` | +| `envoy.service.targetPorts` | Map the controller service HTTP/HTTPS port | `{}` | +| `envoy.service.type` | Type of Envoy service to create | `LoadBalancer` | +| `envoy.service.externalTrafficPolicy` | Envoy Service external cluster policy. If `envoy.service.type` is NodePort or LoadBalancer | `Local` | +| `envoy.service.labels` | Labels to add to te envoy service | `{}` | +| `envoy.service.clusterIP` | Internal envoy cluster service IP | `""` | +| `envoy.service.externalIPs` | Envoy service external IP addresses | `[]` | +| `envoy.service.loadBalancerIP` | IP address to assign to load balancer (if supported) | `""` | +| `envoy.service.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | `[]` | +| `envoy.service.loadBalancerClass` | Envoy service Load Balancer Class | `""` | +| `envoy.service.ipFamilyPolicy` | , support SingleStack, PreferDualStack and RequireDualStack | `""` | +| `envoy.service.ipFamilies` | List of IP families (e.g. IPv4, IPv6) assigned to the service. | `[]` | +| `envoy.service.annotations` | Annotations for Envoy service | `{}` | +| `envoy.service.ports.http` | Sets service http port | `80` | +| `envoy.service.ports.https` | Sets service https port | `443` | +| `envoy.service.ports.metrics` | Sets service metrics port | `8002` | +| `envoy.service.nodePorts.http` | HTTP Port. If `envoy.service.type` is NodePort and this is non-empty | `""` | +| `envoy.service.nodePorts.https` | HTTPS Port. If `envoy.service.type` is NodePort and this is non-empty | `""` | +| `envoy.service.extraPorts` | Extra ports to expose (normally used with the `sidecar` value) | `[]` | +| `envoy.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `envoy.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `envoy.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `envoy.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `envoy.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `envoy.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `envoy.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `envoy.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `envoy.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `envoy.useHostPort.http` | Enable/disable `hostPort` for TCP/80 | `true` | +| `envoy.useHostPort.https` | Enable/disable `hostPort` TCP/443 | `true` | +| `envoy.useHostPort.metrics` | Enable/disable `hostPort` for TCP/8002 | `true` | +| `envoy.useHostIP` | Enable/disable `hostIP` | `false` | +| `envoy.hostPorts.http` | Sets `hostPort` http port | `80` | +| `envoy.hostPorts.https` | Sets `hostPort` https port | `443` | +| `envoy.hostPorts.metrics` | Sets `hostPort` metrics port | `8002` | +| `envoy.hostIPs.http` | Sets `hostIP` http IP | `127.0.0.1` | +| `envoy.hostIPs.https` | Sets `hostIP` https IP | `127.0.0.1` | +| `envoy.hostIPs.metrics` | Sets `hostIP` metrics IP | `127.0.0.1` | +| `envoy.containerPorts.http` | Sets http port inside Envoy pod (change this to >1024 to run envoy as a non-root user) | `8080` | +| `envoy.containerPorts.https` | Sets https port inside Envoy pod (change this to >1024 to run envoy as a non-root user) | `8443` | +| `envoy.containerPorts.metrics` | Sets metrics port inside Envoy pod (change this to >1024 to run envoy as a non-root user) | `8002` | +| `envoy.initContainers` | Attach additional init containers to Envoy pods | `[]` | +| `envoy.sidecars` | Add additional sidecar containers to the Envoy pods | `[]` | +| `envoy.extraVolumes` | Array to add extra volumes | `[]` | +| `envoy.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | +| `envoy.extraEnvVars` | Array containing extra env vars to be added to all Envoy containers | `[]` | +| `envoy.extraEnvVarsCM` | ConfigMap containing extra env vars to be added to all Envoy containers | `""` | +| `envoy.extraEnvVarsSecret` | Secret containing extra env vars to be added to all Envoy containers | `""` | ### Default backend parameters -| Name | Description | Value | -| ------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------- | ------------------------ | -| `defaultBackend.enabled` | Enable a default backend based on NGINX | `false` | -| `defaultBackend.image.registry` | Default backend image registry | `REGISTRY_NAME` | -| `defaultBackend.image.repository` | Default backend image name | `REPOSITORY_NAME/nginx` | -| `defaultBackend.image.digest` | Default backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `defaultBackend.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `defaultBackend.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `defaultBackend.extraArgs` | Additional command line arguments to pass to NGINX container | `{}` | -| `defaultBackend.lifecycleHooks` | lifecycleHooks for the container to automate configuration before or after startup. | `{}` | -| `defaultBackend.extraEnvVars` | Array containing extra env vars to be added to all Contour containers | `[]` | -| `defaultBackend.extraEnvVarsCM` | ConfigMap containing extra env vars to be added to all Contour containers | `""` | -| `defaultBackend.extraEnvVarsSecret` | Secret containing extra env vars to be added to all Contour containers | `""` | -| `defaultBackend.extraVolumes` | Array to add extra volumes | `[]` | -| `defaultBackend.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | -| `defaultBackend.initContainers` | Attach additional init containers to the http backend pods | `[]` | -| `defaultBackend.sidecars` | Add additional sidecar containers to the default backend | `[]` | -| `defaultBackend.containerPorts.http` | Set http port inside Contour pod | `8001` | -| `defaultBackend.updateStrategy` | Strategy to use to update Pods | `{}` | -| `defaultBackend.command` | Override default command | `[]` | -| `defaultBackend.args` | Override default args | `[]` | -| `defaultBackend.hostAliases` | Add deployment host aliases | `[]` | -| `defaultBackend.replicaCount` | Desired number of default backend pods | `1` | -| `defaultBackend.podSecurityContext.enabled` | Default backend Pod securityContext | `true` | -| `defaultBackend.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `defaultBackend.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `defaultBackend.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `defaultBackend.podSecurityContext.fsGroup` | Set Default backend Pod's Security Context fsGroup | `1001` | -| `defaultBackend.containerSecurityContext.enabled` | Enabled defaultBackend containers' Security Context | `true` | -| `defaultBackend.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `defaultBackend.containerSecurityContext.runAsUser` | Set defaultBackend containers' Security Context runAsUser | `1001` | -| `defaultBackend.containerSecurityContext.runAsNonRoot` | Set defaultBackend containers' Security Context runAsNonRoot | `true` | -| `defaultBackend.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `false` | -| `defaultBackend.containerSecurityContext.privileged` | Set defaultBackend container's Security Context privileged | `false` | -| `defaultBackend.containerSecurityContext.allowPrivilegeEscalation` | Set defaultBackend container's Security Context allowPrivilegeEscalation | `false` | -| `defaultBackend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `defaultBackend.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `defaultBackend.resources.limits` | The resources limits for the Default backend container | `{}` | -| `defaultBackend.resources.requests` | The requested resources for the Default backend container | `{}` | -| `defaultBackend.livenessProbe.enabled` | Enable livenessProbe | `true` | -| `defaultBackend.livenessProbe.httpGet` | Path, port and scheme for the livenessProbe | `{}` | -| `defaultBackend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `defaultBackend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `defaultBackend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `defaultBackend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `defaultBackend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `defaultBackend.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `defaultBackend.readinessProbe.httpGet` | Path, port and scheme for the readinessProbe | `{}` | -| `defaultBackend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | -| `defaultBackend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | -| `defaultBackend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `defaultBackend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `defaultBackend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `defaultBackend.startupProbe.enabled` | Enable/disable the startup probe | `false` | -| `defaultBackend.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated | `15` | -| `defaultBackend.startupProbe.periodSeconds` | How often to perform the probe | `10` | -| `defaultBackend.startupProbe.timeoutSeconds` | When the probe times out | `5` | -| `defaultBackend.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | -| `defaultBackend.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | -| `defaultBackend.customLivenessProbe` | Override default liveness probe, it overrides the default one (evaluated as a template) | `{}` | -| `defaultBackend.customReadinessProbe` | Override default readiness probe, it overrides the default one (evaluated as a template) | `{}` | -| `defaultBackend.customStartupProbe` | Override default startup probe | `{}` | -| `defaultBackend.podLabels` | Extra labels for Controller pods | `{}` | -| `defaultBackend.podAnnotations` | Annotations for Controller pods | `{}` | -| `defaultBackend.priorityClassName` | Priority class assigned to the pods | `""` | -| `defaultBackend.schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `defaultBackend.terminationGracePeriodSeconds` | In seconds, time the given to the default backend pod needs to terminate gracefully | `60` | -| `defaultBackend.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `defaultBackend.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `defaultBackend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `defaultBackend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `defaultBackend.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | -| `defaultBackend.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | -| `defaultBackend.affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | -| `defaultBackend.nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | -| `defaultBackend.tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | -| `defaultBackend.service.type` | Service type | `ClusterIP` | -| `defaultBackend.service.ports.http` | Service port | `80` | -| `defaultBackend.service.annotations` | Annotations to add to the service | `{}` | -| `defaultBackend.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `defaultBackend.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `defaultBackend.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `defaultBackend.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `defaultBackend.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `defaultBackend.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `defaultBackend.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `defaultBackend.pdb.create` | Enable Pod Disruption Budget configuration | `false` | -| `defaultBackend.pdb.minAvailable` | Minimum number/percentage of Default backend pods that should remain scheduled | `1` | -| `defaultBackend.pdb.maxUnavailable` | Maximum number/percentage of Default backend pods that should remain scheduled | `""` | -| `ingress.enabled` | Ingress configuration enabled | `false` | -| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | -| `ingress.certManager` | Add annotations for cert-manager | `false` | -| `ingress.annotations` | Annotations to be added to the web ingress. | `{}` | -| `ingress.hostname` | Hostname for the Ingress object | `contour.local` | -| `ingress.path` | The Path to Concourse | `/` | -| `ingress.rulesOverride` | Ingress rules override | `[]` | -| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | -| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | -| `ingress.extraPaths` | Add additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | -| `ingress.tls` | TLS configuration. | `false` | -| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` | -| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | -| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | -| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | +| Name | Description | Value | +| ------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------ | +| `defaultBackend.enabled` | Enable a default backend based on NGINX | `false` | +| `defaultBackend.image.registry` | Default backend image registry | `REGISTRY_NAME` | +| `defaultBackend.image.repository` | Default backend image name | `REPOSITORY_NAME/nginx` | +| `defaultBackend.image.digest` | Default backend image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `defaultBackend.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `defaultBackend.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `defaultBackend.extraArgs` | Additional command line arguments to pass to NGINX container | `{}` | +| `defaultBackend.lifecycleHooks` | lifecycleHooks for the container to automate configuration before or after startup. | `{}` | +| `defaultBackend.extraEnvVars` | Array containing extra env vars to be added to all Contour containers | `[]` | +| `defaultBackend.extraEnvVarsCM` | ConfigMap containing extra env vars to be added to all Contour containers | `""` | +| `defaultBackend.extraEnvVarsSecret` | Secret containing extra env vars to be added to all Contour containers | `""` | +| `defaultBackend.extraVolumes` | Array to add extra volumes | `[]` | +| `defaultBackend.extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes) | `[]` | +| `defaultBackend.initContainers` | Attach additional init containers to the http backend pods | `[]` | +| `defaultBackend.sidecars` | Add additional sidecar containers to the default backend | `[]` | +| `defaultBackend.containerPorts.http` | Set http port inside Contour pod | `8001` | +| `defaultBackend.updateStrategy` | Strategy to use to update Pods | `{}` | +| `defaultBackend.command` | Override default command | `[]` | +| `defaultBackend.args` | Override default args | `[]` | +| `defaultBackend.hostAliases` | Add deployment host aliases | `[]` | +| `defaultBackend.replicaCount` | Desired number of default backend pods | `1` | +| `defaultBackend.podSecurityContext.enabled` | Default backend Pod securityContext | `true` | +| `defaultBackend.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `defaultBackend.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `defaultBackend.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `defaultBackend.podSecurityContext.fsGroup` | Set Default backend Pod's Security Context fsGroup | `1001` | +| `defaultBackend.containerSecurityContext.enabled` | Enabled defaultBackend containers' Security Context | `true` | +| `defaultBackend.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `defaultBackend.containerSecurityContext.runAsUser` | Set defaultBackend containers' Security Context runAsUser | `1001` | +| `defaultBackend.containerSecurityContext.runAsNonRoot` | Set defaultBackend containers' Security Context runAsNonRoot | `true` | +| `defaultBackend.containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's Security Conte | `false` | +| `defaultBackend.containerSecurityContext.privileged` | Set defaultBackend container's Security Context privileged | `false` | +| `defaultBackend.containerSecurityContext.allowPrivilegeEscalation` | Set defaultBackend container's Security Context allowPrivilegeEscalation | `false` | +| `defaultBackend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `defaultBackend.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `defaultBackend.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultBackend.resources is set (defaultBackend.resources is recommended for production). | `none` | +| `defaultBackend.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `defaultBackend.livenessProbe.enabled` | Enable livenessProbe | `true` | +| `defaultBackend.livenessProbe.httpGet` | Path, port and scheme for the livenessProbe | `{}` | +| `defaultBackend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `defaultBackend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `defaultBackend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `defaultBackend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `defaultBackend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `defaultBackend.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `defaultBackend.readinessProbe.httpGet` | Path, port and scheme for the readinessProbe | `{}` | +| `defaultBackend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `0` | +| `defaultBackend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `5` | +| `defaultBackend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `defaultBackend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `defaultBackend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `defaultBackend.startupProbe.enabled` | Enable/disable the startup probe | `false` | +| `defaultBackend.startupProbe.initialDelaySeconds` | Delay before startup probe is initiated | `15` | +| `defaultBackend.startupProbe.periodSeconds` | How often to perform the probe | `10` | +| `defaultBackend.startupProbe.timeoutSeconds` | When the probe times out | `5` | +| `defaultBackend.startupProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `defaultBackend.startupProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | `1` | +| `defaultBackend.customLivenessProbe` | Override default liveness probe, it overrides the default one (evaluated as a template) | `{}` | +| `defaultBackend.customReadinessProbe` | Override default readiness probe, it overrides the default one (evaluated as a template) | `{}` | +| `defaultBackend.customStartupProbe` | Override default startup probe | `{}` | +| `defaultBackend.podLabels` | Extra labels for Controller pods | `{}` | +| `defaultBackend.podAnnotations` | Annotations for Controller pods | `{}` | +| `defaultBackend.priorityClassName` | Priority class assigned to the pods | `""` | +| `defaultBackend.schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `defaultBackend.terminationGracePeriodSeconds` | In seconds, time the given to the default backend pod needs to terminate gracefully | `60` | +| `defaultBackend.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `defaultBackend.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `defaultBackend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `defaultBackend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `defaultBackend.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set. | `""` | +| `defaultBackend.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set. | `[]` | +| `defaultBackend.affinity` | Affinity for pod assignment. Evaluated as a template. | `{}` | +| `defaultBackend.nodeSelector` | Node labels for pod assignment. Evaluated as a template. | `{}` | +| `defaultBackend.tolerations` | Tolerations for pod assignment. Evaluated as a template. | `[]` | +| `defaultBackend.service.type` | Service type | `ClusterIP` | +| `defaultBackend.service.ports.http` | Service port | `80` | +| `defaultBackend.service.annotations` | Annotations to add to the service | `{}` | +| `defaultBackend.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `defaultBackend.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `defaultBackend.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `defaultBackend.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `defaultBackend.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `defaultBackend.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `defaultBackend.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `defaultBackend.pdb.create` | Enable Pod Disruption Budget configuration | `false` | +| `defaultBackend.pdb.minAvailable` | Minimum number/percentage of Default backend pods that should remain scheduled | `1` | +| `defaultBackend.pdb.maxUnavailable` | Maximum number/percentage of Default backend pods that should remain scheduled | `""` | +| `ingress.enabled` | Ingress configuration enabled | `false` | +| `ingress.apiVersion` | Force Ingress API version (automatically detected if not set) | `""` | +| `ingress.certManager` | Add annotations for cert-manager | `false` | +| `ingress.annotations` | Annotations to be added to the web ingress. | `{}` | +| `ingress.hostname` | Hostname for the Ingress object | `contour.local` | +| `ingress.path` | The Path to Concourse | `/` | +| `ingress.rulesOverride` | Ingress rules override | `[]` | +| `ingress.selfSigned` | Create a TLS secret for this ingress record using self-signed certificates generated by Helm | `false` | +| `ingress.ingressClassName` | IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+) | `""` | +| `ingress.extraPaths` | Add additional arbitrary paths that may need to be added to the ingress under the main host. | `[]` | +| `ingress.tls` | TLS configuration. | `false` | +| `ingress.pathType` | Ingress Path type | `ImplementationSpecific` | +| `ingress.extraHosts` | The list of additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.extraTls` | The tls configuration for additional hostnames to be covered with this ingress record. | `[]` | +| `ingress.secrets` | If you're providing your own certificates, please use this to add the certificates as secrets | `[]` | +| `ingress.extraRules` | Additional rules to be covered with this ingress record | `[]` | ### Metrics parameters @@ -533,6 +533,12 @@ The above command sets the `envoy.readinessProbe.successThreshold` to `5`. ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/contour/templates/NOTES.txt b/bitnami/contour/templates/NOTES.txt index f021504ae25b32..f3e785621099d7 100644 --- a/bitnami/contour/templates/NOTES.txt +++ b/bitnami/contour/templates/NOTES.txt @@ -38,3 +38,4 @@ APP VERSION: {{ .Chart.AppVersion }} {{- include "contour.validateValues" . }} {{- include "common.warnings.rollingTag" .Values.contour.image }} {{- include "common.warnings.rollingTag" .Values.envoy.image }} +{{- include "common.warnings.resources" (dict "sections" (list "contour" "defaultBackend" "envoy" "envoy.shutdownManager") "context" $) }} diff --git a/bitnami/contour/templates/default-backend/deployment.yaml b/bitnami/contour/templates/default-backend/deployment.yaml index 1a0684483acdc7..71c39924653544 100644 --- a/bitnami/contour/templates/default-backend/deployment.yaml +++ b/bitnami/contour/templates/default-backend/deployment.yaml @@ -159,6 +159,8 @@ spec: protocol: TCP {{- if .Values.defaultBackend.resources }} resources: {{- toYaml .Values.defaultBackend.resources | nindent 12 }} + {{- else if ne .Values.defaultBackend.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.defaultBackend.resourcesPreset) | nindent 12 }} {{- if .Values.defaultBackend.extraVolumeMounts }} volumeMounts: {{- include "common.tplvalues.render" ( dict "value" .Values.contour.extraVolumeMounts "context" $ ) | nindent 12 }} {{- end }} diff --git a/bitnami/contour/templates/envoy/daemonset.yaml b/bitnami/contour/templates/envoy/daemonset.yaml index efbdeb8c6b0d62..ebeb9dd6279b06 100644 --- a/bitnami/contour/templates/envoy/daemonset.yaml +++ b/bitnami/contour/templates/envoy/daemonset.yaml @@ -104,6 +104,8 @@ spec: {{- end }} name: shutdown-manager resources: {{- toYaml .Values.envoy.shutdownManager.resources | nindent 12 }} + {{- else if ne .Values.envoy.shutdownManager.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.envoy.shutdownManager.resourcesPreset) | nindent 12 }} volumeMounts: - name: envoy-admin mountPath: /admin diff --git a/bitnami/contour/templates/envoy/deployment.yaml b/bitnami/contour/templates/envoy/deployment.yaml index 5211bdb0eddc30..2bf77073d01a57 100644 --- a/bitnami/contour/templates/envoy/deployment.yaml +++ b/bitnami/contour/templates/envoy/deployment.yaml @@ -114,6 +114,8 @@ spec: {{- end }} name: shutdown-manager resources: {{- toYaml .Values.envoy.shutdownManager.resources | nindent 12 }} + {{- else if ne .Values.envoy.shutdownManager.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.envoy.shutdownManager.resourcesPreset) | nindent 12 }} volumeMounts: - name: envoy-admin mountPath: /admin @@ -240,6 +242,8 @@ spec: failureThreshold: {{ .Values.envoy.startupProbe.failureThreshold }} {{- end }} resources: {{- toYaml .Values.envoy.resources | nindent 12 }} + {{- else if ne .Values.envoy.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.envoy.resourcesPreset) | nindent 12 }} volumeMounts: - name: envoy-config mountPath: /config diff --git a/bitnami/contour/values.yaml b/bitnami/contour/values.yaml index fdc67f2e194758..3045e8cd850543 100644 --- a/bitnami/contour/values.yaml +++ b/bitnami/contour/values.yaml @@ -19,7 +19,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @@ -44,7 +43,6 @@ commonLabels: {} ## @param commonAnnotations Annotations to add to all deployed objects ## commonAnnotations: {} - ## Diagnostic mode in the deployment ## diagnosticMode: @@ -59,7 +57,6 @@ diagnosticMode: ## args: - infinity - ## @section Contour parameters ## @@ -80,7 +77,6 @@ configInline: tls: fallback-certificate: {} accesslog-format: envoy - contour: ## @param contour.enabled Contour Deployment creation. ## @@ -166,22 +162,21 @@ contour: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param contour.resources.limits [object] Specify resource limits which the container is not allowed to succeed. - ## @param contour.resources.requests [object] Specify resource requests which the container needs to spawn. + ## @param contour.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if contour.resources is set (contour.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - resources: - ## Example: - ## limits: - ## cpu: 400m - ## memory: 258Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 25Mi - ## - requests: {} + resourcesPreset: "none" + ## @param contour.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param contour.manageCRDs Manage the creation, upgrade and deletion of Contour CRDs. ## manageCRDs: true @@ -603,23 +598,18 @@ contour: name: "" create: true default: true - ## @param contour.debug Enable Contour debug log level ## debug: false - ## @param contour.logFormat Set contour log-format. Default text, either text or json. ## logFormat: text - ## @param contour.kubernetesDebug Contour kubernetes debug log level, Default 0, minimum 0, maximum 9. ## kubernetesDebug: 0 - ## @param contour.rootNamespaces Restrict Contour to searching these namespaces for root ingress routes. ## rootNamespaces: "" - ## Exposes configuration of Envoy's Overload Manager through Contour's bootstrapping process ## When 95% of max heap size is reached for an Envoy, "shrink heap" operation is triggered. ## When 98% of max heap size is reached for an Envoy, it no longer accepts requests. @@ -630,10 +620,8 @@ contour: overloadManager: enabled: false maxHeapBytes: "2147483648" - ## @section Envoy parameters ## - envoy: ## @param envoy.enabled Envoy Proxy creation ## @@ -695,22 +683,21 @@ envoy: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param envoy.resources.limits [object] Specify resource limits which the container is not allowed to succeed. - ## @param envoy.resources.requests [object] Specify resource requests which the container needs to spawn. + ## @param envoy.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if envoy.resources is set (envoy.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - resources: - ## Example: - ## limits: - ## cpu: 400m - ## memory: 250Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 25Mi - ## - requests: {} + resourcesPreset: "none" + ## @param envoy.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param envoy.command Override default command ## command: [] @@ -720,26 +707,24 @@ envoy: ## @param envoy.shutdownManager.enabled Contour shutdownManager sidecar ## @param envoy.shutdownManager.extraArgs [array] Extra arguments passed to shutdown container ## @param envoy.shutdownManager.port Specify Port for shutdown container - ## @param envoy.shutdownManager.resources.limits [object] Specify resource limits which the container is not allowed to succeed. - ## @param envoy.shutdownManager.resources.requests [object] Specify resource requests which the container needs to spawn. + ## @param envoy.shutdownManager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if envoy.shutdownManager.resources is set (envoy.shutdownManager.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## @param envoy.shutdownManager.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) ## shutdownManager: extraArgs: [] port: "8090" enabled: true - resources: - ## Example: - ## limits: - ## cpu: 50m - ## memory: 32Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 10m - ## memory: 16Mi - ## - requests: {} + resourcesPreset: "none" + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + resources: {} ## Shutdown Manager container security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param envoy.shutdownManager.containerSecurityContext.enabled Enabled envoy shutdownManager containers' Security Context @@ -764,7 +749,6 @@ envoy: seccompProfile: type: "RuntimeDefault" readOnlyRootFilesystem: true - ## Envoy Initconfig initcontainer security context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param envoy.initConfig.containerSecurityContext.enabled Enabled envoy initConfig containers' Security Context @@ -1232,7 +1216,6 @@ envoy: ## @param envoy.extraEnvVarsSecret Secret containing extra env vars to be added to all Envoy containers ## extraEnvVarsSecret: "" - ## @section Default backend parameters ## @@ -1378,22 +1361,21 @@ defaultBackend: ## We usually recommend not to specify default resources and to leave this as a conscious ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. - ## @param defaultBackend.resources.limits [object] The resources limits for the Default backend container - ## @param defaultBackend.resources.requests [object] The requested resources for the Default backend container + ## @param defaultBackend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if defaultBackend.resources is set (defaultBackend.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - resources: - ## Example: - ## limits: - ## cpu: 250m - ## memory: 256Mi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 250m - ## memory: 256Mi - ## - requests: {} + resourcesPreset: "none" + ## @param defaultBackend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Default backend containers' liveness probe. Evaluated as a template. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes ## @param defaultBackend.livenessProbe.enabled Enable livenessProbe @@ -1590,7 +1572,6 @@ defaultBackend: create: false minAvailable: 1 maxUnavailable: "" - ## Ingress parameters ## ingress: @@ -1690,10 +1671,8 @@ ingress: ## name: http ## extraRules: [] - ## @section Metrics parameters ## - metrics: ## Prometheus Operator service monitors ## @@ -1728,7 +1707,6 @@ metrics: ## @param metrics.serviceMonitor.labels Extra labels for the ServiceMonitor ## labels: {} - ## Prometheus Operator prometheusRules ## prometheusRule: @@ -1744,7 +1722,6 @@ metrics: ## @param metrics.prometheusRule.rules Prometheus Rule definitions ## rules: [] - ## @section Other parameters ## From 08299565064ded952d543c5abda9a0359cdf7d39 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 13:31:33 +0100 Subject: [PATCH 012/129] [bitnami/concourse] feat: :sparkles: :lock: Add resource preset support (#23437) Signed-off-by: Javier Salmeron Garcia --- bitnami/concourse/Chart.lock | 6 +- bitnami/concourse/README.md | 488 +++++++++--------- bitnami/concourse/templates/NOTES.txt | 1 + .../concourse/templates/web/deployment.yaml | 2 + .../templates/worker/deployment.yaml | 2 + .../templates/worker/statefulset.yaml | 4 + bitnami/concourse/values.yaml | 76 +-- 7 files changed, 304 insertions(+), 275 deletions(-) diff --git a/bitnami/concourse/Chart.lock b/bitnami/concourse/Chart.lock index 67935434a2a62b..edaa757ee78299 100644 --- a/bitnami/concourse/Chart.lock +++ b/bitnami/concourse/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 13.4.4 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:ed1ae30d04e3363a388e6e9f7518053e207fa1586540ebab2ecf963432c1a669 -generated: "2024-02-02T10:34:53.374852165Z" + version: 2.15.3 +digest: sha256:ec94925c6be1fa56ae67a77bdaf0f840232c91970af47a758adfc6aa9643a980 +generated: "2024-02-14T14:41:34.744181277+01:00" diff --git a/bitnami/concourse/README.md b/bitnami/concourse/README.md index 2fadaf4e3c2b7d..c5cf4a1caf7ae9 100644 --- a/bitnami/concourse/README.md +++ b/bitnami/concourse/README.md @@ -104,236 +104,236 @@ The command removes all the Kubernetes components associated with the chart and ### Concourse Web parameters -| Name | Description | Value | -| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | -| `web.enabled` | Enable Concourse web component | `true` | -| `web.baseUrl` | url | `/` | -| `web.logLevel` | Minimum level of logs to see. Possible options: debug, info, error. | `debug` | -| `web.clusterName` | A name for this Concourse cluster, to be displayed on the dashboard page. | `""` | -| `web.bindIp` | IP address on which to listen for HTTP traffic (web UI and API). | `0.0.0.0` | -| `web.peerAddress` | Network address of this web node, reachable by other web nodes. | `""` | -| `web.externalUrl` | URL used to reach any ATC from the outside world. | `""` | -| `web.auth.cookieSecure` | use cookie secure true or false | `false` | -| `web.auth.duration` | Length of time for which tokens are valid. Afterwards, users will have to log back in. | `24h` | -| `web.auth.passwordConnector` | The connector to use for password authentication for `fly login -u ... -p ...`. | `""` | -| `web.auth.mainTeam.config` | Configuration file for specifying the main teams params. | `""` | -| `web.auth.mainTeam.localUser` | Comma-separated list of local Concourse users to be included as members of the `main` team. | `user` | -| `web.existingSecret` | Use an existing secret for the Web service credentials | `""` | -| `web.enableAcrossStep` | Enable the experimental across step to be used in jobs. The API is subject to change. | `false` | -| `web.enablePipelineInstances` | Enable the creation of instanced pipelines. | `false` | -| `web.enableCacheStreamedVolumes` | Enable caching streamed resource volumes on the destination worker. | `false` | -| `web.baseResourceTypeDefaults` | Configuration file for specifying defaults for base resource types | `""` | -| `web.tsa.logLevel` | Minimum level of logs to see. Possible values: debug, info, error | `debug` | -| `web.tsa.bindIp` | IP address on which to listen for SSH | `0.0.0.0` | -| `web.tsa.debugBindIp` | IP address on which to listen for the pprof debugger endpoints (default: 127.0.0.1) | `127.0.0.1` | -| `web.tsa.heartbeatInterval` | Interval on which to heartbeat workers to the ATC | `30s` | -| `web.tsa.gardenRequestTimeout` | How long to wait for requests to Garden to complete. 0 means no timeout | `""` | -| `web.tls.enabled` | enable serving HTTPS traffic directly through the web component. | `false` | -| `web.configRBAC` | Set RBAC configuration | `""` | -| `web.conjur.enabled` | Enable the use of Conjur as a credential manager | `false` | -| `web.conjur.applianceUrl` | URL of the Conjur instance. | `""` | -| `web.conjur.pipelineSecretTemplate` | Path used to locate pipeline-level secret | `concourse/{{.Team}}/{{.Pipeline}}/{{.Secret}}` | -| `web.conjur.teamSecretTemplate` | Path used to locate team-level secret | `concourse/{{.Team}}/{{.Secret}}` | -| `web.conjur.secretTemplate` | Path used to locate a vault or safe-level secret | `concourse/{{.Secret}}` | -| `web.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for web | `""` | -| `web.command` | Override default container command (useful when using custom images) | `[]` | -| `web.args` | Override default container args (useful when using custom images) | `[]` | -| `web.extraEnvVars` | Array with extra environment variables to add to Concourse web nodes | `[]` | -| `web.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Concourse web nodes | `""` | -| `web.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Concourse web nodes | `""` | -| `web.replicaCount` | Number of Concourse web replicas to deploy | `1` | -| `web.containerPorts.http` | Concourse web UI and API HTTP container port | `8080` | -| `web.containerPorts.https` | Concourse web UI and API HTTPS container port | `8443` | -| `web.containerPorts.tsa` | Concourse web TSA SSH container port | `2222` | -| `web.containerPorts.pprof` | Concourse web TSA pprof server container port | `2221` | -| `web.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `web.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `web.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `web.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `web.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `web.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | `[]` | -| `web.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `web.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `web.livenessProbe.enabled` | Enable livenessProbe on Concourse web containers | `true` | -| `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `15` | -| `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `3` | -| `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `1` | -| `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `web.readinessProbe.enabled` | Enable readinessProbe on Concourse web containers | `true` | -| `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `15` | -| `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `1` | -| `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `web.startupProbe.enabled` | Enable startupProbe on Concourse web containers | `false` | -| `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `web.resources.limits` | The resources limits for the Concourse web containers | `{}` | -| `web.resources.requests` | The requested resources for the Concourse web containers | `{}` | -| `web.podSecurityContext.enabled` | Enabled web pods' Security Context | `true` | -| `web.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `web.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `web.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `web.podSecurityContext.fsGroup` | Set web pod's Security Context fsGroup | `1001` | -| `web.containerSecurityContext.enabled` | Enabled web containers' Security Context | `true` | -| `web.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `web.containerSecurityContext.runAsUser` | Set web containers' Security Context runAsUser | `1001` | -| `web.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `web.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `web.hostAliases` | Concourse web pod host aliases | `[]` | -| `web.podLabels` | Extra labels for Concourse web pods | `{}` | -| `web.podAnnotations` | Annotations for Concourse web pods | `{}` | -| `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set | `""` | -| `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set | `[]` | -| `web.affinity` | Affinity for web pods assignment | `{}` | -| `web.nodeSelector` | Node labels for web pods assignment | `{}` | -| `web.tolerations` | Tolerations for web pods assignment | `[]` | -| `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `web.priorityClassName` | Priority Class to use for each pod (Concourse web) | `""` | -| `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `web.terminationGracePeriodSeconds` | Seconds Concourse web pod needs to terminate gracefully | `""` | -| `web.updateStrategy.rollingUpdate` | Concourse web statefulset rolling update configuration parameters | `{}` | -| `web.updateStrategy.type` | Concourse web statefulset strategy type | `RollingUpdate` | -| `web.lifecycleHooks` | lifecycleHooks for the Concourse web container(s) | `{}` | -| `web.extraVolumes` | Optionally specify extra list of additional volumeMounts for the Concourse web container(s) | `[]` | -| `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Concourse web container(s) | `[]` | -| `web.sidecars` | Add additional sidecar containers to the Concourse web pod(s) | `[]` | -| `web.initContainers` | Add additional init containers to the Concourse web pod(s) | `[]` | -| `web.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | -| `web.rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `web.rbac.rules` | Custom RBAC rules to set | `[]` | -| `web.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `web.serviceAccount.name` | Override Web service account name | `""` | -| `web.serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | -| `web.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| Name | Description | Value | +| -------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------- | +| `web.enabled` | Enable Concourse web component | `true` | +| `web.baseUrl` | url | `/` | +| `web.logLevel` | Minimum level of logs to see. Possible options: debug, info, error. | `debug` | +| `web.clusterName` | A name for this Concourse cluster, to be displayed on the dashboard page. | `""` | +| `web.bindIp` | IP address on which to listen for HTTP traffic (web UI and API). | `0.0.0.0` | +| `web.peerAddress` | Network address of this web node, reachable by other web nodes. | `""` | +| `web.externalUrl` | URL used to reach any ATC from the outside world. | `""` | +| `web.auth.cookieSecure` | use cookie secure true or false | `false` | +| `web.auth.duration` | Length of time for which tokens are valid. Afterwards, users will have to log back in. | `24h` | +| `web.auth.passwordConnector` | The connector to use for password authentication for `fly login -u ... -p ...`. | `""` | +| `web.auth.mainTeam.config` | Configuration file for specifying the main teams params. | `""` | +| `web.auth.mainTeam.localUser` | Comma-separated list of local Concourse users to be included as members of the `main` team. | `user` | +| `web.existingSecret` | Use an existing secret for the Web service credentials | `""` | +| `web.enableAcrossStep` | Enable the experimental across step to be used in jobs. The API is subject to change. | `false` | +| `web.enablePipelineInstances` | Enable the creation of instanced pipelines. | `false` | +| `web.enableCacheStreamedVolumes` | Enable caching streamed resource volumes on the destination worker. | `false` | +| `web.baseResourceTypeDefaults` | Configuration file for specifying defaults for base resource types | `""` | +| `web.tsa.logLevel` | Minimum level of logs to see. Possible values: debug, info, error | `debug` | +| `web.tsa.bindIp` | IP address on which to listen for SSH | `0.0.0.0` | +| `web.tsa.debugBindIp` | IP address on which to listen for the pprof debugger endpoints (default: 127.0.0.1) | `127.0.0.1` | +| `web.tsa.heartbeatInterval` | Interval on which to heartbeat workers to the ATC | `30s` | +| `web.tsa.gardenRequestTimeout` | How long to wait for requests to Garden to complete. 0 means no timeout | `""` | +| `web.tls.enabled` | enable serving HTTPS traffic directly through the web component. | `false` | +| `web.configRBAC` | Set RBAC configuration | `""` | +| `web.conjur.enabled` | Enable the use of Conjur as a credential manager | `false` | +| `web.conjur.applianceUrl` | URL of the Conjur instance. | `""` | +| `web.conjur.pipelineSecretTemplate` | Path used to locate pipeline-level secret | `concourse/{{.Team}}/{{.Pipeline}}/{{.Secret}}` | +| `web.conjur.teamSecretTemplate` | Path used to locate team-level secret | `concourse/{{.Team}}/{{.Secret}}` | +| `web.conjur.secretTemplate` | Path used to locate a vault or safe-level secret | `concourse/{{.Secret}}` | +| `web.existingConfigmap` | The name of an existing ConfigMap with your custom configuration for web | `""` | +| `web.command` | Override default container command (useful when using custom images) | `[]` | +| `web.args` | Override default container args (useful when using custom images) | `[]` | +| `web.extraEnvVars` | Array with extra environment variables to add to Concourse web nodes | `[]` | +| `web.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Concourse web nodes | `""` | +| `web.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Concourse web nodes | `""` | +| `web.replicaCount` | Number of Concourse web replicas to deploy | `1` | +| `web.containerPorts.http` | Concourse web UI and API HTTP container port | `8080` | +| `web.containerPorts.https` | Concourse web UI and API HTTPS container port | `8443` | +| `web.containerPorts.tsa` | Concourse web TSA SSH container port | `2222` | +| `web.containerPorts.pprof` | Concourse web TSA pprof server container port | `2221` | +| `web.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `web.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `web.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `web.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `web.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `web.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | `[]` | +| `web.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `web.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `web.livenessProbe.enabled` | Enable livenessProbe on Concourse web containers | `true` | +| `web.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `web.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `15` | +| `web.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `3` | +| `web.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `1` | +| `web.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `web.readinessProbe.enabled` | Enable readinessProbe on Concourse web containers | `true` | +| `web.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `web.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `15` | +| `web.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | +| `web.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `1` | +| `web.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `web.startupProbe.enabled` | Enable startupProbe on Concourse web containers | `false` | +| `web.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `web.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `web.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `web.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `web.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `web.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `web.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `web.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `web.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if web.resources is set (web.resources is recommended for production). | `none` | +| `web.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `web.podSecurityContext.enabled` | Enabled web pods' Security Context | `true` | +| `web.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `web.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `web.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `web.podSecurityContext.fsGroup` | Set web pod's Security Context fsGroup | `1001` | +| `web.containerSecurityContext.enabled` | Enabled web containers' Security Context | `true` | +| `web.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `web.containerSecurityContext.runAsUser` | Set web containers' Security Context runAsUser | `1001` | +| `web.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `web.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `web.hostAliases` | Concourse web pod host aliases | `[]` | +| `web.podLabels` | Extra labels for Concourse web pods | `{}` | +| `web.podAnnotations` | Annotations for Concourse web pods | `{}` | +| `web.podAffinityPreset` | Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `web.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `web.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `web.nodeAffinityPreset.key` | Node label key to match. Ignored if `web.affinity` is set | `""` | +| `web.nodeAffinityPreset.values` | Node label values to match. Ignored if `web.affinity` is set | `[]` | +| `web.affinity` | Affinity for web pods assignment | `{}` | +| `web.nodeSelector` | Node labels for web pods assignment | `{}` | +| `web.tolerations` | Tolerations for web pods assignment | `[]` | +| `web.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `web.priorityClassName` | Priority Class to use for each pod (Concourse web) | `""` | +| `web.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `web.terminationGracePeriodSeconds` | Seconds Concourse web pod needs to terminate gracefully | `""` | +| `web.updateStrategy.rollingUpdate` | Concourse web statefulset rolling update configuration parameters | `{}` | +| `web.updateStrategy.type` | Concourse web statefulset strategy type | `RollingUpdate` | +| `web.lifecycleHooks` | lifecycleHooks for the Concourse web container(s) | `{}` | +| `web.extraVolumes` | Optionally specify extra list of additional volumeMounts for the Concourse web container(s) | `[]` | +| `web.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Concourse web container(s) | `[]` | +| `web.sidecars` | Add additional sidecar containers to the Concourse web pod(s) | `[]` | +| `web.initContainers` | Add additional init containers to the Concourse web pod(s) | `[]` | +| `web.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | +| `web.rbac.create` | Specifies whether RBAC resources should be created | `true` | +| `web.rbac.rules` | Custom RBAC rules to set | `[]` | +| `web.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `web.serviceAccount.name` | Override Web service account name | `""` | +| `web.serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | +| `web.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | ### Concourse Worker parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | -| `worker.enabled` | Enable Concourse worker nodes | `true` | -| `worker.runtime` | Set CONCURSE_RUNTIME in worker nodes. Please note the default runtime (guardian) only supports cgroupsv1. | `containerd` | -| `worker.logLevel` | Minimum level of logs to see. Possible options: debug, info, error | `debug` | -| `worker.bindIp` | IP address on which to listen for the Garden server. | `127.0.0.1` | -| `worker.tsa.hosts` | TSA host(s) to forward the worker through | `[]` | -| `worker.existingSecret` | name of an existing secret resource containing the keys and the pub | `""` | -| `worker.baggageclaim.logLevel` | Minimum level of logs to see. Allowed values: `debug`, `info`, and `error` | `info` | -| `worker.baggageclaim.bindIp` | IP address on which to listen for API traffic | `127.0.0.1` | -| `worker.baggageclaim.debugBindIp` | IP address on which to listen for the pprof debugger endpoints | `127.0.0.1` | -| `worker.baggageclaim.disableUserNamespaces` | Disable remapping of user/group IDs in unprivileged volumes | `""` | -| `worker.baggageclaim.volumes` | Directory in which to place volume data | `""` | -| `worker.baggageclaim.driver` | Driver to use for managing volumes. Allowed values: `detect`, `naive`, `btrfs`, and `overlay` | `""` | -| `worker.baggageclaim.btrfsBin` | Path to btrfs binary | `btrfs` | -| `worker.baggageclaim.mkfsBin` | Path to mkfs.btrfs binary | `mkfs.btrfs` | -| `worker.baggageclaim.overlaysDir` | Path to directory in which to store overlay data | `""` | -| `worker.command` | Override default container command (useful when using custom images) | `[]` | -| `worker.args` | Override worker default args | `[]` | -| `worker.replicaCount` | Number of worker replicas | `2` | -| `worker.mode` | Selects kind of Deployment. Allowed values: `deployment` or `statefulset` | `deployment` | -| `worker.containerPorts.garden` | Concourse worker Garden server container port | `7777` | -| `worker.containerPorts.health` | Concourse worker health-check container port | `8888` | -| `worker.containerPorts.baggageclaim` | Concourse worker baggageclaim API container port | `7788` | -| `worker.containerPorts.pprof` | Concourse worker baggageclaim pprof server container port | `7787` | -| `worker.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `worker.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `worker.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `worker.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | -| `worker.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `worker.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | `[]` | -| `worker.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `worker.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `worker.livenessProbe.enabled` | Enable livenessProbe on Concourse worker containers | `true` | -| `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `15` | -| `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `3` | -| `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `1` | -| `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `worker.readinessProbe.enabled` | Enable readinessProbe on Concourse worker containers | `true` | -| `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `15` | -| `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | -| `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `1` | -| `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `worker.startupProbe.enabled` | Enable startupProbe on Concourse worker containers | `false` | -| `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | -| `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `worker.resources.limits` | The resources limits for the Concourse worker containers | `{}` | -| `worker.resources.requests` | The requested resources for the Concourse worker containers | `{}` | -| `worker.podSecurityContext.enabled` | Enabled worker pods' Security Context | `true` | -| `worker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `worker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `worker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `worker.podSecurityContext.fsGroup` | Set worker pod's Security Context fsGroup | `1001` | -| `worker.containerSecurityContext.enabled` | Enabled worker containers' Security Context | `true` | -| `worker.containerSecurityContext.privileged` | Set worker containers' Security Context with privileged or not | `true` | -| `worker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `worker.containerSecurityContext.runAsUser` | Set worker containers' Security Context user | `0` | -| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `worker.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `worker.hostAliases` | Concourse worker pod host aliases | `[]` | -| `worker.podLabels` | Custom labels for Concourse worker pods | `{}` | -| `worker.podAnnotations` | Annotations for Concourse worker pods | `{}` | -| `worker.podAffinityPreset` | Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `worker.podAntiAffinityPreset` | Pod anti-affinity preset | `soft` | -| `worker.nodeAffinityPreset.type` | Node affinity type | `""` | -| `worker.nodeAffinityPreset.key` | Node label key to match | `""` | -| `worker.nodeAffinityPreset.values` | Node label values to match | `[]` | -| `worker.affinity` | Affinity for pod assignment | `{}` | -| `worker.nodeSelector` | Node labels for pod assignment | `{}` | -| `worker.tolerations` | Tolerations for worker pod assignment | `[]` | -| `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `worker.priorityClassName` | Priority Class to use for each pod (Concourse worker) | `""` | -| `worker.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | -| `worker.terminationGracePeriodSeconds` | Seconds Concourse worker pod needs to terminate gracefully | `""` | -| `worker.podManagementPolicy` | Statefulset Pod Management Policy Type. Allowed values: `OrderedReady` or `Parallel` | `OrderedReady` | -| `worker.updateStrategy.rollingUpdate` | Concourse worker statefulset rolling update configuration parameters | `{}` | -| `worker.updateStrategy.type` | Concourse worker statefulset strategy type | `RollingUpdate` | -| `worker.lifecycleHooks` | for the Concourse worker container(s) to automate configuration before or after startup | `{}` | -| `worker.extraEnvVars` | Array with extra environment variables to add to Concourse worker nodes | `[]` | -| `worker.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Concourse worker nodes | `""` | -| `worker.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Concourse worker nodes | `""` | -| `worker.extraVolumes` | Optionally specify extra list of additional volumes for the Concourse worker pod(s) | `[]` | -| `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Concourse worker container(s) | `[]` | -| `worker.sidecars` | Add additional sidecar containers to the Concourse worker pod(s) | `[]` | -| `worker.initContainers` | Add additional init containers to the Concourse worker pod(s) | `[]` | -| `worker.autoscaling.enabled` | Enable autoscaling for the Concourse worker nodes | `false` | -| `worker.autoscaling.maxReplicas` | Set maximum number of replicas to the Concourse worker nodes | `""` | -| `worker.autoscaling.minReplicas` | Set minimum number of replicas to the Concourse worker nodes | `""` | -| `worker.autoscaling.builtInMetrics` | Array with built-in metrics | `[]` | -| `worker.autoscaling.customMetrics` | Array with custom metrics | `[]` | -| `worker.pdb.create` | Create Pod disruption budget object for Concourse worker nodes | `true` | -| `worker.pdb.minAvailable` | Minimum number / percentage of Concourse worker pods that should remain scheduled | `2` | -| `worker.pdb.maxUnavailable` | Maximum number/percentage of Concourse worker pods that may be made unavailable | `""` | -| `worker.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | -| `worker.persistence.enabled` | Enable Concourse worker data persistence using PVC | `true` | -| `worker.persistence.existingClaim` | Name of an existing PVC to use | `""` | -| `worker.persistence.storageClass` | PVC Storage Class for Concourse worker data volume | `""` | -| `worker.persistence.accessModes` | PVC Access Mode for Concourse worker volume | `["ReadWriteOnce"]` | -| `worker.persistence.size` | PVC Storage Request for Concourse worker volume | `8Gi` | -| `worker.persistence.annotations` | Annotations for the PVC | `{}` | -| `worker.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | -| `worker.rbac.create` | Specifies whether RBAC resources should be created | `true` | -| `worker.rbac.rules` | Custom RBAC rules to set | `[]` | -| `worker.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `worker.serviceAccount.name` | Override worker service account name | `""` | -| `worker.serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | -| `worker.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| Name | Description | Value | +| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- | +| `worker.enabled` | Enable Concourse worker nodes | `true` | +| `worker.runtime` | Set CONCURSE_RUNTIME in worker nodes. Please note the default runtime (guardian) only supports cgroupsv1. | `containerd` | +| `worker.logLevel` | Minimum level of logs to see. Possible options: debug, info, error | `debug` | +| `worker.bindIp` | IP address on which to listen for the Garden server. | `127.0.0.1` | +| `worker.tsa.hosts` | TSA host(s) to forward the worker through | `[]` | +| `worker.existingSecret` | name of an existing secret resource containing the keys and the pub | `""` | +| `worker.baggageclaim.logLevel` | Minimum level of logs to see. Allowed values: `debug`, `info`, and `error` | `info` | +| `worker.baggageclaim.bindIp` | IP address on which to listen for API traffic | `127.0.0.1` | +| `worker.baggageclaim.debugBindIp` | IP address on which to listen for the pprof debugger endpoints | `127.0.0.1` | +| `worker.baggageclaim.disableUserNamespaces` | Disable remapping of user/group IDs in unprivileged volumes | `""` | +| `worker.baggageclaim.volumes` | Directory in which to place volume data | `""` | +| `worker.baggageclaim.driver` | Driver to use for managing volumes. Allowed values: `detect`, `naive`, `btrfs`, and `overlay` | `""` | +| `worker.baggageclaim.btrfsBin` | Path to btrfs binary | `btrfs` | +| `worker.baggageclaim.mkfsBin` | Path to mkfs.btrfs binary | `mkfs.btrfs` | +| `worker.baggageclaim.overlaysDir` | Path to directory in which to store overlay data | `""` | +| `worker.command` | Override default container command (useful when using custom images) | `[]` | +| `worker.args` | Override worker default args | `[]` | +| `worker.replicaCount` | Number of worker replicas | `2` | +| `worker.mode` | Selects kind of Deployment. Allowed values: `deployment` or `statefulset` | `deployment` | +| `worker.containerPorts.garden` | Concourse worker Garden server container port | `7777` | +| `worker.containerPorts.health` | Concourse worker health-check container port | `8888` | +| `worker.containerPorts.baggageclaim` | Concourse worker baggageclaim API container port | `7788` | +| `worker.containerPorts.pprof` | Concourse worker baggageclaim pprof server container port | `7787` | +| `worker.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `worker.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `worker.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `worker.networkPolicy.kubeAPIServerPorts` | List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security) | `[]` | +| `worker.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `worker.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true) | `[]` | +| `worker.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `worker.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `worker.livenessProbe.enabled` | Enable livenessProbe on Concourse worker containers | `true` | +| `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `15` | +| `worker.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `3` | +| `worker.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `1` | +| `worker.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `worker.readinessProbe.enabled` | Enable readinessProbe on Concourse worker containers | `true` | +| `worker.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `worker.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `15` | +| `worker.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `3` | +| `worker.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `1` | +| `worker.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `worker.startupProbe.enabled` | Enable startupProbe on Concourse worker containers | `false` | +| `worker.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `5` | +| `worker.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `worker.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `worker.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `worker.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `worker.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `worker.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `worker.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `worker.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production). | `none` | +| `worker.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `worker.podSecurityContext.enabled` | Enabled worker pods' Security Context | `true` | +| `worker.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `worker.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `worker.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `worker.podSecurityContext.fsGroup` | Set worker pod's Security Context fsGroup | `1001` | +| `worker.containerSecurityContext.enabled` | Enabled worker containers' Security Context | `true` | +| `worker.containerSecurityContext.privileged` | Set worker containers' Security Context with privileged or not | `true` | +| `worker.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `worker.containerSecurityContext.runAsUser` | Set worker containers' Security Context user | `0` | +| `worker.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `worker.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `worker.hostAliases` | Concourse worker pod host aliases | `[]` | +| `worker.podLabels` | Custom labels for Concourse worker pods | `{}` | +| `worker.podAnnotations` | Annotations for Concourse worker pods | `{}` | +| `worker.podAffinityPreset` | Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `worker.podAntiAffinityPreset` | Pod anti-affinity preset | `soft` | +| `worker.nodeAffinityPreset.type` | Node affinity type | `""` | +| `worker.nodeAffinityPreset.key` | Node label key to match | `""` | +| `worker.nodeAffinityPreset.values` | Node label values to match | `[]` | +| `worker.affinity` | Affinity for pod assignment | `{}` | +| `worker.nodeSelector` | Node labels for pod assignment | `{}` | +| `worker.tolerations` | Tolerations for worker pod assignment | `[]` | +| `worker.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `worker.priorityClassName` | Priority Class to use for each pod (Concourse worker) | `""` | +| `worker.schedulerName` | Use an alternate scheduler, e.g. "stork". | `""` | +| `worker.terminationGracePeriodSeconds` | Seconds Concourse worker pod needs to terminate gracefully | `""` | +| `worker.podManagementPolicy` | Statefulset Pod Management Policy Type. Allowed values: `OrderedReady` or `Parallel` | `OrderedReady` | +| `worker.updateStrategy.rollingUpdate` | Concourse worker statefulset rolling update configuration parameters | `{}` | +| `worker.updateStrategy.type` | Concourse worker statefulset strategy type | `RollingUpdate` | +| `worker.lifecycleHooks` | for the Concourse worker container(s) to automate configuration before or after startup | `{}` | +| `worker.extraEnvVars` | Array with extra environment variables to add to Concourse worker nodes | `[]` | +| `worker.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Concourse worker nodes | `""` | +| `worker.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Concourse worker nodes | `""` | +| `worker.extraVolumes` | Optionally specify extra list of additional volumes for the Concourse worker pod(s) | `[]` | +| `worker.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Concourse worker container(s) | `[]` | +| `worker.sidecars` | Add additional sidecar containers to the Concourse worker pod(s) | `[]` | +| `worker.initContainers` | Add additional init containers to the Concourse worker pod(s) | `[]` | +| `worker.autoscaling.enabled` | Enable autoscaling for the Concourse worker nodes | `false` | +| `worker.autoscaling.maxReplicas` | Set maximum number of replicas to the Concourse worker nodes | `""` | +| `worker.autoscaling.minReplicas` | Set minimum number of replicas to the Concourse worker nodes | `""` | +| `worker.autoscaling.builtInMetrics` | Array with built-in metrics | `[]` | +| `worker.autoscaling.customMetrics` | Array with custom metrics | `[]` | +| `worker.pdb.create` | Create Pod disruption budget object for Concourse worker nodes | `true` | +| `worker.pdb.minAvailable` | Minimum number / percentage of Concourse worker pods that should remain scheduled | `2` | +| `worker.pdb.maxUnavailable` | Maximum number/percentage of Concourse worker pods that may be made unavailable | `""` | +| `worker.psp.create` | Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later | `false` | +| `worker.persistence.enabled` | Enable Concourse worker data persistence using PVC | `true` | +| `worker.persistence.existingClaim` | Name of an existing PVC to use | `""` | +| `worker.persistence.storageClass` | PVC Storage Class for Concourse worker data volume | `""` | +| `worker.persistence.accessModes` | PVC Access Mode for Concourse worker volume | `["ReadWriteOnce"]` | +| `worker.persistence.size` | PVC Storage Request for Concourse worker volume | `8Gi` | +| `worker.persistence.annotations` | Annotations for the PVC | `{}` | +| `worker.persistence.selector` | Selector to match an existing Persistent Volume (this value is evaluated as a template) | `{}` | +| `worker.rbac.create` | Specifies whether RBAC resources should be created | `true` | +| `worker.rbac.rules` | Custom RBAC rules to set | `[]` | +| `worker.serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | +| `worker.serviceAccount.name` | Override worker service account name | `""` | +| `worker.serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | +| `worker.serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | ### Traffic exposure parameters @@ -380,20 +380,20 @@ The command removes all the Kubernetes components associated with the chart and ### Init Container Parameters -| Name | Description | Value | -| ---------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | -| `volumePermissions.resources.limits` | Init container volume-permissions resource limits | `{}` | -| `volumePermissions.resources.requests` | Init container volume-permissions resource requests | `{}` | -| `volumePermissions.containerSecurityContext.enabled` | Enabled init container Security Context | `true` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | -| `volumePermissions.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| Name | Description | Value | +| ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner and group of the persistent volume | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | Init container volume-permissions image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | Init container volume-permissions image pull secrets | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `volumePermissions.containerSecurityContext.enabled` | Enabled init container Security Context | `true` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `volumePermissions.containerSecurityContext.runAsUser` | User ID for the init container | `0` | +| `volumePermissions.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | ### Concourse database parameters @@ -448,6 +448,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/conco ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling vs Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/concourse/templates/NOTES.txt b/bitnami/concourse/templates/NOTES.txt index b4a9e7a351a97d..887991a555faa8 100644 --- a/bitnami/concourse/templates/NOTES.txt +++ b/bitnami/concourse/templates/NOTES.txt @@ -167,3 +167,4 @@ To connect to Concourse from outside the cluster, perform the following steps: {{- $passwordValidationErrors = append $passwordValidationErrors $requiredWebPasswordError -}} {{- end }} {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} +{{- include "common.warnings.resources" (dict "sections" (list "volumePermissions" "web" "worker") "context" $) }} diff --git a/bitnami/concourse/templates/web/deployment.yaml b/bitnami/concourse/templates/web/deployment.yaml index aca71d77fb8515..20ac6c63fe70a9 100644 --- a/bitnami/concourse/templates/web/deployment.yaml +++ b/bitnami/concourse/templates/web/deployment.yaml @@ -354,6 +354,8 @@ spec: {{- end }} {{- if .Values.web.resources }} resources: {{- toYaml .Values.web.resources | nindent 12 }} + {{- else if ne .Values.web.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.web.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.web.customStartupProbe }} diff --git a/bitnami/concourse/templates/worker/deployment.yaml b/bitnami/concourse/templates/worker/deployment.yaml index 399826f02f8eb7..09daa1e6ca1ad4 100644 --- a/bitnami/concourse/templates/worker/deployment.yaml +++ b/bitnami/concourse/templates/worker/deployment.yaml @@ -180,6 +180,8 @@ spec: {{- end }} {{- if .Values.worker.resources }} resources: {{- toYaml .Values.worker.resources | nindent 12 }} + {{- else if ne .Values.worker.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.worker.resourcesPreset) | nindent 12 }} {{- end }} ports: - name: http diff --git a/bitnami/concourse/templates/worker/statefulset.yaml b/bitnami/concourse/templates/worker/statefulset.yaml index e02e886e855bb9..f99df5df650bec 100644 --- a/bitnami/concourse/templates/worker/statefulset.yaml +++ b/bitnami/concourse/templates/worker/statefulset.yaml @@ -86,6 +86,8 @@ spec: {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: concourse-work-dir @@ -204,6 +206,8 @@ spec: {{- end }} {{- if .Values.worker.resources }} resources: {{- toYaml .Values.worker.resources | nindent 12 }} + {{- else if ne .Values.worker.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.worker.resourcesPreset) | nindent 12 }} {{- end }} ports: - name: http diff --git a/bitnami/concourse/values.yaml b/bitnami/concourse/values.yaml index 9d945e0b5b7b94..4a0b31374f427b 100644 --- a/bitnami/concourse/values.yaml +++ b/bitnami/concourse/values.yaml @@ -17,7 +17,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @param kubeVersion Override Kubernetes version @@ -41,7 +40,6 @@ commonAnnotations: {} ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - ## Enable diagnostic mode in the deployment(s)/statefulset(s) ## diagnosticMode: @@ -56,7 +54,6 @@ diagnosticMode: ## args: - infinity - ## @section Common Concourse Parameters ## Bitnami Concourse image @@ -86,7 +83,6 @@ image: ## - myRegistryKeySecretName ## pullSecrets: [] - ## For managing secrets using Helm ## secrets: @@ -233,9 +229,7 @@ secrets: ## @param secrets.workerAdditionalCerts Additional certificates to add to the worker nodes ## workerAdditionalCerts: "" - ## @section Concourse Web parameters - web: ## @param web.enabled Enable Concourse web component ## @@ -497,12 +491,21 @@ web: customStartupProbe: {} ## Concourse web resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param web.resources.limits The resources limits for the Concourse web containers - ## @param web.resources.requests The requested resources for the Concourse web containers - ## - resources: - limits: {} - requests: {} + ## @param web.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if web.resources is set (web.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param web.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param web.podSecurityContext.enabled Enabled web pods' Security Context @@ -673,7 +676,6 @@ web: ## @param web.serviceAccount.annotations Additional custom annotations for the ServiceAccount ## annotations: {} - ## @section Concourse Worker parameters ## worker: @@ -854,12 +856,21 @@ worker: customStartupProbe: {} ## Concourse worker resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param worker.resources.limits The resources limits for the Concourse worker containers - ## @param worker.resources.requests The requested resources for the Concourse worker containers - ## - resources: - limits: {} - requests: {} + ## @param worker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param worker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param worker.podSecurityContext.enabled Enabled worker pods' Security Context @@ -1117,10 +1128,7 @@ worker: ## @param worker.serviceAccount.annotations Additional custom annotations for the ServiceAccount ## annotations: {} - - ## @section Traffic exposure parameters - service: ## Concourse web service parameters ## @@ -1336,7 +1344,6 @@ ingress: ## name: http ## extraRules: [] - ## @section Init Container Parameters ## Init containers parameters: @@ -1369,12 +1376,21 @@ volumePermissions: pullSecrets: [] ## Init container resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param volumePermissions.resources.limits Init container volume-permissions resource limits - ## @param volumePermissions.resources.requests Init container volume-permissions resource requests - ## - resources: - limits: {} - requests: {} + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Init container' Security Context ## @param volumePermissions.containerSecurityContext.enabled Enabled init container Security Context ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container @@ -1387,7 +1403,6 @@ volumePermissions: runAsUser: 0 seccompProfile: type: "RuntimeDefault" - ## @section Concourse database parameters ## PostgreSQL chart configuration @@ -1409,7 +1424,6 @@ postgresql: database: bitnami_concourse existingSecret: "" architecture: standalone - ## @section External PostgreSQL configuration ## All of these values are only used when postgresql.enabled is set to false ## @param externalDatabase.host Database host From 6eb5a5611a1d5a349c5d77e68affe81f2278c388 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 13:31:41 +0100 Subject: [PATCH 013/129] [bitnami/apache] feat: :sparkles: :lock: Add resource preset support (#23428) * [bitnami/apache] feat: :sparkles: :lock: Add resource preset support Signed-off-by: Javier Salmeron Garcia * fix: :bug: Set value in correct spot Signed-off-by: Javier Salmeron Garcia --------- Signed-off-by: Javier Salmeron Garcia --- bitnami/apache/Chart.lock | 6 +- bitnami/apache/README.md | 261 ++++++++++++----------- bitnami/apache/templates/NOTES.txt | 1 + bitnami/apache/templates/deployment.yaml | 8 + bitnami/apache/values.yaml | 81 +++---- 5 files changed, 187 insertions(+), 170 deletions(-) diff --git a/bitnami/apache/Chart.lock b/bitnami/apache/Chart.lock index 2ecc49da6047d0..d9dd1b5adce907 100644 --- a/bitnami/apache/Chart.lock +++ b/bitnami/apache/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:5ccbe5f1fe4459864a8c9d7329c400b678666b6cfb1450818a830bda81995bc3 -generated: "2024-01-16T10:52:05.303545873Z" + version: 2.15.3 +digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 +generated: "2024-02-14T14:31:21.348826139+01:00" diff --git a/bitnami/apache/README.md b/bitnami/apache/README.md index 8b2a53a12fee1b..c7dd804775263d 100644 --- a/bitnami/apache/README.md +++ b/bitnami/apache/README.md @@ -78,103 +78,104 @@ The command removes all the Kubernetes components associated with the chart and ### Apache parameters -| Name | Description | Value | -| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------ | ------------------------ | -| `image.registry` | Apache image registry | `REGISTRY_NAME` | -| `image.repository` | Apache image repository | `REPOSITORY_NAME/apache` | -| `image.digest` | Apache image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `image.pullPolicy` | Apache image pull policy | `IfNotPresent` | -| `image.pullSecrets` | Apache image pull secrets | `[]` | -| `image.debug` | Enable image debug mode | `false` | -| `git.registry` | Git image registry | `REGISTRY_NAME` | -| `git.repository` | Git image name | `REPOSITORY_NAME/git` | -| `git.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `git.pullPolicy` | Git image pull policy | `IfNotPresent` | -| `git.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `replicaCount` | Number of replicas of the Apache deployment | `1` | -| `revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `affinity` | Affinity for pod assignment | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Tolerations for pod assignment | `[]` | -| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | -| `extraPodSpec` | Optionally specify extra PodSpec | `{}` | -| `cloneHtdocsFromGit.enabled` | Get the server static content from a git repository | `false` | -| `cloneHtdocsFromGit.repository` | Repository to clone static content from | `""` | -| `cloneHtdocsFromGit.branch` | Branch inside the git repository | `""` | -| `cloneHtdocsFromGit.enableAutoRefresh` | Enables an automatic git pull with a sidecar container | `true` | -| `cloneHtdocsFromGit.interval` | Interval for sidecar container pull from the repository | `60` | -| `cloneHtdocsFromGit.resources` | Init container git resource requests | `{}` | -| `cloneHtdocsFromGit.extraVolumeMounts` | Add extra volume mounts for the GIT containers | `[]` | -| `htdocsConfigMap` | Name of a config map with the server static content | `""` | -| `htdocsPVC` | Name of a PVC with the server static content | `""` | -| `vhostsConfigMap` | Name of a config map with the virtual hosts content | `""` | -| `httpdConfConfigMap` | Name of a config map with the httpd.conf file contents | `""` | -| `podLabels` | Extra labels for Apache pods | `{}` | -| `podAnnotations` | Pod annotations | `{}` | -| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `hostAliases` | Add deployment host aliases | `[]` | -| `priorityClassName` | Apache Server pods' priorityClassName | `""` | -| `schedulerName` | Name of the k8s scheduler (other than default) | `""` | -| `podSecurityContext.enabled` | Enabled Apache Server pods' Security Context | `true` | -| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `podSecurityContext.fsGroup` | Set Apache Server pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enabled Apache Server containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `containerSecurityContext.runAsUser` | Set Apache Server containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` | -| `containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | -| `containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` | -| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `command` | Override default container command (useful when using custom images) | `[]` | -| `args` | Override default container args (useful when using custom images) | `[]` | -| `lifecycleHooks` | for the Apache server container(s) to automate configuration before or after startup | `{}` | -| `resources.limits` | The resources limits for the container | `{}` | -| `resources.requests` | The requested resources for the container | `{}` | -| `startupProbe.enabled` | Enable startupProbe | `false` | -| `startupProbe.path` | Path to access on the HTTP server | `/` | -| `startupProbe.port` | Port for startupProbe | `http` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `180` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `20` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `livenessProbe.enabled` | Enable liveness probe | `true` | -| `livenessProbe.path` | Path to access on the HTTP server | `/` | -| `livenessProbe.port` | Port for livenessProbe | `http` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readiness probe | `true` | -| `readinessProbe.path` | Path to access on the HTTP server | `/` | -| `readinessProbe.port` | Port for readinessProbe | `http` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `customStartupProbe` | Custom liveness probe for the Web component | `{}` | -| `customLivenessProbe` | Custom liveness probe for the Web component | `{}` | -| `customReadinessProbe` | Custom rediness probe for the Web component | `{}` | -| `extraVolumes` | Array to add extra volumes (evaluated as a template) | `[]` | -| `extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes, evaluated as a template) | `[]` | -| `extraEnvVars` | Array to add extra environment variables | `[]` | -| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Apache server nodes | `""` | -| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Apache server nodes | `""` | -| `containerPorts.http` | Apache server HTTP container port | `8080` | -| `containerPorts.https` | Apache server HTTPS container port | `8443` | -| `initContainers` | Add additional init containers to the Apache pods | `[]` | -| `sidecars` | Add additional sidecar containers to the Apache pods | `[]` | -| `updateStrategy.type` | Apache Server deployment strategy type. | `RollingUpdate` | +| Name | Description | Value | +| --------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------ | +| `image.registry` | Apache image registry | `REGISTRY_NAME` | +| `image.repository` | Apache image repository | `REPOSITORY_NAME/apache` | +| `image.digest` | Apache image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `image.pullPolicy` | Apache image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Apache image pull secrets | `[]` | +| `image.debug` | Enable image debug mode | `false` | +| `git.registry` | Git image registry | `REGISTRY_NAME` | +| `git.repository` | Git image name | `REPOSITORY_NAME/git` | +| `git.digest` | Git image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `git.pullPolicy` | Git image pull policy | `IfNotPresent` | +| `git.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `replicaCount` | Number of replicas of the Apache deployment | `1` | +| `revisionHistoryLimit` | The number of old history to retain to allow rollback | `10` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `affinity` | Affinity for pod assignment | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Tolerations for pod assignment | `[]` | +| `topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template | `[]` | +| `extraPodSpec` | Optionally specify extra PodSpec | `{}` | +| `cloneHtdocsFromGit.enabled` | Get the server static content from a git repository | `false` | +| `cloneHtdocsFromGit.repository` | Repository to clone static content from | `""` | +| `cloneHtdocsFromGit.branch` | Branch inside the git repository | `""` | +| `cloneHtdocsFromGit.enableAutoRefresh` | Enables an automatic git pull with a sidecar container | `true` | +| `cloneHtdocsFromGit.interval` | Interval for sidecar container pull from the repository | `60` | +| `cloneHtdocsFromGit.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if cloneHtdocsFromGit.resources is set (cloneHtdocsFromGit.resources is recommended for production). | `none` | +| `cloneHtdocsFromGit.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `cloneHtdocsFromGit.extraVolumeMounts` | Add extra volume mounts for the GIT containers | `[]` | +| `htdocsConfigMap` | Name of a config map with the server static content | `""` | +| `htdocsPVC` | Name of a PVC with the server static content | `""` | +| `vhostsConfigMap` | Name of a config map with the virtual hosts content | `""` | +| `httpdConfConfigMap` | Name of a config map with the httpd.conf file contents | `""` | +| `podLabels` | Extra labels for Apache pods | `{}` | +| `podAnnotations` | Pod annotations | `{}` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `hostAliases` | Add deployment host aliases | `[]` | +| `priorityClassName` | Apache Server pods' priorityClassName | `""` | +| `schedulerName` | Name of the k8s scheduler (other than default) | `""` | +| `podSecurityContext.enabled` | Enabled Apache Server pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Set Apache Server pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled Apache Server containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `containerSecurityContext.runAsUser` | Set Apache Server containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `command` | Override default container command (useful when using custom images) | `[]` | +| `args` | Override default container args (useful when using custom images) | `[]` | +| `lifecycleHooks` | for the Apache server container(s) to automate configuration before or after startup | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `startupProbe.enabled` | Enable startupProbe | `false` | +| `startupProbe.path` | Path to access on the HTTP server | `/` | +| `startupProbe.port` | Port for startupProbe | `http` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `180` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `20` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `livenessProbe.enabled` | Enable liveness probe | `true` | +| `livenessProbe.path` | Path to access on the HTTP server | `/` | +| `livenessProbe.port` | Port for livenessProbe | `http` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `180` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `20` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readiness probe | `true` | +| `readinessProbe.path` | Path to access on the HTTP server | `/` | +| `readinessProbe.port` | Port for readinessProbe | `http` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `customStartupProbe` | Custom liveness probe for the Web component | `{}` | +| `customLivenessProbe` | Custom liveness probe for the Web component | `{}` | +| `customReadinessProbe` | Custom rediness probe for the Web component | `{}` | +| `extraVolumes` | Array to add extra volumes (evaluated as a template) | `[]` | +| `extraVolumeMounts` | Array to add extra mounts (normally used with extraVolumes, evaluated as a template) | `[]` | +| `extraEnvVars` | Array to add extra environment variables | `[]` | +| `extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Apache server nodes | `""` | +| `extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Apache server nodes | `""` | +| `containerPorts.http` | Apache server HTTP container port | `8080` | +| `containerPorts.https` | Apache server HTTPS container port | `8443` | +| `initContainers` | Add additional init containers to the Apache pods | `[]` | +| `sidecars` | Add additional sidecar containers to the Apache pods | `[]` | +| `updateStrategy.type` | Apache Server deployment strategy type. | `RollingUpdate` | ### Other Parameters @@ -223,36 +224,36 @@ The command removes all the Kubernetes components associated with the chart and ### Metrics Parameters -| Name | Description | Value | -| --------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | -| `metrics.enabled` | Start a sidecar prometheus exporter to expose Apache metrics | `false` | -| `metrics.image.registry` | Apache Exporter image registry | `REGISTRY_NAME` | -| `metrics.image.repository` | Apache Exporter image repository | `REPOSITORY_NAME/apache-exporter` | -| `metrics.image.digest` | Apache Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.image.pullPolicy` | Apache Exporter image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Apache Exporter image pull secrets | `[]` | -| `metrics.image.debug` | Apache Exporter image debug mode | `false` | -| `metrics.podAnnotations` | Additional custom annotations for Apache exporter service | `{}` | -| `metrics.resources.limits` | The resources limits for the container | `{}` | -| `metrics.resources.requests` | The requested resources for the container | `{}` | -| `metrics.containerPort` | Apache Prometheus Exporter container port | `9141` | -| `metrics.service.port` | Metrics service port | `9117` | -| `metrics.service.annotations` | Additional custom annotations for Metrics service | `{}` | -| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator PodMonitor (also requires `metrics.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace for the PodMonitor Resource (defaults to the Release Namespace) | `""` | -| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.labels` | Labels that can be used so PodMonitor will be discovered by Prometheus | `{}` | -| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | -| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | -| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` | -| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | -| `metrics.prometheusRule.labels` | Labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | -| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` | -| `serviceAccount.create` | Enable creation of ServiceAccount for WordPress pod | `true` | -| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | -| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | -| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | +| Name | Description | Value | +| --------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------- | +| `metrics.enabled` | Start a sidecar prometheus exporter to expose Apache metrics | `false` | +| `metrics.image.registry` | Apache Exporter image registry | `REGISTRY_NAME` | +| `metrics.image.repository` | Apache Exporter image repository | `REPOSITORY_NAME/apache-exporter` | +| `metrics.image.digest` | Apache Exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.image.pullPolicy` | Apache Exporter image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Apache Exporter image pull secrets | `[]` | +| `metrics.image.debug` | Apache Exporter image debug mode | `false` | +| `metrics.podAnnotations` | Additional custom annotations for Apache exporter service | `{}` | +| `metrics.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). | `none` | +| `metrics.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `metrics.containerPort` | Apache Prometheus Exporter container port | `9141` | +| `metrics.service.port` | Metrics service port | `9117` | +| `metrics.service.annotations` | Additional custom annotations for Metrics service | `{}` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator PodMonitor (also requires `metrics.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace for the PodMonitor Resource (defaults to the Release Namespace) | `""` | +| `metrics.serviceMonitor.interval` | Interval at which metrics should be scraped. | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.labels` | Labels that can be used so PodMonitor will be discovered by Prometheus | `{}` | +| `metrics.serviceMonitor.relabelings` | RelabelConfigs to apply to samples before scraping | `[]` | +| `metrics.serviceMonitor.metricRelabelings` | MetricRelabelConfigs to apply to samples before ingestion | `[]` | +| `metrics.prometheusRule.enabled` | if `true`, creates a Prometheus Operator PrometheusRule (also requires `metrics.enabled` to be `true` and `metrics.prometheusRule.rules`) | `false` | +| `metrics.prometheusRule.namespace` | Namespace for the PrometheusRule Resource (defaults to the Release Namespace) | `""` | +| `metrics.prometheusRule.labels` | Labels that can be used so PrometheusRule will be discovered by Prometheus | `{}` | +| `metrics.prometheusRule.rules` | Prometheus Rule definitions | `[]` | +| `serviceAccount.create` | Enable creation of ServiceAccount for WordPress pod | `true` | +| `serviceAccount.name` | The name of the ServiceAccount to use. | `""` | +| `serviceAccount.automountServiceAccountToken` | Allows auto mount of ServiceAccountToken on the serviceAccount created | `false` | +| `serviceAccount.annotations` | Additional custom annotations for the ServiceAccount | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -277,6 +278,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/apach ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/apache/templates/NOTES.txt b/bitnami/apache/templates/NOTES.txt index d48a36c14e73a2..b4a1027800514a 100644 --- a/bitnami/apache/templates/NOTES.txt +++ b/bitnami/apache/templates/NOTES.txt @@ -43,3 +43,4 @@ WARNING: Rolling tag detected ({{ .Values.image.repository }}:{{ .Values.image.t {{- end }} {{ include "apache.validateValues" . }} +{{- include "common.warnings.resources" (dict "sections" (list "cloneHtdocsFromGit" "metrics" "") "context" $) }} diff --git a/bitnami/apache/templates/deployment.yaml b/bitnami/apache/templates/deployment.yaml index dda022da931f25..6edd033edbc22f 100644 --- a/bitnami/apache/templates/deployment.yaml +++ b/bitnami/apache/templates/deployment.yaml @@ -82,6 +82,8 @@ spec: git clone {{ .Values.cloneHtdocsFromGit.repository }} --branch {{ .Values.cloneHtdocsFromGit.branch }} /tmp/repo [[ "$?" -eq 0 ]] && rm -rf /app/* && mv /tmp/repo/* /app/ resources: {{- toYaml .Values.cloneHtdocsFromGit.resources | nindent 12 }} + {{- else if ne .Values.cloneHtdocsFromGit.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.cloneHtdocsFromGit.resourcesPreset) | nindent 12 }} volumeMounts: - name: htdocs mountPath: /app @@ -108,6 +110,8 @@ spec: sleep {{ .Values.cloneHtdocsFromGit.interval }} done resources: {{- toYaml .Values.cloneHtdocsFromGit.resources | nindent 12 }} + {{- else if ne .Values.cloneHtdocsFromGit.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.cloneHtdocsFromGit.resourcesPreset) | nindent 12 }} volumeMounts: - name: htdocs mountPath: /app @@ -195,6 +199,8 @@ spec: {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: {{- if (include "apache.useHtdocs" .) }} @@ -238,6 +244,8 @@ spec: timeoutSeconds: 1 {{- if .Values.metrics.resources }} resources: {{- toYaml .Values.metrics.resources | nindent 12 }} + {{- else if ne .Values.metrics.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} {{- end }} {{- end }} {{- if .Values.sidecars }} diff --git a/bitnami/apache/values.yaml b/bitnami/apache/values.yaml index 74f7e88a769c0b..45d29e50736f3e 100644 --- a/bitnami/apache/values.yaml +++ b/bitnami/apache/values.yaml @@ -18,7 +18,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @param kubeVersion Override Kubernetes version @@ -39,7 +38,6 @@ commonAnnotations: {} ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - ## @section Apache parameters ## Bitnami Apache image @@ -153,7 +151,17 @@ extraPodSpec: {} ## @param cloneHtdocsFromGit.branch Branch inside the git repository ## @param cloneHtdocsFromGit.enableAutoRefresh Enables an automatic git pull with a sidecar container ## @param cloneHtdocsFromGit.interval Interval for sidecar container pull from the repository -## @param cloneHtdocsFromGit.resources Init container git resource requests +## @param cloneHtdocsFromGit.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if cloneHtdocsFromGit.resources is set (cloneHtdocsFromGit.resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## @param cloneHtdocsFromGit.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi ## @param cloneHtdocsFromGit.extraVolumeMounts Add extra volume mounts for the GIT containers ## cloneHtdocsFromGit: @@ -162,6 +170,7 @@ cloneHtdocsFromGit: branch: "" enableAutoRefresh: true interval: 60 + resourcesPreset: "none" resources: {} ## Useful to mount keys to connect through ssh. (normally used with extraVolumes) ## E.g: @@ -260,20 +269,21 @@ lifecycleHooks: {} ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. -## @param resources.limits The resources limits for the container -## @param resources.requests The requested resources for the container +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## -resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} +resourcesPreset: "none" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} ## Configure extra options for containers' liveness and readiness probes ## Configure extra options for Apache server containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes) @@ -384,7 +394,6 @@ initContainers: [] ## containerPort: 1234 ## sidecars: [] - ## @param updateStrategy.type Apache Server deployment strategy type. ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy ## e.g: @@ -396,7 +405,6 @@ sidecars: [] ## updateStrategy: type: RollingUpdate - ## @section Other Parameters ## Apache Pod Disruption Budget configuration @@ -409,7 +417,6 @@ pdb: create: false minAvailable: 1 maxUnavailable: "" - ## Apache Autoscaling parameters ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ ## @param autoscaling.enabled Enable Horizontal POD autoscaling for Apache @@ -424,7 +431,6 @@ autoscaling: maxReplicas: 11 targetCPU: 50 targetMemory: 50 - ## @section Traffic Exposure Parameters ## Apache service parameters @@ -492,11 +498,9 @@ ingress: ## @param ingress.enabled Enable ingress record generation for Apache ## enabled: false - ## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm ## selfSigned: false - ## @param ingress.pathType Ingress path type ## pathType: ImplementationSpecific @@ -536,7 +540,6 @@ ingress: ## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true` ## tls: false - ## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record ## e.g: ## extraHosts: @@ -596,9 +599,7 @@ ingress: ## name: http ## extraRules: [] - ## @section Metrics Parameters - metrics: ## @param metrics.enabled Start a sidecar prometheus exporter to expose Apache metrics ## @@ -641,20 +642,21 @@ metrics: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param metrics.resources.limits The resources limits for the container - ## @param metrics.resources.requests The requested resources for the container - ## - resources: - ## Example: - ## limits: - ## cpu: 100m - ## memory: 128Mi - limits: {} - ## Examples: - ## requests: - ## cpu: 100m - ## memory: 128Mi - requests: {} + ## @param metrics.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.resources is set (metrics.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param metrics.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param metrics.containerPort Apache Prometheus Exporter container port ## containerPort: 9141 @@ -721,7 +723,6 @@ metrics: ## summary: Apache instance is down. ## rules: [] - ## Service Account ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-service-account/ ## From d5e62ae1d2218e5c06e8f206d54981e2805dec1c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 14:21:49 +0100 Subject: [PATCH 014/129] [bitnami/jaeger] feat: :sparkles: :lock: Add resource preset support (#23463) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [bitnami/jaeger] feat: :sparkles: :lock: Add resource preset support Signed-off-by: Javier Salmeron Garcia * Update bitnami/jaeger/Chart.yaml Co-authored-by: Celia Garcia <61272496+CeliaGMqrz@users.noreply.github.com> Signed-off-by: Javier J. Salmerón-García --------- Signed-off-by: Javier Salmeron Garcia Signed-off-by: Javier J. Salmerón-García Co-authored-by: Celia Garcia <61272496+CeliaGMqrz@users.noreply.github.com> --- bitnami/jaeger/Chart.lock | 6 +- bitnami/jaeger/Chart.yaml | 2 +- bitnami/jaeger/README.md | 674 +++++++++--------- bitnami/jaeger/templates/NOTES.txt | 1 + .../jaeger/templates/agent/deployment.yaml | 2 + .../templates/collector/deployment.yaml | 2 + bitnami/jaeger/templates/migrate-job.yaml | 2 + .../jaeger/templates/query/deployment.yaml | 2 + bitnami/jaeger/values.yaml | 138 ++-- 9 files changed, 413 insertions(+), 416 deletions(-) diff --git a/bitnami/jaeger/Chart.lock b/bitnami/jaeger/Chart.lock index 82e58e2d16a898..d73624150565ea 100644 --- a/bitnami/jaeger/Chart.lock +++ b/bitnami/jaeger/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 + version: 2.15.3 - name: cassandra repository: oci://registry-1.docker.io/bitnamicharts version: 10.9.0 -digest: sha256:1780aefcdf38c52ae91970aa738246b604ceb3ecc6dcfb624ce3954cd0f6bc94 -generated: "2024-02-09T16:38:23.337809793Z" +digest: sha256:094cd7fa0288992ebb1d71bdd576c493cc28f3e0c4fbeeb9649dc1548aeef1db +generated: "2024-02-14T15:04:17.888586767+01:00" diff --git a/bitnami/jaeger/Chart.yaml b/bitnami/jaeger/Chart.yaml index 291cd7eb26742a..0e0bb4b35a4de8 100644 --- a/bitnami/jaeger/Chart.yaml +++ b/bitnami/jaeger/Chart.yaml @@ -34,4 +34,4 @@ maintainers: name: jaeger sources: - https://github.com/bitnami/charts/tree/main/bitnami/jaeger -version: 1.9.0 +version: 1.10.0 diff --git a/bitnami/jaeger/README.md b/bitnami/jaeger/README.md index 4800b5464ccfb9..f90efbf7efa511 100644 --- a/bitnami/jaeger/README.md +++ b/bitnami/jaeger/README.md @@ -89,346 +89,346 @@ The command removes all the Kubernetes components associated with the chart and ### Query deployment parameters -| Name | Description | Value | -| --------------------------------------------------------- | ----------------------------------------------------------------------------------------- | ---------------- | -| `query.command` | Command for running the container (set to default if not set). Use array form | `[]` | -| `query.args` | Args for running the container (set to default if not set). Use array form | `[]` | -| `query.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `query.hostAliases` | Set pod host aliases | `[]` | -| `query.lifecycleHooks` | Override default etcd container hooks | `{}` | -| `query.extraEnvVars` | Extra environment variables to be set on jaeger container | `[]` | -| `query.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `query.extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | -| `query.replicaCount` | Number of Jaeger replicas | `1` | -| `query.livenessProbe.enabled` | Enable livenessProbe on Query nodes | `true` | -| `query.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `query.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `query.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `query.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `query.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `query.startupProbe.enabled` | Enable startupProbe on Query containers | `false` | -| `query.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `query.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `query.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `query.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `query.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `query.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `query.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `query.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `query.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `query.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `15` | -| `query.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `query.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `query.customStartupProbe` | Override default startup probe | `{}` | -| `query.customReadinessProbe` | Override default readiness probe | `{}` | -| `query.resources.limits` | The resources limits for Jaeger containers | `{}` | -| `query.resources.requests` | The requested resources for Jaeger containers | `{}` | -| `query.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for jaeger container | `[]` | -| `query.containerPorts.api` | Port for API | `16686` | -| `query.containerPorts.admin` | Port for admin | `16687` | -| `query.service.type` | Jaeger service type | `ClusterIP` | -| `query.service.ports.api` | Port for API | `16686` | -| `query.service.ports.admin` | Port for admin | `16687` | -| `query.service.nodePorts.api` | Node port for API | `""` | -| `query.service.nodePorts.admin` | Node port for admin | `""` | -| `query.service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | -| `query.service.loadBalancerIP` | LoadBalancerIP if service type is `LoadBalancer` | `""` | -| `query.service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | -| `query.service.clusterIP` | Service Cluster IP | `""` | -| `query.service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | -| `query.service.annotations` | Provide any additional annotations which may be required. | `{}` | -| `query.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `query.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `query.service.metrics.annotations` | Annotations for Prometheus metrics | `{}` | -| `query.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `query.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `query.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `query.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `query.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `query.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `query.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `query.serviceAccount.create` | Enables ServiceAccount | `true` | -| `query.serviceAccount.name` | ServiceAccount name | `""` | -| `query.serviceAccount.annotations` | Annotations to add to all deployed objects | `{}` | -| `query.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | -| `query.podSecurityContext.enabled` | Enabled Jaeger pods' Security Context | `true` | -| `query.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `query.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `query.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `query.podSecurityContext.fsGroup` | Set Jaeger pod's Security Context fsGroup | `1001` | -| `query.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `query.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `query.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `query.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `query.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `query.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `query.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `query.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `query.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `query.podAnnotations` | Additional pod annotations | `{}` | -| `query.podLabels` | Additional pod labels | `{}` | -| `query.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `query.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `query.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `query.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `query.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `query.priorityClassName` | Server priorityClassName | `""` | -| `query.affinity` | Affinity for pod assignment | `{}` | -| `query.nodeSelector` | Node labels for pod assignment | `{}` | -| `query.tolerations` | Tolerations for pod assignment | `[]` | -| `query.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `query.schedulerName` | Alternative scheduler | `""` | -| `query.updateStrategy.type` | Jaeger query deployment strategy type | `RollingUpdate` | -| `query.updateStrategy.rollingUpdate` | Jaeger query deployment rolling update configuration parameters | `{}` | -| `query.extraVolumes` | Optionally specify extra list of additional volumes for jaeger container | `[]` | -| `query.initContainers` | Add additional init containers to the jaeger pods | `[]` | -| `query.sidecars` | Add additional sidecar containers to the jaeger pods | `[]` | +| Name | Description | Value | +| --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `query.command` | Command for running the container (set to default if not set). Use array form | `[]` | +| `query.args` | Args for running the container (set to default if not set). Use array form | `[]` | +| `query.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `query.hostAliases` | Set pod host aliases | `[]` | +| `query.lifecycleHooks` | Override default etcd container hooks | `{}` | +| `query.extraEnvVars` | Extra environment variables to be set on jaeger container | `[]` | +| `query.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `query.extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | +| `query.replicaCount` | Number of Jaeger replicas | `1` | +| `query.livenessProbe.enabled` | Enable livenessProbe on Query nodes | `true` | +| `query.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `query.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `query.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `query.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `query.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `query.startupProbe.enabled` | Enable startupProbe on Query containers | `false` | +| `query.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `query.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `query.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `query.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `query.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `query.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `query.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `query.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `query.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `query.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `15` | +| `query.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `query.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `query.customStartupProbe` | Override default startup probe | `{}` | +| `query.customReadinessProbe` | Override default readiness probe | `{}` | +| `query.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if query.resources is set (query.resources is recommended for production). | `none` | +| `query.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `query.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for jaeger container | `[]` | +| `query.containerPorts.api` | Port for API | `16686` | +| `query.containerPorts.admin` | Port for admin | `16687` | +| `query.service.type` | Jaeger service type | `ClusterIP` | +| `query.service.ports.api` | Port for API | `16686` | +| `query.service.ports.admin` | Port for admin | `16687` | +| `query.service.nodePorts.api` | Node port for API | `""` | +| `query.service.nodePorts.admin` | Node port for admin | `""` | +| `query.service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | +| `query.service.loadBalancerIP` | LoadBalancerIP if service type is `LoadBalancer` | `""` | +| `query.service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | +| `query.service.clusterIP` | Service Cluster IP | `""` | +| `query.service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | +| `query.service.annotations` | Provide any additional annotations which may be required. | `{}` | +| `query.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `query.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `query.service.metrics.annotations` | Annotations for Prometheus metrics | `{}` | +| `query.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `query.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `query.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `query.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `query.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `query.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `query.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `query.serviceAccount.create` | Enables ServiceAccount | `true` | +| `query.serviceAccount.name` | ServiceAccount name | `""` | +| `query.serviceAccount.annotations` | Annotations to add to all deployed objects | `{}` | +| `query.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | +| `query.podSecurityContext.enabled` | Enabled Jaeger pods' Security Context | `true` | +| `query.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `query.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `query.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `query.podSecurityContext.fsGroup` | Set Jaeger pod's Security Context fsGroup | `1001` | +| `query.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `query.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `query.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `query.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `query.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `query.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `query.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `query.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `query.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `query.podAnnotations` | Additional pod annotations | `{}` | +| `query.podLabels` | Additional pod labels | `{}` | +| `query.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `query.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `query.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `query.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `query.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `query.priorityClassName` | Server priorityClassName | `""` | +| `query.affinity` | Affinity for pod assignment | `{}` | +| `query.nodeSelector` | Node labels for pod assignment | `{}` | +| `query.tolerations` | Tolerations for pod assignment | `[]` | +| `query.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `query.schedulerName` | Alternative scheduler | `""` | +| `query.updateStrategy.type` | Jaeger query deployment strategy type | `RollingUpdate` | +| `query.updateStrategy.rollingUpdate` | Jaeger query deployment rolling update configuration parameters | `{}` | +| `query.extraVolumes` | Optionally specify extra list of additional volumes for jaeger container | `[]` | +| `query.initContainers` | Add additional init containers to the jaeger pods | `[]` | +| `query.sidecars` | Add additional sidecar containers to the jaeger pods | `[]` | ### Collector deployment parameters -| Name | Description | Value | -| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------ | ---------------- | -| `collector.command` | Command for running the container (set to default if not set). Use array form | `[]` | -| `collector.args` | Args for running the container (set to default if not set). Use array form | `[]` | -| `collector.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `collector.hostAliases` | Set pod host aliases | `[]` | -| `collector.lifecycleHooks` | Override default etcd container hooks | `{}` | -| `collector.extraEnvVars` | Extra environment variables to be set on jaeger container | `[]` | -| `collector.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `collector.extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | -| `collector.replicaCount` | Number of Jaeger replicas | `1` | -| `collector.livenessProbe.enabled` | Enable livenessProbe on collector nodes | `true` | -| `collector.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `collector.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `collector.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `collector.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `collector.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `collector.startupProbe.enabled` | Enable startupProbe on collector containers | `false` | -| `collector.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `collector.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `collector.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `collector.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `collector.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `collector.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `collector.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `collector.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `collector.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `collector.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `15` | -| `collector.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `collector.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `collector.customStartupProbe` | Override default startup probe | `{}` | -| `collector.customReadinessProbe` | Override default readiness probe | `{}` | -| `collector.resources.limits` | The resources limits for Jaeger containers | `{}` | -| `collector.resources.requests` | The requested resources for Jaeger containers | `{}` | -| `collector.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for jaeger container | `[]` | -| `collector.containerPorts.zipkin` | can accept Zipkin spans in Thrift, JSON and Proto (disabled by default) | `9411` | -| `collector.containerPorts.grpc` | used by jaeger-agent to send spans in model.proto format | `14250` | -| `collector.containerPorts.binary` | can accept spans directly from clients in jaeger.thrift format over binary thrift protocol | `14268` | -| `collector.containerPorts.admin` | Admin port: health check at / and metrics at /metrics | `14269` | -| `collector.containerPorts.otlp.grpc` | Accepts traces in OpenTelemetry OTLP format over gRPC | `4317` | -| `collector.containerPorts.otlp.http` | Accepts traces in OpenTelemetry OTLP format over HTTP | `4318` | -| `collector.service.type` | Jaeger service type | `ClusterIP` | -| `collector.service.ports.zipkin` | can accept Zipkin spans in Thrift, JSON and Proto (disabled by default) | `9411` | -| `collector.service.ports.grpc` | used by jaeger-agent to send spans in model.proto format | `14250` | -| `collector.service.ports.binary` | can accept spans directly from clients in jaeger.thrift format over binary thrift protocol | `14268` | -| `collector.service.ports.admin` | Admin port: health check at / and metrics at /metrics | `14269` | -| `collector.service.ports.otlp.grpc` | Accepts traces in OpenTelemetry OTLP format over gRPC | `4317` | -| `collector.service.ports.otlp.http` | Accepts traces in OpenTelemetry OTLP format over HTTP | `4318` | -| `collector.service.nodePorts.zipkin` | can accept Zipkin spans in Thrift, JSON and Proto (disabled by default) | `""` | -| `collector.service.nodePorts.grpc` | used by jaeger-agent to send spans in model.proto format | `""` | -| `collector.service.nodePorts.binary` | can accept spans directly from clients in jaeger.thrift format over binary thrift protocol | `""` | -| `collector.service.nodePorts.admin` | Admin port: health check at / and metrics at /metrics | `""` | -| `collector.service.nodePorts.otlp.grpc` | Accepts traces in OpenTelemetry OTLP format over gRPC | `""` | -| `collector.service.nodePorts.otlp.http` | Accepts traces in OpenTelemetry OTLP format over HTTP | `""` | -| `collector.service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | -| `collector.service.loadBalancerIP` | LoadBalancerIP if service type is `LoadBalancer` | `""` | -| `collector.service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | -| `collector.service.clusterIP` | Service Cluster IP | `""` | -| `collector.service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | -| `collector.service.annotations` | Provide any additional annotations which may be required. | `{}` | -| `collector.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `collector.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `collector.service.metrics.annotations` | Annotations for Prometheus metrics | `{}` | -| `collector.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `collector.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `collector.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `collector.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `collector.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `collector.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `collector.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `collector.serviceAccount.create` | Enables ServiceAccount | `true` | -| `collector.serviceAccount.name` | ServiceAccount name | `""` | -| `collector.serviceAccount.annotations` | Annotations to add to all deployed objects | `{}` | -| `collector.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | -| `collector.podSecurityContext.enabled` | Enabled Jaeger pods' Security Context | `true` | -| `collector.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `collector.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `collector.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `collector.podSecurityContext.fsGroup` | Set Jaeger pod's Security Context fsGroup | `1001` | -| `collector.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `collector.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `collector.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `collector.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `collector.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `collector.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `collector.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `collector.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `collector.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `collector.podAnnotations` | Additional pod annotations | `{}` | -| `collector.podLabels` | Additional pod labels | `{}` | -| `collector.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `collector.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `collector.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `collector.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `collector.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `collector.priorityClassName` | Server priorityClassName | `""` | -| `collector.affinity` | Affinity for pod assignment | `{}` | -| `collector.nodeSelector` | Node labels for pod assignment | `{}` | -| `collector.tolerations` | Tolerations for pod assignment | `[]` | -| `collector.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `collector.schedulerName` | Alternative scheduler | `""` | -| `collector.updateStrategy.type` | Jaeger collector deployment strategy type | `RollingUpdate` | -| `collector.updateStrategy.rollingUpdate` | Jaeger collector deployment rolling update configuration parameters | `{}` | -| `collector.extraVolumes` | Optionally specify extra list of additional volumes for jaeger container | `[]` | -| `collector.initContainers` | Add additional init containers to the jaeger pods | `[]` | -| `collector.sidecars` | Add additional sidecar containers to the jaeger pods | `[]` | +| Name | Description | Value | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------- | +| `collector.command` | Command for running the container (set to default if not set). Use array form | `[]` | +| `collector.args` | Args for running the container (set to default if not set). Use array form | `[]` | +| `collector.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `collector.hostAliases` | Set pod host aliases | `[]` | +| `collector.lifecycleHooks` | Override default etcd container hooks | `{}` | +| `collector.extraEnvVars` | Extra environment variables to be set on jaeger container | `[]` | +| `collector.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `collector.extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | +| `collector.replicaCount` | Number of Jaeger replicas | `1` | +| `collector.livenessProbe.enabled` | Enable livenessProbe on collector nodes | `true` | +| `collector.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `collector.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `collector.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `collector.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `collector.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `collector.startupProbe.enabled` | Enable startupProbe on collector containers | `false` | +| `collector.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `collector.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `collector.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `collector.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `collector.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `collector.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `collector.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `collector.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `collector.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `collector.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `15` | +| `collector.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `collector.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `collector.customStartupProbe` | Override default startup probe | `{}` | +| `collector.customReadinessProbe` | Override default readiness probe | `{}` | +| `collector.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if collector.resources is set (collector.resources is recommended for production). | `none` | +| `collector.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `collector.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for jaeger container | `[]` | +| `collector.containerPorts.zipkin` | can accept Zipkin spans in Thrift, JSON and Proto (disabled by default) | `9411` | +| `collector.containerPorts.grpc` | used by jaeger-agent to send spans in model.proto format | `14250` | +| `collector.containerPorts.binary` | can accept spans directly from clients in jaeger.thrift format over binary thrift protocol | `14268` | +| `collector.containerPorts.admin` | Admin port: health check at / and metrics at /metrics | `14269` | +| `collector.containerPorts.otlp.grpc` | Accepts traces in OpenTelemetry OTLP format over gRPC | `4317` | +| `collector.containerPorts.otlp.http` | Accepts traces in OpenTelemetry OTLP format over HTTP | `4318` | +| `collector.service.type` | Jaeger service type | `ClusterIP` | +| `collector.service.ports.zipkin` | can accept Zipkin spans in Thrift, JSON and Proto (disabled by default) | `9411` | +| `collector.service.ports.grpc` | used by jaeger-agent to send spans in model.proto format | `14250` | +| `collector.service.ports.binary` | can accept spans directly from clients in jaeger.thrift format over binary thrift protocol | `14268` | +| `collector.service.ports.admin` | Admin port: health check at / and metrics at /metrics | `14269` | +| `collector.service.ports.otlp.grpc` | Accepts traces in OpenTelemetry OTLP format over gRPC | `4317` | +| `collector.service.ports.otlp.http` | Accepts traces in OpenTelemetry OTLP format over HTTP | `4318` | +| `collector.service.nodePorts.zipkin` | can accept Zipkin spans in Thrift, JSON and Proto (disabled by default) | `""` | +| `collector.service.nodePorts.grpc` | used by jaeger-agent to send spans in model.proto format | `""` | +| `collector.service.nodePorts.binary` | can accept spans directly from clients in jaeger.thrift format over binary thrift protocol | `""` | +| `collector.service.nodePorts.admin` | Admin port: health check at / and metrics at /metrics | `""` | +| `collector.service.nodePorts.otlp.grpc` | Accepts traces in OpenTelemetry OTLP format over gRPC | `""` | +| `collector.service.nodePorts.otlp.http` | Accepts traces in OpenTelemetry OTLP format over HTTP | `""` | +| `collector.service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | +| `collector.service.loadBalancerIP` | LoadBalancerIP if service type is `LoadBalancer` | `""` | +| `collector.service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | +| `collector.service.clusterIP` | Service Cluster IP | `""` | +| `collector.service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | +| `collector.service.annotations` | Provide any additional annotations which may be required. | `{}` | +| `collector.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `collector.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `collector.service.metrics.annotations` | Annotations for Prometheus metrics | `{}` | +| `collector.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `collector.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `collector.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `collector.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `collector.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `collector.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `collector.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `collector.serviceAccount.create` | Enables ServiceAccount | `true` | +| `collector.serviceAccount.name` | ServiceAccount name | `""` | +| `collector.serviceAccount.annotations` | Annotations to add to all deployed objects | `{}` | +| `collector.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | +| `collector.podSecurityContext.enabled` | Enabled Jaeger pods' Security Context | `true` | +| `collector.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `collector.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `collector.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `collector.podSecurityContext.fsGroup` | Set Jaeger pod's Security Context fsGroup | `1001` | +| `collector.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `collector.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `collector.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `collector.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `collector.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `collector.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `collector.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `collector.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `collector.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `collector.podAnnotations` | Additional pod annotations | `{}` | +| `collector.podLabels` | Additional pod labels | `{}` | +| `collector.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `collector.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `collector.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `collector.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `collector.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `collector.priorityClassName` | Server priorityClassName | `""` | +| `collector.affinity` | Affinity for pod assignment | `{}` | +| `collector.nodeSelector` | Node labels for pod assignment | `{}` | +| `collector.tolerations` | Tolerations for pod assignment | `[]` | +| `collector.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `collector.schedulerName` | Alternative scheduler | `""` | +| `collector.updateStrategy.type` | Jaeger collector deployment strategy type | `RollingUpdate` | +| `collector.updateStrategy.rollingUpdate` | Jaeger collector deployment rolling update configuration parameters | `{}` | +| `collector.extraVolumes` | Optionally specify extra list of additional volumes for jaeger container | `[]` | +| `collector.initContainers` | Add additional init containers to the jaeger pods | `[]` | +| `collector.sidecars` | Add additional sidecar containers to the jaeger pods | `[]` | ### agent deployment parameters -| Name | Description | Value | -| ------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------- | ---------------- | -| `agent.command` | Command for running the container (set to default if not set). Use array form | `[]` | -| `agent.args` | Args for running the container (set to default if not set). Use array form | `[]` | -| `agent.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `agent.hostAliases` | Set pod host aliases | `[]` | -| `agent.lifecycleHooks` | Override default etcd container hooks | `{}` | -| `agent.extraEnvVars` | Extra environment variables to be set on jaeger container | `[]` | -| `agent.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `agent.extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | -| `agent.replicaCount` | Number of Jaeger replicas | `1` | -| `agent.livenessProbe.enabled` | Enable livenessProbe on agent nodes | `true` | -| `agent.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `agent.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `agent.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `agent.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `agent.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `agent.startupProbe.enabled` | Enable startupProbe on agent containers | `false` | -| `agent.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `agent.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `agent.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `agent.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `agent.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `agent.readinessProbe.enabled` | Enable readinessProbe | `true` | -| `agent.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `agent.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `agent.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `agent.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `15` | -| `agent.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `agent.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `agent.customStartupProbe` | Override default startup probe | `{}` | -| `agent.customReadinessProbe` | Override default readiness probe | `{}` | -| `agent.resources.limits` | The resources limits for Jaeger containers | `{}` | -| `agent.resources.requests` | The requested resources for Jaeger containers | `{}` | -| `agent.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for jaeger container | `[]` | -| `agent.containerPorts.compact` | accept jaeger.thrift in compact Thrift protocol used by most current Jaeger clients | `6831` | -| `agent.containerPorts.binary` | accept jaeger.thrift in binary Thrift protocol used by Node.js Jaeger client | `6832` | -| `agent.containerPorts.config` | Serve configs, sampling strategies | `5778` | -| `agent.containerPorts.zipkin` | Accept zipkin.thrift in compact Thrift protocol (deprecated; only used by very old Jaeger clients, circa 2016) | `5775` | -| `agent.containerPorts.admin` | Admin port: health check at / and metrics at /metrics | `14271` | -| `agent.service.type` | Jaeger service type | `ClusterIP` | -| `agent.service.ports.compact` | accept jaeger.thrift in compact Thrift protocol used by most current Jaeger clients | `6831` | -| `agent.service.ports.binary` | accept jaeger.thrift in binary Thrift protocol used by Node.js Jaeger client | `6832` | -| `agent.service.ports.config` | Serve configs, sampling strategies | `5778` | -| `agent.service.ports.zipkin` | Accept zipkin.thrift in compact Thrift protocol (deprecated; only used by very old Jaeger clients, circa 2016) | `5775` | -| `agent.service.ports.admin` | Admin port: health check at / and metrics at /metrics | `14271` | -| `agent.service.nodePorts.compact` | accept jaeger.thrift in compact Thrift protocol used by most current Jaeger clients | `""` | -| `agent.service.nodePorts.binary` | accept jaeger.thrift in binary Thrift protocol used by Node.js Jaeger client | `""` | -| `agent.service.nodePorts.config` | Serve configs, sampling strategies | `""` | -| `agent.service.nodePorts.zipkin` | Accept zipkin.thrift in compact Thrift protocol (deprecated; only used by very old Jaeger clients, circa 2016) | `""` | -| `agent.service.nodePorts.admin` | Admin port: health check at / and metrics at /metrics | `""` | -| `agent.service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | -| `agent.service.loadBalancerIP` | LoadBalancerIP if service type is `LoadBalancer` | `""` | -| `agent.service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | -| `agent.service.clusterIP` | Service Cluster IP | `""` | -| `agent.service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | -| `agent.service.annotations` | Provide any additional annotations which may be required. | `{}` | -| `agent.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | -| `agent.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `agent.service.metrics.annotations` | Annotations for Prometheus metrics | `{}` | -| `agent.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `agent.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `agent.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `agent.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `agent.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `agent.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `agent.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `agent.serviceAccount.create` | Enables ServiceAccount | `true` | -| `agent.serviceAccount.name` | ServiceAccount name | `""` | -| `agent.serviceAccount.annotations` | Annotations to add to all deployed objects | `{}` | -| `agent.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | -| `agent.podSecurityContext.enabled` | Enabled Jaeger pods' Security Context | `true` | -| `agent.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `agent.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `agent.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `agent.podSecurityContext.fsGroup` | Set Jaeger pod's Security Context fsGroup | `1001` | -| `agent.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `agent.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `agent.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `agent.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `agent.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `agent.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `agent.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `agent.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `agent.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `agent.podAnnotations` | Additional pod annotations | `{}` | -| `agent.podLabels` | Additional pod labels | `{}` | -| `agent.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `agent.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `agent.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `agent.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `agent.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `agent.priorityClassName` | Server priorityClassName | `""` | -| `agent.affinity` | Affinity for pod assignment | `{}` | -| `agent.nodeSelector` | Node labels for pod assignment | `{}` | -| `agent.tolerations` | Tolerations for pod assignment | `[]` | -| `agent.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | -| `agent.schedulerName` | Alternative scheduler | `""` | -| `agent.updateStrategy.type` | Jaeger agent deployment strategy type | `RollingUpdate` | -| `agent.updateStrategy.rollingUpdate` | Jaeger agent deployment rolling update configuration parameters | `{}` | -| `agent.extraVolumes` | Optionally specify extra list of additional volumes for jaeger container | `[]` | -| `agent.initContainers` | Add additional init containers to the jaeger pods | `[]` | -| `agent.sidecars` | Add additional sidecar containers to the jaeger pods | `[]` | -| `migration.podLabels` | Additional pod labels | `{}` | -| `migration.podAnnotations` | Additional pod annotations | `{}` | -| `migration.annotations` | Provide any additional annotations which may be required. | `{}` | -| `migration.podSecurityContext.enabled` | Enabled Jaeger pods' Security Context | `true` | -| `migration.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `migration.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `migration.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `migration.podSecurityContext.fsGroup` | Set Jaeger pod's Security Context fsGroup | `1001` | -| `migration.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `migration.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `migration.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `migration.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `migration.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `migration.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `migration.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `migration.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `migration.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `migration.extraEnvVars` | Extra environment variables to be set on jaeger migration container | `[]` | -| `migration.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | -| `migration.extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | -| `migration.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for jaeger container | `[]` | -| `migration.resources.limits` | The resources limits for Jaeger containers | `{}` | -| `migration.resources.requests` | The requested resources for Jaeger containers | `{}` | -| `migration.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `migration.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `migration.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `migration.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `migration.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `migration.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `migration.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `migration.extraVolumes` | Optionally specify extra list of additional volumes for jaeger container | `[]` | +| Name | Description | Value | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------- | +| `agent.command` | Command for running the container (set to default if not set). Use array form | `[]` | +| `agent.args` | Args for running the container (set to default if not set). Use array form | `[]` | +| `agent.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `agent.hostAliases` | Set pod host aliases | `[]` | +| `agent.lifecycleHooks` | Override default etcd container hooks | `{}` | +| `agent.extraEnvVars` | Extra environment variables to be set on jaeger container | `[]` | +| `agent.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `agent.extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | +| `agent.replicaCount` | Number of Jaeger replicas | `1` | +| `agent.livenessProbe.enabled` | Enable livenessProbe on agent nodes | `true` | +| `agent.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `agent.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `agent.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `agent.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `agent.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `agent.startupProbe.enabled` | Enable startupProbe on agent containers | `false` | +| `agent.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `agent.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `agent.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `agent.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `agent.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `agent.readinessProbe.enabled` | Enable readinessProbe | `true` | +| `agent.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `agent.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `agent.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `agent.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `15` | +| `agent.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `agent.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `agent.customStartupProbe` | Override default startup probe | `{}` | +| `agent.customReadinessProbe` | Override default readiness probe | `{}` | +| `agent.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if agent.resources is set (agent.resources is recommended for production). | `none` | +| `agent.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `agent.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for jaeger container | `[]` | +| `agent.containerPorts.compact` | accept jaeger.thrift in compact Thrift protocol used by most current Jaeger clients | `6831` | +| `agent.containerPorts.binary` | accept jaeger.thrift in binary Thrift protocol used by Node.js Jaeger client | `6832` | +| `agent.containerPorts.config` | Serve configs, sampling strategies | `5778` | +| `agent.containerPorts.zipkin` | Accept zipkin.thrift in compact Thrift protocol (deprecated; only used by very old Jaeger clients, circa 2016) | `5775` | +| `agent.containerPorts.admin` | Admin port: health check at / and metrics at /metrics | `14271` | +| `agent.service.type` | Jaeger service type | `ClusterIP` | +| `agent.service.ports.compact` | accept jaeger.thrift in compact Thrift protocol used by most current Jaeger clients | `6831` | +| `agent.service.ports.binary` | accept jaeger.thrift in binary Thrift protocol used by Node.js Jaeger client | `6832` | +| `agent.service.ports.config` | Serve configs, sampling strategies | `5778` | +| `agent.service.ports.zipkin` | Accept zipkin.thrift in compact Thrift protocol (deprecated; only used by very old Jaeger clients, circa 2016) | `5775` | +| `agent.service.ports.admin` | Admin port: health check at / and metrics at /metrics | `14271` | +| `agent.service.nodePorts.compact` | accept jaeger.thrift in compact Thrift protocol used by most current Jaeger clients | `""` | +| `agent.service.nodePorts.binary` | accept jaeger.thrift in binary Thrift protocol used by Node.js Jaeger client | `""` | +| `agent.service.nodePorts.config` | Serve configs, sampling strategies | `""` | +| `agent.service.nodePorts.zipkin` | Accept zipkin.thrift in compact Thrift protocol (deprecated; only used by very old Jaeger clients, circa 2016) | `""` | +| `agent.service.nodePorts.admin` | Admin port: health check at / and metrics at /metrics | `""` | +| `agent.service.extraPorts` | Extra ports to expose in the service (normally used with the `sidecar` value) | `[]` | +| `agent.service.loadBalancerIP` | LoadBalancerIP if service type is `LoadBalancer` | `""` | +| `agent.service.loadBalancerSourceRanges` | Service Load Balancer sources | `[]` | +| `agent.service.clusterIP` | Service Cluster IP | `""` | +| `agent.service.externalTrafficPolicy` | Service external traffic policy | `Cluster` | +| `agent.service.annotations` | Provide any additional annotations which may be required. | `{}` | +| `agent.service.sessionAffinity` | Session Affinity for Kubernetes service, can be "None" or "ClientIP" | `None` | +| `agent.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `agent.service.metrics.annotations` | Annotations for Prometheus metrics | `{}` | +| `agent.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `agent.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `agent.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `agent.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `agent.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `agent.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `agent.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `agent.serviceAccount.create` | Enables ServiceAccount | `true` | +| `agent.serviceAccount.name` | ServiceAccount name | `""` | +| `agent.serviceAccount.annotations` | Annotations to add to all deployed objects | `{}` | +| `agent.serviceAccount.automountServiceAccountToken` | Automount API credentials for a service account. | `false` | +| `agent.podSecurityContext.enabled` | Enabled Jaeger pods' Security Context | `true` | +| `agent.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `agent.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `agent.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `agent.podSecurityContext.fsGroup` | Set Jaeger pod's Security Context fsGroup | `1001` | +| `agent.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `agent.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `agent.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `agent.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `agent.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `agent.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `agent.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `agent.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `agent.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `agent.podAnnotations` | Additional pod annotations | `{}` | +| `agent.podLabels` | Additional pod labels | `{}` | +| `agent.podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `agent.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `agent.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `agent.nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `agent.nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `agent.priorityClassName` | Server priorityClassName | `""` | +| `agent.affinity` | Affinity for pod assignment | `{}` | +| `agent.nodeSelector` | Node labels for pod assignment | `{}` | +| `agent.tolerations` | Tolerations for pod assignment | `[]` | +| `agent.topologySpreadConstraints` | Topology Spread Constraints for pod assignment | `[]` | +| `agent.schedulerName` | Alternative scheduler | `""` | +| `agent.updateStrategy.type` | Jaeger agent deployment strategy type | `RollingUpdate` | +| `agent.updateStrategy.rollingUpdate` | Jaeger agent deployment rolling update configuration parameters | `{}` | +| `agent.extraVolumes` | Optionally specify extra list of additional volumes for jaeger container | `[]` | +| `agent.initContainers` | Add additional init containers to the jaeger pods | `[]` | +| `agent.sidecars` | Add additional sidecar containers to the jaeger pods | `[]` | +| `migration.podLabels` | Additional pod labels | `{}` | +| `migration.podAnnotations` | Additional pod annotations | `{}` | +| `migration.annotations` | Provide any additional annotations which may be required. | `{}` | +| `migration.podSecurityContext.enabled` | Enabled Jaeger pods' Security Context | `true` | +| `migration.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `migration.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `migration.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `migration.podSecurityContext.fsGroup` | Set Jaeger pod's Security Context fsGroup | `1001` | +| `migration.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `migration.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `migration.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `migration.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `migration.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `migration.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `migration.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `migration.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `migration.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `migration.extraEnvVars` | Extra environment variables to be set on jaeger migration container | `[]` | +| `migration.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars | `""` | +| `migration.extraEnvVarsSecret` | Name of existing Secret containing extra env vars | `""` | +| `migration.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for jaeger container | `[]` | +| `migration.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if migration.resources is set (migration.resources is recommended for production). | `none` | +| `migration.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `migration.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `migration.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `migration.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `migration.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `migration.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `migration.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `migration.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `migration.extraVolumes` | Optionally specify extra list of additional volumes for jaeger container | `[]` | ### Set the image to use for the migration job @@ -464,6 +464,12 @@ The command removes all the Kubernetes components associated with the chart and ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/jaeger/templates/NOTES.txt b/bitnami/jaeger/templates/NOTES.txt index 4b4970c062d861..9d586bcc6e9a34 100644 --- a/bitnami/jaeger/templates/NOTES.txt +++ b/bitnami/jaeger/templates/NOTES.txt @@ -21,3 +21,4 @@ APP VERSION: {{ .Chart.AppVersion }} {{- end }} {{- include "common.warnings.rollingTag" .Values.image }} +{{- include "common.warnings.resources" (dict "sections" (list "agent" "collector" "migration" "query") "context" $) }} diff --git a/bitnami/jaeger/templates/agent/deployment.yaml b/bitnami/jaeger/templates/agent/deployment.yaml index 04e0c8176db9d4..f7a1c0d0969ac6 100644 --- a/bitnami/jaeger/templates/agent/deployment.yaml +++ b/bitnami/jaeger/templates/agent/deployment.yaml @@ -168,6 +168,8 @@ spec: {{- end }} {{- if .Values.query.resources }} resources: {{- toYaml .Values.agent.resources | nindent 12 }} + {{- else if ne .Values.agent.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.agent.resourcesPreset) | nindent 12 }} {{- end }} {{- if .Values.agent.extraVolumeMounts }} {{- include "common.tplvalues.render" ( dict "value" .Values.agent.extraVolumeMounts "context" $) | nindent 12 }} diff --git a/bitnami/jaeger/templates/collector/deployment.yaml b/bitnami/jaeger/templates/collector/deployment.yaml index 029254eef9bb63..67b94d2616a31c 100644 --- a/bitnami/jaeger/templates/collector/deployment.yaml +++ b/bitnami/jaeger/templates/collector/deployment.yaml @@ -166,6 +166,8 @@ spec: {{- end }} {{- if .Values.query.resources }} resources: {{- toYaml .Values.collector.resources | nindent 12 }} + {{- else if ne .Values.collector.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.collector.resourcesPreset) | nindent 12 }} {{- end }} {{- if .Values.collector.extraVolumeMounts }} {{- include "common.tplvalues.render" ( dict "value" .Values.collector.extraVolumeMounts "context" $) | nindent 12 }} diff --git a/bitnami/jaeger/templates/migrate-job.yaml b/bitnami/jaeger/templates/migrate-job.yaml index 222ae2625c1239..9f70576952ec9c 100644 --- a/bitnami/jaeger/templates/migrate-job.yaml +++ b/bitnami/jaeger/templates/migrate-job.yaml @@ -113,6 +113,8 @@ spec: {{- end }} {{- if .Values.migration.resources }} resources: {{- toYaml .Values.migration.resources | nindent 12 }} + {{- else if ne .Values.migration.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.migration.resourcesPreset) | nindent 12 }} {{- end }} volumes: - name: cassandra-schema diff --git a/bitnami/jaeger/templates/query/deployment.yaml b/bitnami/jaeger/templates/query/deployment.yaml index 86ce5459a36061..118fd798ca709b 100644 --- a/bitnami/jaeger/templates/query/deployment.yaml +++ b/bitnami/jaeger/templates/query/deployment.yaml @@ -154,6 +154,8 @@ spec: {{- end }} {{- if .Values.query.resources }} resources: {{- toYaml .Values.query.resources | nindent 12 }} + {{- else if ne .Values.query.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.query.resourcesPreset) | nindent 12 }} {{- end }} {{- if .Values.query.extraVolumeMounts }} {{- include "common.tplvalues.render" ( dict "value" .Values.query.extraVolumeMounts "context" $) | nindent 12 }} diff --git a/bitnami/jaeger/values.yaml b/bitnami/jaeger/values.yaml index 9405c88f65a493..1e97b99e7325a8 100644 --- a/bitnami/jaeger/values.yaml +++ b/bitnami/jaeger/values.yaml @@ -19,7 +19,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @@ -52,7 +51,6 @@ diagnosticMode: ## args: - infinity - ## @section Jaeger parameters ## @@ -87,10 +85,8 @@ image: ## Enable debug mode ## debug: false - ## @section Query deployment parameters ## - query: ## @param query.command Command for running the container (set to default if not set). Use array form ## @@ -186,22 +182,21 @@ query: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param query.resources.limits The resources limits for Jaeger containers - ## @param query.resources.requests The requested resources for Jaeger containers - ## - resources: - ## Example: - ## limits: - ## cpu: 2 - ## memory: 4Gi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 2 - ## memory: 4Gi - ## - requests: {} + ## @param query.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if query.resources is set (query.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param query.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param query.extraVolumeMounts Optionally specify extra list of additional volumeMounts for jaeger container ## extraVolumeMounts: [] @@ -466,10 +461,8 @@ query: ## @param query.sidecars Add additional sidecar containers to the jaeger pods ## sidecars: [] - ## @section Collector deployment parameters ## - collector: ## @param collector.command Command for running the container (set to default if not set). Use array form ## @@ -565,22 +558,21 @@ collector: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param collector.resources.limits The resources limits for Jaeger containers - ## @param collector.resources.requests The requested resources for Jaeger containers - ## - resources: - ## Example: - ## limits: - ## cpu: 2 - ## memory: 4Gi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 2 - ## memory: 4Gi - ## - requests: {} + ## @param collector.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if collector.resources is set (collector.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param collector.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param collector.extraVolumeMounts Optionally specify extra list of additional volumeMounts for jaeger container ## extraVolumeMounts: [] @@ -890,10 +882,8 @@ collector: ## @param collector.sidecars Add additional sidecar containers to the jaeger pods ## sidecars: [] - ## @section agent deployment parameters ## - agent: ## @param agent.command Command for running the container (set to default if not set). Use array form ## @@ -989,22 +979,21 @@ agent: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param agent.resources.limits The resources limits for Jaeger containers - ## @param agent.resources.requests The requested resources for Jaeger containers - ## - resources: - ## Example: - ## limits: - ## cpu: 2 - ## memory: 4Gi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 2 - ## memory: 4Gi - ## - requests: {} + ## @param agent.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if agent.resources is set (agent.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param agent.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## @param agent.extraVolumeMounts Optionally specify extra list of additional volumeMounts for jaeger container ## extraVolumeMounts: [] @@ -1296,8 +1285,6 @@ agent: ## @param agent.sidecars Add additional sidecar containers to the jaeger pods ## sidecars: [] - - migration: ## @param migration.podLabels Additional pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ @@ -1326,7 +1313,6 @@ migration: sysctls: [] supplementalGroups: [] fsGroup: 1001 - ## @param migration.containerSecurityContext.enabled Enabled containers' Security Context ## @param migration.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param migration.containerSecurityContext.runAsUser Set containers' Security Context runAsUser @@ -1373,22 +1359,21 @@ migration: ## choice for the user. This also increases chances charts run on environments with little ## resources, such as Minikube. If you do want to specify resources, uncomment the following ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. - ## @param migration.resources.limits The resources limits for Jaeger containers - ## @param migration.resources.requests The requested resources for Jaeger containers - ## - resources: - ## Example: - ## limits: - ## cpu: 2 - ## memory: 4Gi - ## - limits: {} - ## Examples: - ## requests: - ## cpu: 2 - ## memory: 4Gi - ## - requests: {} + ## @param migration.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if migration.resources is set (migration.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param migration.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## @@ -1447,7 +1432,6 @@ migration: ## @param migration.extraVolumes Optionally specify extra list of additional volumes for jaeger container ## extraVolumes: [] - ## @section Set the image to use for the migration job ## @param cqlshImage.registry [default: REGISTRY_NAME] Cassandra image registry ## @param cqlshImage.repository [default: REPOSITORY_NAME/cassandra] Cassandra image repository @@ -1478,7 +1462,6 @@ cqlshImage: ## Enable debug mode ## debug: false - externalDatabase: ## @param externalDatabase.host External database host host: "" @@ -1505,7 +1488,6 @@ externalDatabase: ## @param externalDatabase.keyspace Name for cassandra's jaeger keyspace ## keyspace: "bitnami_jaeger" - ## @section Cassandra storage sub-chart ## cassandra: From 1e271a7d93207ff79857cf03570fc77576d0c316 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 14:22:21 +0100 Subject: [PATCH 015/129] [bitnami/grafana-mimir] feat: :sparkles: :lock: Add resource preset support (#23456) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [bitnami/grafana-mimir] feat: :sparkles: :lock: Add resource preset support Signed-off-by: Javier Salmeron Garcia * Update bitnami/grafana-mimir/Chart.yaml Co-authored-by: Celia Garcia <61272496+CeliaGMqrz@users.noreply.github.com> Signed-off-by: Javier J. Salmerón-García --------- Signed-off-by: Javier Salmeron Garcia Signed-off-by: Javier J. Salmerón-García Co-authored-by: Celia Garcia <61272496+CeliaGMqrz@users.noreply.github.com> --- bitnami/grafana-mimir/Chart.lock | 6 +- bitnami/grafana-mimir/Chart.yaml | 2 +- bitnami/grafana-mimir/README.md | 1740 +++++++++-------- bitnami/grafana-mimir/templates/NOTES.txt | 1 + .../templates/alertmanager/statefulset.yaml | 4 + .../templates/compactor/statefulset.yaml | 4 + .../templates/distributor/deployment.yaml | 2 + .../templates/gateway/deployment.yaml | 2 + .../templates/ingester/statefulset.yaml | 4 + .../overrides-exporter/deployment.yaml | 2 + .../templates/querier/deployment.yaml | 2 + .../templates/query-frontend/deployment.yaml | 2 + .../templates/query-scheduler/deployment.yaml | 2 + .../templates/ruler/deployment.yaml | 2 + .../templates/store-gateway/statefulset.yaml | 4 + bitnami/grafana-mimir/values.yaml | 315 +-- 16 files changed, 1088 insertions(+), 1006 deletions(-) diff --git a/bitnami/grafana-mimir/Chart.lock b/bitnami/grafana-mimir/Chart.lock index 339e755f3b57cb..4b0b4456f046b1 100644 --- a/bitnami/grafana-mimir/Chart.lock +++ b/bitnami/grafana-mimir/Chart.lock @@ -16,6 +16,6 @@ dependencies: version: 6.10.1 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:5d8c2ec9fb9ad81732513a61b826ed8440e4626276b6a77613b0771e16766220 -generated: "2024-02-05T12:02:42.440243447Z" + version: 2.15.3 +digest: sha256:4bbf51064b0954b2b72716879188c1a67e6e87580cf3770206419b9e81d3c9e7 +generated: "2024-02-14T14:59:14.294938138+01:00" diff --git a/bitnami/grafana-mimir/Chart.yaml b/bitnami/grafana-mimir/Chart.yaml index ee158f278cb65e..99aff2071878e5 100644 --- a/bitnami/grafana-mimir/Chart.yaml +++ b/bitnami/grafana-mimir/Chart.yaml @@ -59,4 +59,4 @@ maintainers: name: grafana-mimir sources: - https://github.com/bitnami/charts/tree/main/bitnami/grafana-mimir -version: 0.11.0 +version: 0.12.0 diff --git a/bitnami/grafana-mimir/README.md b/bitnami/grafana-mimir/README.md index 57e29f2b80ae13..a965748829567c 100644 --- a/bitnami/grafana-mimir/README.md +++ b/bitnami/grafana-mimir/README.md @@ -105,84 +105,84 @@ The command removes all the Kubernetes components associated with the chart and ### Alertmanager Deployment Parameters -| Name | Description | Value | -| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------------------- | -| `alertmanager.enabled` | Enable alertmanager deployment | `false` | -| `alertmanager.extraEnvVars` | Array with extra environment variables to add to alertmanager nodes | `[]` | -| `alertmanager.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for alertmanager nodes | `""` | -| `alertmanager.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for alertmanager nodes | `""` | -| `alertmanager.command` | Override default container command (useful when using custom images) | `[]` | -| `alertmanager.args` | Override default container args (useful when using custom images) | `[]` | -| `alertmanager.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | -| `alertmanager.replicaCount` | Number of Alertmanager replicas to deploy | `1` | -| `alertmanager.podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `OrderedReady` | -| `alertmanager.livenessProbe.enabled` | Enable livenessProbe on Alertmanager nodes | `true` | -| `alertmanager.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `alertmanager.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `alertmanager.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `alertmanager.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `alertmanager.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `alertmanager.readinessProbe.enabled` | Enable readinessProbe on Alertmanager nodes | `true` | -| `alertmanager.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `alertmanager.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `alertmanager.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `alertmanager.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `alertmanager.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `alertmanager.startupProbe.enabled` | Enable startupProbe on Alertmanager containers | `false` | -| `alertmanager.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `alertmanager.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `alertmanager.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `alertmanager.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `alertmanager.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `alertmanager.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `alertmanager.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `alertmanager.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `alertmanager.resources.limits` | The resources limits for the alertmanager containers | `{}` | -| `alertmanager.resources.requests` | The requested resources for the alertmanager containers | `{}` | -| `alertmanager.podSecurityContext.enabled` | Enabled Alertmanager pods' Security Context | `true` | -| `alertmanager.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `alertmanager.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `alertmanager.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `alertmanager.podSecurityContext.fsGroup` | Set Alertmanager pod's Security Context fsGroup | `1001` | -| `alertmanager.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `alertmanager.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `alertmanager.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `alertmanager.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `alertmanager.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `alertmanager.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `alertmanager.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `alertmanager.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `alertmanager.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `alertmanager.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | -| `alertmanager.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `alertmanager.hostAliases` | ingester pods host aliases | `[]` | -| `alertmanager.podLabels` | Extra labels for ingester pods | `{}` | -| `alertmanager.podAnnotations` | Annotations for ingester pods | `{}` | -| `alertmanager.podAffinityPreset` | Pod affinity preset. Ignored if `alertmanager.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `alertmanager.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `alertmanager.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `alertmanager.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `alertmanager.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `alertmanager.nodeAffinityPreset.key` | Node label key to match. Ignored if `alertmanager.affinity` is set | `""` | -| `alertmanager.nodeAffinityPreset.values` | Node label values to match. Ignored if `alertmanager.affinity` is set | `[]` | -| `alertmanager.affinity` | Affinity for Alertmanager pods assignment | `{}` | -| `alertmanager.nodeSelector` | Node labels for Alertmanager pods assignment | `{}` | -| `alertmanager.tolerations` | Tolerations for Alertmanager pods assignment | `[]` | -| `alertmanager.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `alertmanager.priorityClassName` | Alertmanager pods' priorityClassName | `""` | -| `alertmanager.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `alertmanager.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | -| `alertmanager.updateStrategy.type` | Alertmanager statefulset strategy type | `RollingUpdate` | -| `alertmanager.updateStrategy.rollingUpdate` | Alertmanager statefulset rolling update configuration parameters | `{}` | -| `alertmanager.extraVolumes` | Optionally specify extra list of additional volumes for the Alertmanager pod(s) | `[]` | -| `alertmanager.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Alertmanager container(s) | `[]` | -| `alertmanager.sidecars` | Add additional sidecar containers to the Alertmanager pod(s) | `[]` | -| `alertmanager.initContainers` | Add additional init containers to the Alertmanager pod(s) | `[]` | -| `alertmanager.persistence.enabled` | Enable persistence in alertmanager instances | `true` | -| `alertmanager.persistence.storageClass` | PVC Storage Class for alertmanager data volume | `""` | -| `alertmanager.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | -| `alertmanager.persistence.size` | PVC Storage Request for alertmanager data volume | `8Gi` | -| `alertmanager.persistence.annotations` | Additional PVC annotations | `{}` | -| `alertmanager.persistence.selector` | Selector to match an existing Persistent Volume for alertmanager's data PVC | `{}` | -| `alertmanager.persistence.dataSource` | PVC data source | `{}` | +| Name | Description | Value | +| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- | +| `alertmanager.enabled` | Enable alertmanager deployment | `false` | +| `alertmanager.extraEnvVars` | Array with extra environment variables to add to alertmanager nodes | `[]` | +| `alertmanager.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for alertmanager nodes | `""` | +| `alertmanager.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for alertmanager nodes | `""` | +| `alertmanager.command` | Override default container command (useful when using custom images) | `[]` | +| `alertmanager.args` | Override default container args (useful when using custom images) | `[]` | +| `alertmanager.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | +| `alertmanager.replicaCount` | Number of Alertmanager replicas to deploy | `1` | +| `alertmanager.podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `OrderedReady` | +| `alertmanager.livenessProbe.enabled` | Enable livenessProbe on Alertmanager nodes | `true` | +| `alertmanager.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `alertmanager.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `alertmanager.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `alertmanager.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `alertmanager.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `alertmanager.readinessProbe.enabled` | Enable readinessProbe on Alertmanager nodes | `true` | +| `alertmanager.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `alertmanager.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `alertmanager.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `alertmanager.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `alertmanager.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `alertmanager.startupProbe.enabled` | Enable startupProbe on Alertmanager containers | `false` | +| `alertmanager.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `alertmanager.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `alertmanager.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `alertmanager.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `alertmanager.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `alertmanager.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `alertmanager.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `alertmanager.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `alertmanager.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if alertmanager.resources is set (alertmanager.resources is recommended for production). | `none` | +| `alertmanager.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `alertmanager.podSecurityContext.enabled` | Enabled Alertmanager pods' Security Context | `true` | +| `alertmanager.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `alertmanager.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `alertmanager.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `alertmanager.podSecurityContext.fsGroup` | Set Alertmanager pod's Security Context fsGroup | `1001` | +| `alertmanager.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `alertmanager.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `alertmanager.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `alertmanager.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `alertmanager.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `alertmanager.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `alertmanager.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `alertmanager.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `alertmanager.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `alertmanager.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | +| `alertmanager.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `alertmanager.hostAliases` | ingester pods host aliases | `[]` | +| `alertmanager.podLabels` | Extra labels for ingester pods | `{}` | +| `alertmanager.podAnnotations` | Annotations for ingester pods | `{}` | +| `alertmanager.podAffinityPreset` | Pod affinity preset. Ignored if `alertmanager.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `alertmanager.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `alertmanager.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `alertmanager.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `alertmanager.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `alertmanager.nodeAffinityPreset.key` | Node label key to match. Ignored if `alertmanager.affinity` is set | `""` | +| `alertmanager.nodeAffinityPreset.values` | Node label values to match. Ignored if `alertmanager.affinity` is set | `[]` | +| `alertmanager.affinity` | Affinity for Alertmanager pods assignment | `{}` | +| `alertmanager.nodeSelector` | Node labels for Alertmanager pods assignment | `{}` | +| `alertmanager.tolerations` | Tolerations for Alertmanager pods assignment | `[]` | +| `alertmanager.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `alertmanager.priorityClassName` | Alertmanager pods' priorityClassName | `""` | +| `alertmanager.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `alertmanager.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | +| `alertmanager.updateStrategy.type` | Alertmanager statefulset strategy type | `RollingUpdate` | +| `alertmanager.updateStrategy.rollingUpdate` | Alertmanager statefulset rolling update configuration parameters | `{}` | +| `alertmanager.extraVolumes` | Optionally specify extra list of additional volumes for the Alertmanager pod(s) | `[]` | +| `alertmanager.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Alertmanager container(s) | `[]` | +| `alertmanager.sidecars` | Add additional sidecar containers to the Alertmanager pod(s) | `[]` | +| `alertmanager.initContainers` | Add additional init containers to the Alertmanager pod(s) | `[]` | +| `alertmanager.persistence.enabled` | Enable persistence in alertmanager instances | `true` | +| `alertmanager.persistence.storageClass` | PVC Storage Class for alertmanager data volume | `""` | +| `alertmanager.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | +| `alertmanager.persistence.size` | PVC Storage Request for alertmanager data volume | `8Gi` | +| `alertmanager.persistence.annotations` | Additional PVC annotations | `{}` | +| `alertmanager.persistence.selector` | Selector to match an existing Persistent Volume for alertmanager's data PVC | `{}` | +| `alertmanager.persistence.dataSource` | PVC data source | `{}` | ### Alertmanager Traffic Exposure Parameters @@ -217,83 +217,83 @@ The command removes all the Kubernetes components associated with the chart and ### Compactor Deployment Parameters -| Name | Description | Value | -| ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------------------- | -| `compactor.extraEnvVars` | Array with extra environment variables to add to compactor nodes | `[]` | -| `compactor.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for compactor nodes | `""` | -| `compactor.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for compactor nodes | `""` | -| `compactor.command` | Override default container command (useful when using custom images) | `[]` | -| `compactor.args` | Override default container args (useful when using custom images) | `[]` | -| `compactor.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | -| `compactor.replicaCount` | Number of Compactor replicas to deploy | `1` | -| `compactor.podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `OrderedReady` | -| `compactor.livenessProbe.enabled` | Enable livenessProbe on Compactor nodes | `true` | -| `compactor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `compactor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `compactor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `compactor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `compactor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `compactor.readinessProbe.enabled` | Enable readinessProbe on Compactor nodes | `true` | -| `compactor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `compactor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `compactor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `compactor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `compactor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `compactor.startupProbe.enabled` | Enable startupProbe on Compactor containers | `false` | -| `compactor.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `compactor.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `compactor.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `compactor.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `compactor.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `compactor.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `compactor.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `compactor.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `compactor.resources.limits` | The resources limits for the compactor containers | `{}` | -| `compactor.resources.requests` | The requested resources for the compactor containers | `{}` | -| `compactor.podSecurityContext.enabled` | Enabled Compactor pods' Security Context | `true` | -| `compactor.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `compactor.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `compactor.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `compactor.podSecurityContext.fsGroup` | Set Compactor pod's Security Context fsGroup | `1001` | -| `compactor.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `compactor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `compactor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `compactor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `compactor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `compactor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `compactor.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `compactor.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `compactor.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `compactor.lifecycleHooks` | for the compactor container(s) to automate configuration before or after startup | `{}` | -| `compactor.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `compactor.hostAliases` | compactor pods host aliases | `[]` | -| `compactor.podLabels` | Extra labels for compactor pods | `{}` | -| `compactor.podAnnotations` | Annotations for compactor pods | `{}` | -| `compactor.podAffinityPreset` | Pod affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `compactor.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `compactor.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `compactor.nodeAffinityPreset.key` | Node label key to match. Ignored if `compactor.affinity` is set | `""` | -| `compactor.nodeAffinityPreset.values` | Node label values to match. Ignored if `compactor.affinity` is set | `[]` | -| `compactor.affinity` | Affinity for Compactor pods assignment | `{}` | -| `compactor.nodeSelector` | Node labels for Compactor pods assignment | `{}` | -| `compactor.tolerations` | Tolerations for Compactor pods assignment | `[]` | -| `compactor.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `compactor.priorityClassName` | Compactor pods' priorityClassName | `""` | -| `compactor.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `compactor.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | -| `compactor.updateStrategy.type` | Compactor statefulset strategy type | `RollingUpdate` | -| `compactor.updateStrategy.rollingUpdate` | Compactor statefulset rolling update configuration parameters | `{}` | -| `compactor.extraVolumes` | Optionally specify extra list of additional volumes for the Compactor pod(s) | `[]` | -| `compactor.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Compactor container(s) | `[]` | -| `compactor.sidecars` | Add additional sidecar containers to the Compactor pod(s) | `[]` | -| `compactor.initContainers` | Add additional init containers to the Compactor pod(s) | `[]` | -| `compactor.persistence.enabled` | Enable persistence in Compactor instances | `true` | -| `compactor.persistence.storageClass` | PVC Storage Class for Compactor data volume | `""` | -| `compactor.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | -| `compactor.persistence.size` | PVC Storage Request for Compactor data volume | `8Gi` | -| `compactor.persistence.annotations` | Additional PVC annotations | `{}` | -| `compactor.persistence.selector` | Selector to match an existing Persistent Volume for Compactor's data PVC | `{}` | -| `compactor.persistence.dataSource` | PVC data source | `{}` | +| Name | Description | Value | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- | +| `compactor.extraEnvVars` | Array with extra environment variables to add to compactor nodes | `[]` | +| `compactor.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for compactor nodes | `""` | +| `compactor.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for compactor nodes | `""` | +| `compactor.command` | Override default container command (useful when using custom images) | `[]` | +| `compactor.args` | Override default container args (useful when using custom images) | `[]` | +| `compactor.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | +| `compactor.replicaCount` | Number of Compactor replicas to deploy | `1` | +| `compactor.podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `OrderedReady` | +| `compactor.livenessProbe.enabled` | Enable livenessProbe on Compactor nodes | `true` | +| `compactor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `compactor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `compactor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `compactor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `compactor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `compactor.readinessProbe.enabled` | Enable readinessProbe on Compactor nodes | `true` | +| `compactor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `compactor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `compactor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `compactor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `compactor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `compactor.startupProbe.enabled` | Enable startupProbe on Compactor containers | `false` | +| `compactor.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `compactor.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `compactor.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `compactor.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `compactor.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `compactor.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `compactor.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `compactor.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `compactor.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if compactor.resources is set (compactor.resources is recommended for production). | `none` | +| `compactor.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `compactor.podSecurityContext.enabled` | Enabled Compactor pods' Security Context | `true` | +| `compactor.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `compactor.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `compactor.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `compactor.podSecurityContext.fsGroup` | Set Compactor pod's Security Context fsGroup | `1001` | +| `compactor.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `compactor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `compactor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `compactor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `compactor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `compactor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `compactor.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `compactor.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `compactor.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `compactor.lifecycleHooks` | for the compactor container(s) to automate configuration before or after startup | `{}` | +| `compactor.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `compactor.hostAliases` | compactor pods host aliases | `[]` | +| `compactor.podLabels` | Extra labels for compactor pods | `{}` | +| `compactor.podAnnotations` | Annotations for compactor pods | `{}` | +| `compactor.podAffinityPreset` | Pod affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `compactor.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `compactor.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `compactor.nodeAffinityPreset.key` | Node label key to match. Ignored if `compactor.affinity` is set | `""` | +| `compactor.nodeAffinityPreset.values` | Node label values to match. Ignored if `compactor.affinity` is set | `[]` | +| `compactor.affinity` | Affinity for Compactor pods assignment | `{}` | +| `compactor.nodeSelector` | Node labels for Compactor pods assignment | `{}` | +| `compactor.tolerations` | Tolerations for Compactor pods assignment | `[]` | +| `compactor.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `compactor.priorityClassName` | Compactor pods' priorityClassName | `""` | +| `compactor.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `compactor.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | +| `compactor.updateStrategy.type` | Compactor statefulset strategy type | `RollingUpdate` | +| `compactor.updateStrategy.rollingUpdate` | Compactor statefulset rolling update configuration parameters | `{}` | +| `compactor.extraVolumes` | Optionally specify extra list of additional volumes for the Compactor pod(s) | `[]` | +| `compactor.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Compactor container(s) | `[]` | +| `compactor.sidecars` | Add additional sidecar containers to the Compactor pod(s) | `[]` | +| `compactor.initContainers` | Add additional init containers to the Compactor pod(s) | `[]` | +| `compactor.persistence.enabled` | Enable persistence in Compactor instances | `true` | +| `compactor.persistence.storageClass` | PVC Storage Class for Compactor data volume | `""` | +| `compactor.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | +| `compactor.persistence.size` | PVC Storage Request for Compactor data volume | `8Gi` | +| `compactor.persistence.annotations` | Additional PVC annotations | `{}` | +| `compactor.persistence.selector` | Selector to match an existing Persistent Volume for Compactor's data PVC | `{}` | +| `compactor.persistence.dataSource` | PVC data source | `{}` | ### Compactor Traffic Exposure Parameters @@ -325,75 +325,75 @@ The command removes all the Kubernetes components associated with the chart and ### Distributor Deployment Parameters -| Name | Description | Value | -| --------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------- | -| `distributor.extraEnvVars` | Array with extra environment variables to add to distributor nodes | `[]` | -| `distributor.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for distributor nodes | `""` | -| `distributor.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for distributor nodes | `""` | -| `distributor.command` | Override default container command (useful when using custom images) | `[]` | -| `distributor.args` | Override default container args (useful when using custom images) | `[]` | -| `distributor.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | -| `distributor.replicaCount` | Number of Distributor replicas to deploy | `1` | -| `distributor.livenessProbe.enabled` | Enable livenessProbe on Distributor nodes | `true` | -| `distributor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `distributor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `distributor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `distributor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `distributor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `distributor.readinessProbe.enabled` | Enable readinessProbe on Distributor nodes | `true` | -| `distributor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `distributor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `distributor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `distributor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `distributor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `distributor.startupProbe.enabled` | Enable startupProbe on Distributor containers | `false` | -| `distributor.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `distributor.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `distributor.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `distributor.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `distributor.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `distributor.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `distributor.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `distributor.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `distributor.resources.limits` | The resources limits for the distributor containers | `{}` | -| `distributor.resources.requests` | The requested resources for the distributor containers | `{}` | -| `distributor.podSecurityContext.enabled` | Enabled Distributor pods' Security Context | `true` | -| `distributor.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `distributor.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `distributor.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `distributor.podSecurityContext.fsGroup` | Set Distributor pod's Security Context fsGroup | `1001` | -| `distributor.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `distributor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `distributor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `distributor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `distributor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `distributor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `distributor.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `distributor.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `distributor.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `distributor.lifecycleHooks` | for the distributor container(s) to automate configuration before or after startup | `{}` | -| `distributor.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `distributor.hostAliases` | distributor pods host aliases | `[]` | -| `distributor.podLabels` | Extra labels for distributor pods | `{}` | -| `distributor.podAnnotations` | Annotations for distributor pods | `{}` | -| `distributor.podAffinityPreset` | Pod affinity preset. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `distributor.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `distributor.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `distributor.nodeAffinityPreset.key` | Node label key to match. Ignored if `distributor.affinity` is set | `""` | -| `distributor.nodeAffinityPreset.values` | Node label values to match. Ignored if `distributor.affinity` is set | `[]` | -| `distributor.affinity` | Affinity for Distributor pods assignment | `{}` | -| `distributor.nodeSelector` | Node labels for Distributor pods assignment | `{}` | -| `distributor.tolerations` | Tolerations for Distributor pods assignment | `[]` | -| `distributor.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `distributor.priorityClassName` | Distributor pods' priorityClassName | `""` | -| `distributor.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `distributor.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | -| `distributor.updateStrategy.type` | Distributor statefulset strategy type | `RollingUpdate` | -| `distributor.updateStrategy.rollingUpdate` | Distributor statefulset rolling update configuration parameters | `{}` | -| `distributor.extraVolumes` | Optionally specify extra list of additional volumes for the Distributor pod(s) | `[]` | -| `distributor.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Distributor container(s) | `[]` | -| `distributor.sidecars` | Add additional sidecar containers to the Distributor pod(s) | `[]` | -| `distributor.initContainers` | Add additional init containers to the Distributor pod(s) | `[]` | +| Name | Description | Value | +| --------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `distributor.extraEnvVars` | Array with extra environment variables to add to distributor nodes | `[]` | +| `distributor.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for distributor nodes | `""` | +| `distributor.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for distributor nodes | `""` | +| `distributor.command` | Override default container command (useful when using custom images) | `[]` | +| `distributor.args` | Override default container args (useful when using custom images) | `[]` | +| `distributor.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | +| `distributor.replicaCount` | Number of Distributor replicas to deploy | `1` | +| `distributor.livenessProbe.enabled` | Enable livenessProbe on Distributor nodes | `true` | +| `distributor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `distributor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `distributor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `distributor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `distributor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `distributor.readinessProbe.enabled` | Enable readinessProbe on Distributor nodes | `true` | +| `distributor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `distributor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `distributor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `distributor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `distributor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `distributor.startupProbe.enabled` | Enable startupProbe on Distributor containers | `false` | +| `distributor.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `distributor.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `distributor.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `distributor.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `distributor.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `distributor.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `distributor.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `distributor.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `distributor.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if distributor.resources is set (distributor.resources is recommended for production). | `none` | +| `distributor.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `distributor.podSecurityContext.enabled` | Enabled Distributor pods' Security Context | `true` | +| `distributor.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `distributor.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `distributor.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `distributor.podSecurityContext.fsGroup` | Set Distributor pod's Security Context fsGroup | `1001` | +| `distributor.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `distributor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `distributor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `distributor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `distributor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `distributor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `distributor.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `distributor.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `distributor.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `distributor.lifecycleHooks` | for the distributor container(s) to automate configuration before or after startup | `{}` | +| `distributor.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `distributor.hostAliases` | distributor pods host aliases | `[]` | +| `distributor.podLabels` | Extra labels for distributor pods | `{}` | +| `distributor.podAnnotations` | Annotations for distributor pods | `{}` | +| `distributor.podAffinityPreset` | Pod affinity preset. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `distributor.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `distributor.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `distributor.nodeAffinityPreset.key` | Node label key to match. Ignored if `distributor.affinity` is set | `""` | +| `distributor.nodeAffinityPreset.values` | Node label values to match. Ignored if `distributor.affinity` is set | `[]` | +| `distributor.affinity` | Affinity for Distributor pods assignment | `{}` | +| `distributor.nodeSelector` | Node labels for Distributor pods assignment | `{}` | +| `distributor.tolerations` | Tolerations for Distributor pods assignment | `[]` | +| `distributor.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `distributor.priorityClassName` | Distributor pods' priorityClassName | `""` | +| `distributor.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `distributor.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | +| `distributor.updateStrategy.type` | Distributor statefulset strategy type | `RollingUpdate` | +| `distributor.updateStrategy.rollingUpdate` | Distributor statefulset rolling update configuration parameters | `{}` | +| `distributor.extraVolumes` | Optionally specify extra list of additional volumes for the Distributor pod(s) | `[]` | +| `distributor.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Distributor container(s) | `[]` | +| `distributor.sidecars` | Add additional sidecar containers to the Distributor pod(s) | `[]` | +| `distributor.initContainers` | Add additional init containers to the Distributor pod(s) | `[]` | ### Distributor Traffic Exposure Parameters @@ -426,86 +426,86 @@ The command removes all the Kubernetes components associated with the chart and ### Gateway Deployment Parameters -| Name | Description | Value | -| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ----------------------- | -| `gateway.enabled` | Enable Gateway deployment | `true` | -| `gateway.image.registry` | Nginx image registry | `REGISTRY_NAME` | -| `gateway.image.repository` | Nginx image repository | `REPOSITORY_NAME/nginx` | -| `gateway.image.digest` | Nginx image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `gateway.image.pullPolicy` | Nginx image pull policy | `IfNotPresent` | -| `gateway.image.pullSecrets` | Nginx image pull secrets | `[]` | -| `gateway.image.debug` | Enable debugging in the initialization process | `false` | -| `gateway.extraEnvVars` | Array with extra environment variables to add to gateway nodes | `[]` | -| `gateway.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for gateway nodes | `""` | -| `gateway.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for gateway nodes | `""` | -| `gateway.command` | Override default container command (useful when using custom images) | `[]` | -| `gateway.args` | Override default container args (useful when using custom images) | `[]` | -| `gateway.verboseLogging` | Show the gateway access_log | `false` | -| `gateway.replicaCount` | Number of Gateway replicas to deploy | `1` | -| `gateway.auth.enabled` | Enable basic auth | `false` | -| `gateway.auth.username` | Basic auth username | `user` | -| `gateway.auth.password` | Basic auth password | `""` | -| `gateway.auth.existingSecret` | Name of a secret containing the Basic auth password | `""` | -| `gateway.livenessProbe.enabled` | Enable livenessProbe on Gateway nodes | `true` | -| `gateway.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `gateway.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `gateway.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `gateway.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `gateway.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `gateway.readinessProbe.enabled` | Enable readinessProbe on Gateway nodes | `true` | -| `gateway.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `gateway.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `gateway.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `gateway.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `gateway.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `gateway.startupProbe.enabled` | Enable startupProbe on Gateway containers | `false` | -| `gateway.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `gateway.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `gateway.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `gateway.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `gateway.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `gateway.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `gateway.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `gateway.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `gateway.containerPorts.http` | Gateway HTTP port | `8080` | -| `gateway.resources.limits` | The resources limits for the gateway containers | `{}` | -| `gateway.resources.requests` | The requested resources for the gateway containers | `{}` | -| `gateway.podSecurityContext.enabled` | Enabled Gateway pods' Security Context | `true` | -| `gateway.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `gateway.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `gateway.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `gateway.podSecurityContext.fsGroup` | Set Gateway pod's Security Context fsGroup | `1001` | -| `gateway.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `gateway.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `gateway.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `gateway.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `gateway.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `gateway.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `gateway.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `gateway.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `gateway.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `gateway.lifecycleHooks` | for the gateway container(s) to automate configuration before or after startup | `{}` | -| `gateway.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `gateway.hostAliases` | gateway pods host aliases | `[]` | -| `gateway.podLabels` | Extra labels for gateway pods | `{}` | -| `gateway.podAnnotations` | Annotations for gateway pods | `{}` | -| `gateway.podAffinityPreset` | Pod affinity preset. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `gateway.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `gateway.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `gateway.nodeAffinityPreset.key` | Node label key to match. Ignored if `gateway.affinity` is set | `""` | -| `gateway.nodeAffinityPreset.values` | Node label values to match. Ignored if `gateway.affinity` is set | `[]` | -| `gateway.affinity` | Affinity for Gateway pods assignment | `{}` | -| `gateway.nodeSelector` | Node labels for Gateway pods assignment | `{}` | -| `gateway.tolerations` | Tolerations for Gateway pods assignment | `[]` | -| `gateway.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `gateway.priorityClassName` | Gateway pods' priorityClassName | `""` | -| `gateway.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `gateway.updateStrategy.type` | Gateway statefulset strategy type | `RollingUpdate` | -| `gateway.updateStrategy.rollingUpdate` | Gateway statefulset rolling update configuration parameters | `{}` | -| `gateway.extraVolumes` | Optionally specify extra list of additional volumes for the Gateway pod(s) | `[]` | -| `gateway.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Gateway container(s) | `[]` | -| `gateway.sidecars` | Add additional sidecar containers to the Gateway pod(s) | `[]` | -| `gateway.initContainers` | Add additional init containers to the Gateway pod(s) | `[]` | +| Name | Description | Value | +| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `gateway.enabled` | Enable Gateway deployment | `true` | +| `gateway.image.registry` | Nginx image registry | `REGISTRY_NAME` | +| `gateway.image.repository` | Nginx image repository | `REPOSITORY_NAME/nginx` | +| `gateway.image.digest` | Nginx image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `gateway.image.pullPolicy` | Nginx image pull policy | `IfNotPresent` | +| `gateway.image.pullSecrets` | Nginx image pull secrets | `[]` | +| `gateway.image.debug` | Enable debugging in the initialization process | `false` | +| `gateway.extraEnvVars` | Array with extra environment variables to add to gateway nodes | `[]` | +| `gateway.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for gateway nodes | `""` | +| `gateway.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for gateway nodes | `""` | +| `gateway.command` | Override default container command (useful when using custom images) | `[]` | +| `gateway.args` | Override default container args (useful when using custom images) | `[]` | +| `gateway.verboseLogging` | Show the gateway access_log | `false` | +| `gateway.replicaCount` | Number of Gateway replicas to deploy | `1` | +| `gateway.auth.enabled` | Enable basic auth | `false` | +| `gateway.auth.username` | Basic auth username | `user` | +| `gateway.auth.password` | Basic auth password | `""` | +| `gateway.auth.existingSecret` | Name of a secret containing the Basic auth password | `""` | +| `gateway.livenessProbe.enabled` | Enable livenessProbe on Gateway nodes | `true` | +| `gateway.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `gateway.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `gateway.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `gateway.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `gateway.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `gateway.readinessProbe.enabled` | Enable readinessProbe on Gateway nodes | `true` | +| `gateway.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `gateway.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `gateway.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `gateway.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `gateway.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `gateway.startupProbe.enabled` | Enable startupProbe on Gateway containers | `false` | +| `gateway.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `gateway.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `gateway.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `gateway.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `gateway.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `gateway.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `gateway.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `gateway.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `gateway.containerPorts.http` | Gateway HTTP port | `8080` | +| `gateway.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if gateway.resources is set (gateway.resources is recommended for production). | `none` | +| `gateway.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `gateway.podSecurityContext.enabled` | Enabled Gateway pods' Security Context | `true` | +| `gateway.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `gateway.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `gateway.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `gateway.podSecurityContext.fsGroup` | Set Gateway pod's Security Context fsGroup | `1001` | +| `gateway.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `gateway.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `gateway.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `gateway.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `gateway.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `gateway.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `gateway.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `gateway.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `gateway.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `gateway.lifecycleHooks` | for the gateway container(s) to automate configuration before or after startup | `{}` | +| `gateway.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `gateway.hostAliases` | gateway pods host aliases | `[]` | +| `gateway.podLabels` | Extra labels for gateway pods | `{}` | +| `gateway.podAnnotations` | Annotations for gateway pods | `{}` | +| `gateway.podAffinityPreset` | Pod affinity preset. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `gateway.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `gateway.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `gateway.nodeAffinityPreset.key` | Node label key to match. Ignored if `gateway.affinity` is set | `""` | +| `gateway.nodeAffinityPreset.values` | Node label values to match. Ignored if `gateway.affinity` is set | `[]` | +| `gateway.affinity` | Affinity for Gateway pods assignment | `{}` | +| `gateway.nodeSelector` | Node labels for Gateway pods assignment | `{}` | +| `gateway.tolerations` | Tolerations for Gateway pods assignment | `[]` | +| `gateway.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `gateway.priorityClassName` | Gateway pods' priorityClassName | `""` | +| `gateway.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `gateway.updateStrategy.type` | Gateway statefulset strategy type | `RollingUpdate` | +| `gateway.updateStrategy.rollingUpdate` | Gateway statefulset rolling update configuration parameters | `{}` | +| `gateway.extraVolumes` | Optionally specify extra list of additional volumes for the Gateway pod(s) | `[]` | +| `gateway.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Gateway container(s) | `[]` | +| `gateway.sidecars` | Add additional sidecar containers to the Gateway pod(s) | `[]` | +| `gateway.initContainers` | Add additional init containers to the Gateway pod(s) | `[]` | ### Gateway Traffic Exposure Parameters @@ -548,180 +548,180 @@ The command removes all the Kubernetes components associated with the chart and ### Ingester Deployment Parameters -| Name | Description | Value | -| ------------------------------------------------------------ | -------------------------------------------------------------------------------------------------- | ------------------- | -| `ingester.extraEnvVars` | Array with extra environment variables to add to ingester nodes | `[]` | -| `ingester.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ingester nodes | `""` | -| `ingester.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ingester nodes | `""` | -| `ingester.command` | Override default container command (useful when using custom images) | `[]` | -| `ingester.args` | Override default container args (useful when using custom images) | `[]` | -| `ingester.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | -| `ingester.replicaCount` | Number of Ingester replicas to deploy | `2` | -| `ingester.podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `OrderedReady` | -| `ingester.livenessProbe.enabled` | Enable livenessProbe on Ingester nodes | `true` | -| `ingester.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `ingester.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `ingester.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `ingester.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `ingester.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `ingester.readinessProbe.enabled` | Enable readinessProbe on Ingester nodes | `true` | -| `ingester.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `ingester.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `ingester.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `ingester.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `ingester.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `ingester.startupProbe.enabled` | Enable startupProbe on Ingester containers | `false` | -| `ingester.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `ingester.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `ingester.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `ingester.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `ingester.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `ingester.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `ingester.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `ingester.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `ingester.resources.limits` | The resources limits for the ingester containers | `{}` | -| `ingester.resources.requests` | The requested resources for the ingester containers | `{}` | -| `ingester.podSecurityContext.enabled` | Enabled Ingester pods' Security Context | `true` | -| `ingester.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `ingester.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `ingester.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `ingester.podSecurityContext.fsGroup` | Set Ingester pod's Security Context fsGroup | `1001` | -| `ingester.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `ingester.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `ingester.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `ingester.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `ingester.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `ingester.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `ingester.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `ingester.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `ingester.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `ingester.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | -| `ingester.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `ingester.hostAliases` | ingester pods host aliases | `[]` | -| `ingester.podLabels` | Extra labels for ingester pods | `{}` | -| `ingester.podAnnotations` | Annotations for ingester pods | `{}` | -| `ingester.podAffinityPreset` | Pod affinity preset. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ingester.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `ingester.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ingester.nodeAffinityPreset.key` | Node label key to match. Ignored if `ingester.affinity` is set | `""` | -| `ingester.nodeAffinityPreset.values` | Node label values to match. Ignored if `ingester.affinity` is set | `[]` | -| `ingester.affinity` | Affinity for Ingester pods assignment | `{}` | -| `ingester.nodeSelector` | Node labels for Ingester pods assignment | `{}` | -| `ingester.tolerations` | Tolerations for Ingester pods assignment | `[]` | -| `ingester.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `ingester.priorityClassName` | Ingester pods' priorityClassName | `""` | -| `ingester.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `ingester.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | -| `ingester.updateStrategy.type` | Ingester statefulset strategy type | `RollingUpdate` | -| `ingester.updateStrategy.rollingUpdate` | Ingester statefulset rolling update configuration parameters | `{}` | -| `ingester.extraVolumes` | Optionally specify extra list of additional volumes for the Ingester pod(s) | `[]` | -| `ingester.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Ingester container(s) | `[]` | -| `ingester.sidecars` | Add additional sidecar containers to the Ingester pod(s) | `[]` | -| `ingester.initContainers` | Add additional init containers to the Ingester pod(s) | `[]` | -| `ingester.persistence.enabled` | Enable persistence in Ingester instances | `true` | -| `ingester.persistence.storageClass` | PVC Storage Class for Ingester data volume | `""` | -| `ingester.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | -| `ingester.persistence.size` | PVC Storage Request for Ingester data volume | `8Gi` | -| `ingester.persistence.annotations` | Additional PVC annotations | `{}` | -| `ingester.persistence.selector` | Selector to match an existing Persistent Volume for Ingester's data PVC | `{}` | -| `ingester.persistence.dataSource` | PVC data source | `{}` | +| Name | Description | Value | +| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------- | +| `ingester.extraEnvVars` | Array with extra environment variables to add to ingester nodes | `[]` | +| `ingester.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ingester nodes | `""` | +| `ingester.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ingester nodes | `""` | +| `ingester.command` | Override default container command (useful when using custom images) | `[]` | +| `ingester.args` | Override default container args (useful when using custom images) | `[]` | +| `ingester.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | +| `ingester.replicaCount` | Number of Ingester replicas to deploy | `2` | +| `ingester.podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `OrderedReady` | +| `ingester.livenessProbe.enabled` | Enable livenessProbe on Ingester nodes | `true` | +| `ingester.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `ingester.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `ingester.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `ingester.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `ingester.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `ingester.readinessProbe.enabled` | Enable readinessProbe on Ingester nodes | `true` | +| `ingester.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `ingester.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `ingester.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `ingester.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `ingester.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `ingester.startupProbe.enabled` | Enable startupProbe on Ingester containers | `false` | +| `ingester.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `ingester.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `ingester.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `ingester.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `ingester.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `ingester.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `ingester.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `ingester.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `ingester.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ingester.resources is set (ingester.resources is recommended for production). | `none` | +| `ingester.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `ingester.podSecurityContext.enabled` | Enabled Ingester pods' Security Context | `true` | +| `ingester.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `ingester.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `ingester.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `ingester.podSecurityContext.fsGroup` | Set Ingester pod's Security Context fsGroup | `1001` | +| `ingester.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `ingester.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `ingester.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `ingester.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `ingester.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `ingester.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `ingester.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `ingester.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `ingester.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `ingester.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | +| `ingester.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `ingester.hostAliases` | ingester pods host aliases | `[]` | +| `ingester.podLabels` | Extra labels for ingester pods | `{}` | +| `ingester.podAnnotations` | Annotations for ingester pods | `{}` | +| `ingester.podAffinityPreset` | Pod affinity preset. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `ingester.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `ingester.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `ingester.nodeAffinityPreset.key` | Node label key to match. Ignored if `ingester.affinity` is set | `""` | +| `ingester.nodeAffinityPreset.values` | Node label values to match. Ignored if `ingester.affinity` is set | `[]` | +| `ingester.affinity` | Affinity for Ingester pods assignment | `{}` | +| `ingester.nodeSelector` | Node labels for Ingester pods assignment | `{}` | +| `ingester.tolerations` | Tolerations for Ingester pods assignment | `[]` | +| `ingester.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `ingester.priorityClassName` | Ingester pods' priorityClassName | `""` | +| `ingester.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `ingester.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | +| `ingester.updateStrategy.type` | Ingester statefulset strategy type | `RollingUpdate` | +| `ingester.updateStrategy.rollingUpdate` | Ingester statefulset rolling update configuration parameters | `{}` | +| `ingester.extraVolumes` | Optionally specify extra list of additional volumes for the Ingester pod(s) | `[]` | +| `ingester.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Ingester container(s) | `[]` | +| `ingester.sidecars` | Add additional sidecar containers to the Ingester pod(s) | `[]` | +| `ingester.initContainers` | Add additional init containers to the Ingester pod(s) | `[]` | +| `ingester.persistence.enabled` | Enable persistence in Ingester instances | `true` | +| `ingester.persistence.storageClass` | PVC Storage Class for Ingester data volume | `""` | +| `ingester.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | +| `ingester.persistence.size` | PVC Storage Request for Ingester data volume | `8Gi` | +| `ingester.persistence.annotations` | Additional PVC annotations | `{}` | +| `ingester.persistence.selector` | Selector to match an existing Persistent Volume for Ingester's data PVC | `{}` | +| `ingester.persistence.dataSource` | PVC data source | `{}` | ### Ingester Traffic Exposure Parameters -| Name | Description | Value | -| --------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------- | ---------------- | -| `ingester.service.type` | Ingester service type | `ClusterIP` | -| `ingester.service.ports.http` | Ingester HTTP service port | `8080` | -| `ingester.service.ports.grpc` | Ingester GRPC service port | `9095` | -| `ingester.service.nodePorts.http` | Node port for HTTP | `""` | -| `ingester.service.nodePorts.grpc` | Node port for GRPC | `9095` | -| `ingester.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `ingester.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `ingester.service.clusterIP` | Ingester service Cluster IP | `""` | -| `ingester.service.loadBalancerIP` | Ingester service Load Balancer IP | `""` | -| `ingester.service.loadBalancerSourceRanges` | Ingester service Load Balancer sources | `[]` | -| `ingester.service.externalTrafficPolicy` | Ingester service external traffic policy | `Cluster` | -| `ingester.service.annotations` | Additional custom annotations for Ingester service | `{}` | -| `ingester.service.extraPorts` | Extra ports to expose in the Ingester service | `[]` | -| `ingester.service.headless.annotations` | Annotations for the headless service. | `{}` | -| `ingester.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `ingester.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `ingester.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `ingester.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `ingester.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `ingester.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `ingester.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `ingester.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `ingester.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `ingester.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `overridesExporter.enabled` | Enable overrides-exporter deployment | `false` | -| `overridesExporter.extraEnvVars` | Array with extra environment variables to add to overrides-exporter nodes | `[]` | -| `overridesExporter.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for overrides-exporter nodes | `""` | -| `overridesExporter.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for overrides-exporter nodes | `""` | -| `overridesExporter.command` | Override default container command (useful when using custom images) | `[]` | -| `overridesExporter.args` | Override default container args (useful when using custom images) | `[]` | -| `overridesExporter.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | -| `overridesExporter.replicaCount` | Number of Overrides Exporter replicas to deploy | `1` | -| `overridesExporter.livenessProbe.enabled` | Enable livenessProbe on Overrides Exporter nodes | `true` | -| `overridesExporter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `overridesExporter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `overridesExporter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `overridesExporter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `overridesExporter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `overridesExporter.readinessProbe.enabled` | Enable readinessProbe on Overrides Exporter nodes | `true` | -| `overridesExporter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `overridesExporter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `overridesExporter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `overridesExporter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `overridesExporter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `overridesExporter.startupProbe.enabled` | Enable startupProbe on Overrides Exporter containers | `false` | -| `overridesExporter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `overridesExporter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `overridesExporter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `overridesExporter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `overridesExporter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `overridesExporter.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `overridesExporter.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `overridesExporter.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `overridesExporter.resources.limits` | The resources limits for the overrides-exporter containers | `{}` | -| `overridesExporter.resources.requests` | The requested resources for the overrides-exporter containers | `{}` | -| `overridesExporter.podSecurityContext.enabled` | Enabled Overrides Exporter pods' Security Context | `true` | -| `overridesExporter.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `overridesExporter.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `overridesExporter.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `overridesExporter.podSecurityContext.fsGroup` | Set Overrides Exporter pod's Security Context fsGroup | `1001` | -| `overridesExporter.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `overridesExporter.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `overridesExporter.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `overridesExporter.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `overridesExporter.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `overridesExporter.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `overridesExporter.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `overridesExporter.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `overridesExporter.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `overridesExporter.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | -| `overridesExporter.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `overridesExporter.hostAliases` | ingester pods host aliases | `[]` | -| `overridesExporter.podLabels` | Extra labels for ingester pods | `{}` | -| `overridesExporter.podAnnotations` | Annotations for ingester pods | `{}` | -| `overridesExporter.podAffinityPreset` | Pod affinity preset. Ignored if `overridesExporter.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `overridesExporter.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `overridesExporter.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `overridesExporter.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `overridesExporter.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `overridesExporter.nodeAffinityPreset.key` | Node label key to match. Ignored if `overridesExporter.affinity` is set | `""` | -| `overridesExporter.nodeAffinityPreset.values` | Node label values to match. Ignored if `overridesExporter.affinity` is set | `[]` | -| `overridesExporter.affinity` | Affinity for Overrides Exporter pods assignment | `{}` | -| `overridesExporter.nodeSelector` | Node labels for Overrides Exporter pods assignment | `{}` | -| `overridesExporter.tolerations` | Tolerations for Overrides Exporter pods assignment | `[]` | -| `overridesExporter.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `overridesExporter.priorityClassName` | Overrides Exporter pods' priorityClassName | `""` | -| `overridesExporter.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `overridesExporter.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | -| `overridesExporter.updateStrategy.type` | Overrides Exporter statefulset strategy type | `RollingUpdate` | -| `overridesExporter.updateStrategy.rollingUpdate` | Overrides Exporter statefulset rolling update configuration parameters | `{}` | -| `overridesExporter.extraVolumes` | Optionally specify extra list of additional volumes for the Overrides Exporter pod(s) | `[]` | -| `overridesExporter.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Overrides Exporter container(s) | `[]` | -| `overridesExporter.sidecars` | Add additional sidecar containers to the Overrides Exporter pod(s) | `[]` | -| `overridesExporter.initContainers` | Add additional init containers to the Overrides Exporter pod(s) | `[]` | +| Name | Description | Value | +| --------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `ingester.service.type` | Ingester service type | `ClusterIP` | +| `ingester.service.ports.http` | Ingester HTTP service port | `8080` | +| `ingester.service.ports.grpc` | Ingester GRPC service port | `9095` | +| `ingester.service.nodePorts.http` | Node port for HTTP | `""` | +| `ingester.service.nodePorts.grpc` | Node port for GRPC | `9095` | +| `ingester.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `ingester.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `ingester.service.clusterIP` | Ingester service Cluster IP | `""` | +| `ingester.service.loadBalancerIP` | Ingester service Load Balancer IP | `""` | +| `ingester.service.loadBalancerSourceRanges` | Ingester service Load Balancer sources | `[]` | +| `ingester.service.externalTrafficPolicy` | Ingester service external traffic policy | `Cluster` | +| `ingester.service.annotations` | Additional custom annotations for Ingester service | `{}` | +| `ingester.service.extraPorts` | Extra ports to expose in the Ingester service | `[]` | +| `ingester.service.headless.annotations` | Annotations for the headless service. | `{}` | +| `ingester.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `ingester.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `ingester.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `ingester.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `ingester.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `ingester.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `ingester.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `ingester.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `ingester.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `ingester.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `overridesExporter.enabled` | Enable overrides-exporter deployment | `false` | +| `overridesExporter.extraEnvVars` | Array with extra environment variables to add to overrides-exporter nodes | `[]` | +| `overridesExporter.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for overrides-exporter nodes | `""` | +| `overridesExporter.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for overrides-exporter nodes | `""` | +| `overridesExporter.command` | Override default container command (useful when using custom images) | `[]` | +| `overridesExporter.args` | Override default container args (useful when using custom images) | `[]` | +| `overridesExporter.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | +| `overridesExporter.replicaCount` | Number of Overrides Exporter replicas to deploy | `1` | +| `overridesExporter.livenessProbe.enabled` | Enable livenessProbe on Overrides Exporter nodes | `true` | +| `overridesExporter.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `overridesExporter.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `overridesExporter.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `overridesExporter.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `overridesExporter.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `overridesExporter.readinessProbe.enabled` | Enable readinessProbe on Overrides Exporter nodes | `true` | +| `overridesExporter.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `overridesExporter.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `overridesExporter.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `overridesExporter.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `overridesExporter.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `overridesExporter.startupProbe.enabled` | Enable startupProbe on Overrides Exporter containers | `false` | +| `overridesExporter.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `overridesExporter.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `overridesExporter.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `overridesExporter.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `overridesExporter.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `overridesExporter.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `overridesExporter.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `overridesExporter.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `overridesExporter.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if overridesExporter.resources is set (overridesExporter.resources is recommended for production). | `none` | +| `overridesExporter.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `overridesExporter.podSecurityContext.enabled` | Enabled Overrides Exporter pods' Security Context | `true` | +| `overridesExporter.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `overridesExporter.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `overridesExporter.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `overridesExporter.podSecurityContext.fsGroup` | Set Overrides Exporter pod's Security Context fsGroup | `1001` | +| `overridesExporter.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `overridesExporter.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `overridesExporter.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `overridesExporter.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `overridesExporter.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `overridesExporter.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `overridesExporter.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `overridesExporter.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `overridesExporter.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `overridesExporter.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | +| `overridesExporter.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `overridesExporter.hostAliases` | ingester pods host aliases | `[]` | +| `overridesExporter.podLabels` | Extra labels for ingester pods | `{}` | +| `overridesExporter.podAnnotations` | Annotations for ingester pods | `{}` | +| `overridesExporter.podAffinityPreset` | Pod affinity preset. Ignored if `overridesExporter.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `overridesExporter.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `overridesExporter.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `overridesExporter.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `overridesExporter.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `overridesExporter.nodeAffinityPreset.key` | Node label key to match. Ignored if `overridesExporter.affinity` is set | `""` | +| `overridesExporter.nodeAffinityPreset.values` | Node label values to match. Ignored if `overridesExporter.affinity` is set | `[]` | +| `overridesExporter.affinity` | Affinity for Overrides Exporter pods assignment | `{}` | +| `overridesExporter.nodeSelector` | Node labels for Overrides Exporter pods assignment | `{}` | +| `overridesExporter.tolerations` | Tolerations for Overrides Exporter pods assignment | `[]` | +| `overridesExporter.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `overridesExporter.priorityClassName` | Overrides Exporter pods' priorityClassName | `""` | +| `overridesExporter.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `overridesExporter.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | +| `overridesExporter.updateStrategy.type` | Overrides Exporter statefulset strategy type | `RollingUpdate` | +| `overridesExporter.updateStrategy.rollingUpdate` | Overrides Exporter statefulset rolling update configuration parameters | `{}` | +| `overridesExporter.extraVolumes` | Optionally specify extra list of additional volumes for the Overrides Exporter pod(s) | `[]` | +| `overridesExporter.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Overrides Exporter container(s) | `[]` | +| `overridesExporter.sidecars` | Add additional sidecar containers to the Overrides Exporter pod(s) | `[]` | +| `overridesExporter.initContainers` | Add additional init containers to the Overrides Exporter pod(s) | `[]` | ### Overrides Exporter Traffic Exposure Parameters @@ -754,75 +754,75 @@ The command removes all the Kubernetes components associated with the chart and ### Querier Deployment Parameters -| Name | Description | Value | -| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | ---------------- | -| `querier.extraEnvVars` | Array with extra environment variables to add to querier nodes | `[]` | -| `querier.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for querier nodes | `""` | -| `querier.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for querier nodes | `""` | -| `querier.command` | Override default container command (useful when using custom images) | `[]` | -| `querier.args` | Override default container args (useful when using custom images) | `[]` | -| `querier.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | -| `querier.replicaCount` | Number of Querier replicas to deploy | `1` | -| `querier.livenessProbe.enabled` | Enable livenessProbe on Querier nodes | `true` | -| `querier.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `querier.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `querier.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `querier.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `querier.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `querier.readinessProbe.enabled` | Enable readinessProbe on Querier nodes | `true` | -| `querier.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `querier.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `querier.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `querier.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `querier.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `querier.startupProbe.enabled` | Enable startupProbe on Querier containers | `false` | -| `querier.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `querier.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `querier.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `querier.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `querier.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `querier.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `querier.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `querier.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `querier.resources.limits` | The resources limits for the querier containers | `{}` | -| `querier.resources.requests` | The requested resources for the querier containers | `{}` | -| `querier.podSecurityContext.enabled` | Enabled Querier pods' Security Context | `true` | -| `querier.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `querier.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `querier.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `querier.podSecurityContext.fsGroup` | Set Querier pod's Security Context fsGroup | `1001` | -| `querier.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `querier.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `querier.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `querier.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `querier.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `querier.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `querier.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `querier.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `querier.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `querier.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | -| `querier.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `querier.hostAliases` | ingester pods host aliases | `[]` | -| `querier.podLabels` | Extra labels for ingester pods | `{}` | -| `querier.podAnnotations` | Annotations for ingester pods | `{}` | -| `querier.podAffinityPreset` | Pod affinity preset. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `querier.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `querier.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `querier.nodeAffinityPreset.key` | Node label key to match. Ignored if `querier.affinity` is set | `""` | -| `querier.nodeAffinityPreset.values` | Node label values to match. Ignored if `querier.affinity` is set | `[]` | -| `querier.affinity` | Affinity for Querier pods assignment | `{}` | -| `querier.nodeSelector` | Node labels for Querier pods assignment | `{}` | -| `querier.tolerations` | Tolerations for Querier pods assignment | `[]` | -| `querier.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `querier.priorityClassName` | Querier pods' priorityClassName | `""` | -| `querier.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `querier.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | -| `querier.updateStrategy.type` | Querier statefulset strategy type | `RollingUpdate` | -| `querier.updateStrategy.rollingUpdate` | Querier statefulset rolling update configuration parameters | `{}` | -| `querier.extraVolumes` | Optionally specify extra list of additional volumes for the Querier pod(s) | `[]` | -| `querier.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Querier container(s) | `[]` | -| `querier.sidecars` | Add additional sidecar containers to the Querier pod(s) | `[]` | -| `querier.initContainers` | Add additional init containers to the Querier pod(s) | `[]` | +| Name | Description | Value | +| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `querier.extraEnvVars` | Array with extra environment variables to add to querier nodes | `[]` | +| `querier.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for querier nodes | `""` | +| `querier.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for querier nodes | `""` | +| `querier.command` | Override default container command (useful when using custom images) | `[]` | +| `querier.args` | Override default container args (useful when using custom images) | `[]` | +| `querier.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | +| `querier.replicaCount` | Number of Querier replicas to deploy | `1` | +| `querier.livenessProbe.enabled` | Enable livenessProbe on Querier nodes | `true` | +| `querier.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `querier.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `querier.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `querier.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `querier.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `querier.readinessProbe.enabled` | Enable readinessProbe on Querier nodes | `true` | +| `querier.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `querier.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `querier.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `querier.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `querier.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `querier.startupProbe.enabled` | Enable startupProbe on Querier containers | `false` | +| `querier.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `querier.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `querier.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `querier.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `querier.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `querier.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `querier.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `querier.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `querier.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if querier.resources is set (querier.resources is recommended for production). | `none` | +| `querier.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `querier.podSecurityContext.enabled` | Enabled Querier pods' Security Context | `true` | +| `querier.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `querier.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `querier.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `querier.podSecurityContext.fsGroup` | Set Querier pod's Security Context fsGroup | `1001` | +| `querier.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `querier.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `querier.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `querier.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `querier.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `querier.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `querier.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `querier.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `querier.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `querier.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | +| `querier.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `querier.hostAliases` | ingester pods host aliases | `[]` | +| `querier.podLabels` | Extra labels for ingester pods | `{}` | +| `querier.podAnnotations` | Annotations for ingester pods | `{}` | +| `querier.podAffinityPreset` | Pod affinity preset. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `querier.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `querier.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `querier.nodeAffinityPreset.key` | Node label key to match. Ignored if `querier.affinity` is set | `""` | +| `querier.nodeAffinityPreset.values` | Node label values to match. Ignored if `querier.affinity` is set | `[]` | +| `querier.affinity` | Affinity for Querier pods assignment | `{}` | +| `querier.nodeSelector` | Node labels for Querier pods assignment | `{}` | +| `querier.tolerations` | Tolerations for Querier pods assignment | `[]` | +| `querier.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `querier.priorityClassName` | Querier pods' priorityClassName | `""` | +| `querier.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `querier.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | +| `querier.updateStrategy.type` | Querier statefulset strategy type | `RollingUpdate` | +| `querier.updateStrategy.rollingUpdate` | Querier statefulset rolling update configuration parameters | `{}` | +| `querier.extraVolumes` | Optionally specify extra list of additional volumes for the Querier pod(s) | `[]` | +| `querier.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Querier container(s) | `[]` | +| `querier.sidecars` | Add additional sidecar containers to the Querier pod(s) | `[]` | +| `querier.initContainers` | Add additional init containers to the Querier pod(s) | `[]` | ### Querier Traffic Exposure Parameters @@ -855,172 +855,172 @@ The command removes all the Kubernetes components associated with the chart and ### Query Frontend Deployment Parameters -| Name | Description | Value | -| ----------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ---------------- | -| `queryFrontend.extraEnvVars` | Array with extra environment variables to add to ingester nodes | `[]` | -| `queryFrontend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ingester nodes | `""` | -| `queryFrontend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ingester nodes | `""` | -| `queryFrontend.command` | Override default container command (useful when using custom images) | `[]` | -| `queryFrontend.args` | Override default container args (useful when using custom images) | `[]` | -| `queryFrontend.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | -| `queryFrontend.replicaCount` | Number of Query Frontend replicas to deploy | `1` | -| `queryFrontend.livenessProbe.enabled` | Enable livenessProbe on Query Frontend nodes | `true` | -| `queryFrontend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `queryFrontend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `queryFrontend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `queryFrontend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `queryFrontend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `queryFrontend.readinessProbe.enabled` | Enable readinessProbe on Query Frontend nodes | `true` | -| `queryFrontend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `queryFrontend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `queryFrontend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `queryFrontend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `queryFrontend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `queryFrontend.startupProbe.enabled` | Enable startupProbe on Query Frontend containers | `false` | -| `queryFrontend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `queryFrontend.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `queryFrontend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `queryFrontend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `queryFrontend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `queryFrontend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `queryFrontend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `queryFrontend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `queryFrontend.resources.limits` | The resources limits for the ingester containers | `{}` | -| `queryFrontend.resources.requests` | The requested resources for the ingester containers | `{}` | -| `queryFrontend.podSecurityContext.enabled` | Enabled Query Frontend pods' Security Context | `true` | -| `queryFrontend.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `queryFrontend.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `queryFrontend.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `queryFrontend.podSecurityContext.fsGroup` | Set Query Frontend pod's Security Context fsGroup | `1001` | -| `queryFrontend.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `queryFrontend.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `queryFrontend.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `queryFrontend.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `queryFrontend.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `queryFrontend.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `queryFrontend.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `queryFrontend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `queryFrontend.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `queryFrontend.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | -| `queryFrontend.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `queryFrontend.hostAliases` | ingester pods host aliases | `[]` | -| `queryFrontend.podLabels` | Extra labels for ingester pods | `{}` | -| `queryFrontend.podAnnotations` | Annotations for ingester pods | `{}` | -| `queryFrontend.podAffinityPreset` | Pod affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `queryFrontend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `queryFrontend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `queryFrontend.nodeAffinityPreset.key` | Node label key to match. Ignored if `queryFrontend.affinity` is set | `""` | -| `queryFrontend.nodeAffinityPreset.values` | Node label values to match. Ignored if `queryFrontend.affinity` is set | `[]` | -| `queryFrontend.affinity` | Affinity for Query Frontend pods assignment | `{}` | -| `queryFrontend.nodeSelector` | Node labels for Query Frontend pods assignment | `{}` | -| `queryFrontend.tolerations` | Tolerations for Query Frontend pods assignment | `[]` | -| `queryFrontend.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `queryFrontend.priorityClassName` | Query Frontend pods' priorityClassName | `""` | -| `queryFrontend.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `queryFrontend.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | -| `queryFrontend.updateStrategy.type` | Query Frontend statefulset strategy type | `RollingUpdate` | -| `queryFrontend.updateStrategy.rollingUpdate` | Query Frontend statefulset rolling update configuration parameters | `{}` | -| `queryFrontend.extraVolumes` | Optionally specify extra list of additional volumes for the Query Frontend pod(s) | `[]` | -| `queryFrontend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Query Frontend container(s) | `[]` | -| `queryFrontend.sidecars` | Add additional sidecar containers to the Query Frontend pod(s) | `[]` | -| `queryFrontend.initContainers` | Add additional init containers to the Query Frontend pod(s) | `[]` | +| Name | Description | Value | +| ----------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `queryFrontend.extraEnvVars` | Array with extra environment variables to add to ingester nodes | `[]` | +| `queryFrontend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ingester nodes | `""` | +| `queryFrontend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ingester nodes | `""` | +| `queryFrontend.command` | Override default container command (useful when using custom images) | `[]` | +| `queryFrontend.args` | Override default container args (useful when using custom images) | `[]` | +| `queryFrontend.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | +| `queryFrontend.replicaCount` | Number of Query Frontend replicas to deploy | `1` | +| `queryFrontend.livenessProbe.enabled` | Enable livenessProbe on Query Frontend nodes | `true` | +| `queryFrontend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `queryFrontend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `queryFrontend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `queryFrontend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `queryFrontend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `queryFrontend.readinessProbe.enabled` | Enable readinessProbe on Query Frontend nodes | `true` | +| `queryFrontend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `queryFrontend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `queryFrontend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `queryFrontend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `queryFrontend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `queryFrontend.startupProbe.enabled` | Enable startupProbe on Query Frontend containers | `false` | +| `queryFrontend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `queryFrontend.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `queryFrontend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `queryFrontend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `queryFrontend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `queryFrontend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `queryFrontend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `queryFrontend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `queryFrontend.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if queryFrontend.resources is set (queryFrontend.resources is recommended for production). | `none` | +| `queryFrontend.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `queryFrontend.podSecurityContext.enabled` | Enabled Query Frontend pods' Security Context | `true` | +| `queryFrontend.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `queryFrontend.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `queryFrontend.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `queryFrontend.podSecurityContext.fsGroup` | Set Query Frontend pod's Security Context fsGroup | `1001` | +| `queryFrontend.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `queryFrontend.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `queryFrontend.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `queryFrontend.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `queryFrontend.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `queryFrontend.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `queryFrontend.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `queryFrontend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `queryFrontend.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `queryFrontend.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | +| `queryFrontend.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `queryFrontend.hostAliases` | ingester pods host aliases | `[]` | +| `queryFrontend.podLabels` | Extra labels for ingester pods | `{}` | +| `queryFrontend.podAnnotations` | Annotations for ingester pods | `{}` | +| `queryFrontend.podAffinityPreset` | Pod affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `queryFrontend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `queryFrontend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `queryFrontend.nodeAffinityPreset.key` | Node label key to match. Ignored if `queryFrontend.affinity` is set | `""` | +| `queryFrontend.nodeAffinityPreset.values` | Node label values to match. Ignored if `queryFrontend.affinity` is set | `[]` | +| `queryFrontend.affinity` | Affinity for Query Frontend pods assignment | `{}` | +| `queryFrontend.nodeSelector` | Node labels for Query Frontend pods assignment | `{}` | +| `queryFrontend.tolerations` | Tolerations for Query Frontend pods assignment | `[]` | +| `queryFrontend.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `queryFrontend.priorityClassName` | Query Frontend pods' priorityClassName | `""` | +| `queryFrontend.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `queryFrontend.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | +| `queryFrontend.updateStrategy.type` | Query Frontend statefulset strategy type | `RollingUpdate` | +| `queryFrontend.updateStrategy.rollingUpdate` | Query Frontend statefulset rolling update configuration parameters | `{}` | +| `queryFrontend.extraVolumes` | Optionally specify extra list of additional volumes for the Query Frontend pod(s) | `[]` | +| `queryFrontend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Query Frontend container(s) | `[]` | +| `queryFrontend.sidecars` | Add additional sidecar containers to the Query Frontend pod(s) | `[]` | +| `queryFrontend.initContainers` | Add additional init containers to the Query Frontend pod(s) | `[]` | ### Query Frontend Traffic Exposure Parameters -| Name | Description | Value | -| ------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------- | ---------------- | -| `queryFrontend.service.type` | Query Frontend service type | `ClusterIP` | -| `queryFrontend.service.ports.http` | Query Frontend HTTP service port | `8080` | -| `queryFrontend.service.ports.grpc` | Query Frontend GRPC service port | `9095` | -| `queryFrontend.service.nodePorts.http` | Node port for HTTP | `""` | -| `queryFrontend.service.nodePorts.grpc` | Node port for GRPC | `9095` | -| `queryFrontend.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | -| `queryFrontend.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | -| `queryFrontend.service.clusterIP` | Query Frontend service Cluster IP | `""` | -| `queryFrontend.service.loadBalancerIP` | Query Frontend service Load Balancer IP | `""` | -| `queryFrontend.service.loadBalancerSourceRanges` | Query Frontend service Load Balancer sources | `[]` | -| `queryFrontend.service.externalTrafficPolicy` | Query Frontend service external traffic policy | `Cluster` | -| `queryFrontend.service.annotations` | Additional custom annotations for Query Frontend service | `{}` | -| `queryFrontend.service.extraPorts` | Extra ports to expose in the Query Frontend service | `[]` | -| `queryFrontend.service.headless.annotations` | Annotations for the headless service. | `{}` | -| `queryFrontend.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | -| `queryFrontend.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `queryFrontend.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | -| `queryFrontend.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | -| `queryFrontend.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | -| `queryFrontend.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | -| `queryFrontend.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | -| `queryFrontend.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | -| `queryFrontend.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | -| `queryFrontend.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | -| `queryScheduler.enabled` | Enable query-scheduler deployment | `false` | -| `queryScheduler.extraEnvVars` | Array with extra environment variables to add to query-scheduler nodes | `[]` | -| `queryScheduler.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for query-scheduler nodes | `""` | -| `queryScheduler.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for query-scheduler nodes | `""` | -| `queryScheduler.command` | Override default container command (useful when using custom images) | `[]` | -| `queryScheduler.args` | Override default container args (useful when using custom images) | `[]` | -| `queryScheduler.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | -| `queryScheduler.replicaCount` | Number of Query Scheduler replicas to deploy | `1` | -| `queryScheduler.livenessProbe.enabled` | Enable livenessProbe on Query Scheduler nodes | `true` | -| `queryScheduler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | -| `queryScheduler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `queryScheduler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `queryScheduler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `queryScheduler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `queryScheduler.readinessProbe.enabled` | Enable readinessProbe on Query Scheduler nodes | `true` | -| `queryScheduler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | -| `queryScheduler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `queryScheduler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `queryScheduler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `queryScheduler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `queryScheduler.startupProbe.enabled` | Enable startupProbe on Query Scheduler containers | `false` | -| `queryScheduler.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `queryScheduler.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `queryScheduler.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `queryScheduler.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `queryScheduler.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `queryScheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `queryScheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `queryScheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `queryScheduler.resources.limits` | The resources limits for the query-scheduler containers | `{}` | -| `queryScheduler.resources.requests` | The requested resources for the query-scheduler containers | `{}` | -| `queryScheduler.podSecurityContext.enabled` | Enabled Query Scheduler pods' Security Context | `true` | -| `queryScheduler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `queryScheduler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `queryScheduler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `queryScheduler.podSecurityContext.fsGroup` | Set Query Scheduler pod's Security Context fsGroup | `1001` | -| `queryScheduler.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `queryScheduler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `queryScheduler.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `queryScheduler.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `queryScheduler.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `queryScheduler.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `queryScheduler.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `queryScheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `queryScheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `queryScheduler.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | -| `queryScheduler.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `queryScheduler.hostAliases` | ingester pods host aliases | `[]` | -| `queryScheduler.podLabels` | Extra labels for ingester pods | `{}` | -| `queryScheduler.podAnnotations` | Annotations for ingester pods | `{}` | -| `queryScheduler.podAffinityPreset` | Pod affinity preset. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `queryScheduler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `queryScheduler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `queryScheduler.nodeAffinityPreset.key` | Node label key to match. Ignored if `queryScheduler.affinity` is set | `""` | -| `queryScheduler.nodeAffinityPreset.values` | Node label values to match. Ignored if `queryScheduler.affinity` is set | `[]` | -| `queryScheduler.affinity` | Affinity for Query Scheduler pods assignment | `{}` | -| `queryScheduler.nodeSelector` | Node labels for Query Scheduler pods assignment | `{}` | -| `queryScheduler.tolerations` | Tolerations for Query Scheduler pods assignment | `[]` | -| `queryScheduler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `queryScheduler.priorityClassName` | Query Scheduler pods' priorityClassName | `""` | -| `queryScheduler.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `queryScheduler.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | -| `queryScheduler.updateStrategy.type` | Query Scheduler statefulset strategy type | `RollingUpdate` | -| `queryScheduler.updateStrategy.rollingUpdate` | Query Scheduler statefulset rolling update configuration parameters | `{}` | -| `queryScheduler.extraVolumes` | Optionally specify extra list of additional volumes for the Query Scheduler pod(s) | `[]` | -| `queryScheduler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Query Scheduler container(s) | `[]` | -| `queryScheduler.sidecars` | Add additional sidecar containers to the Query Scheduler pod(s) | `[]` | -| `queryScheduler.initContainers` | Add additional init containers to the Query Scheduler pod(s) | `[]` | +| Name | Description | Value | +| ------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `queryFrontend.service.type` | Query Frontend service type | `ClusterIP` | +| `queryFrontend.service.ports.http` | Query Frontend HTTP service port | `8080` | +| `queryFrontend.service.ports.grpc` | Query Frontend GRPC service port | `9095` | +| `queryFrontend.service.nodePorts.http` | Node port for HTTP | `""` | +| `queryFrontend.service.nodePorts.grpc` | Node port for GRPC | `9095` | +| `queryFrontend.service.sessionAffinityConfig` | Additional settings for the sessionAffinity | `{}` | +| `queryFrontend.service.sessionAffinity` | Control where client requests go, to the same pod or round-robin | `None` | +| `queryFrontend.service.clusterIP` | Query Frontend service Cluster IP | `""` | +| `queryFrontend.service.loadBalancerIP` | Query Frontend service Load Balancer IP | `""` | +| `queryFrontend.service.loadBalancerSourceRanges` | Query Frontend service Load Balancer sources | `[]` | +| `queryFrontend.service.externalTrafficPolicy` | Query Frontend service external traffic policy | `Cluster` | +| `queryFrontend.service.annotations` | Additional custom annotations for Query Frontend service | `{}` | +| `queryFrontend.service.extraPorts` | Extra ports to expose in the Query Frontend service | `[]` | +| `queryFrontend.service.headless.annotations` | Annotations for the headless service. | `{}` | +| `queryFrontend.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | +| `queryFrontend.networkPolicy.allowExternal` | Don't require server label for connections | `true` | +| `queryFrontend.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | +| `queryFrontend.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | +| `queryFrontend.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | +| `queryFrontend.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | +| `queryFrontend.networkPolicy.ingressNSPodMatchLabels` | Pod labels to match to allow traffic from other namespaces | `{}` | +| `queryFrontend.pdb.create` | Enable/disable a Pod Disruption Budget creation | `false` | +| `queryFrontend.pdb.minAvailable` | Minimum number/percentage of pods that should remain scheduled | `1` | +| `queryFrontend.pdb.maxUnavailable` | Maximum number/percentage of pods that may be made unavailable | `""` | +| `queryScheduler.enabled` | Enable query-scheduler deployment | `false` | +| `queryScheduler.extraEnvVars` | Array with extra environment variables to add to query-scheduler nodes | `[]` | +| `queryScheduler.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for query-scheduler nodes | `""` | +| `queryScheduler.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for query-scheduler nodes | `""` | +| `queryScheduler.command` | Override default container command (useful when using custom images) | `[]` | +| `queryScheduler.args` | Override default container args (useful when using custom images) | `[]` | +| `queryScheduler.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | +| `queryScheduler.replicaCount` | Number of Query Scheduler replicas to deploy | `1` | +| `queryScheduler.livenessProbe.enabled` | Enable livenessProbe on Query Scheduler nodes | `true` | +| `queryScheduler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `queryScheduler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `queryScheduler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `queryScheduler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `queryScheduler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `queryScheduler.readinessProbe.enabled` | Enable readinessProbe on Query Scheduler nodes | `true` | +| `queryScheduler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` | +| `queryScheduler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `queryScheduler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `queryScheduler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `queryScheduler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `queryScheduler.startupProbe.enabled` | Enable startupProbe on Query Scheduler containers | `false` | +| `queryScheduler.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `queryScheduler.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `queryScheduler.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `queryScheduler.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `queryScheduler.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `queryScheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `queryScheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `queryScheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `queryScheduler.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if queryScheduler.resources is set (queryScheduler.resources is recommended for production). | `none` | +| `queryScheduler.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `queryScheduler.podSecurityContext.enabled` | Enabled Query Scheduler pods' Security Context | `true` | +| `queryScheduler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `queryScheduler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `queryScheduler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `queryScheduler.podSecurityContext.fsGroup` | Set Query Scheduler pod's Security Context fsGroup | `1001` | +| `queryScheduler.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `queryScheduler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `queryScheduler.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `queryScheduler.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `queryScheduler.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `queryScheduler.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `queryScheduler.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `queryScheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `queryScheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `queryScheduler.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | +| `queryScheduler.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `queryScheduler.hostAliases` | ingester pods host aliases | `[]` | +| `queryScheduler.podLabels` | Extra labels for ingester pods | `{}` | +| `queryScheduler.podAnnotations` | Annotations for ingester pods | `{}` | +| `queryScheduler.podAffinityPreset` | Pod affinity preset. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `queryScheduler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `queryScheduler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `queryScheduler.nodeAffinityPreset.key` | Node label key to match. Ignored if `queryScheduler.affinity` is set | `""` | +| `queryScheduler.nodeAffinityPreset.values` | Node label values to match. Ignored if `queryScheduler.affinity` is set | `[]` | +| `queryScheduler.affinity` | Affinity for Query Scheduler pods assignment | `{}` | +| `queryScheduler.nodeSelector` | Node labels for Query Scheduler pods assignment | `{}` | +| `queryScheduler.tolerations` | Tolerations for Query Scheduler pods assignment | `[]` | +| `queryScheduler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `queryScheduler.priorityClassName` | Query Scheduler pods' priorityClassName | `""` | +| `queryScheduler.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `queryScheduler.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | +| `queryScheduler.updateStrategy.type` | Query Scheduler statefulset strategy type | `RollingUpdate` | +| `queryScheduler.updateStrategy.rollingUpdate` | Query Scheduler statefulset rolling update configuration parameters | `{}` | +| `queryScheduler.extraVolumes` | Optionally specify extra list of additional volumes for the Query Scheduler pod(s) | `[]` | +| `queryScheduler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Query Scheduler container(s) | `[]` | +| `queryScheduler.sidecars` | Add additional sidecar containers to the Query Scheduler pod(s) | `[]` | +| `queryScheduler.initContainers` | Add additional init containers to the Query Scheduler pod(s) | `[]` | ### Query Scheduler Traffic Exposure Parameters @@ -1053,84 +1053,84 @@ The command removes all the Kubernetes components associated with the chart and ### Store Gateway Deployment Parameters -| Name | Description | Value | -| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ------------------- | -| `storeGateway.extraEnvVars` | Array with extra environment variables to add to ingester nodes | `[]` | -| `storeGateway.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ingester nodes | `""` | -| `storeGateway.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ingester nodes | `""` | -| `storeGateway.command` | Override default container command (useful when using custom images) | `[]` | -| `storeGateway.args` | Override default container args (useful when using custom images) | `[]` | -| `storeGateway.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | -| `storeGateway.replicaCount` | Number of Store Gateway replicas to deploy | `1` | -| `storeGateway.podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `OrderedReady` | -| `storeGateway.livenessProbe.enabled` | Enable livenessProbe on Store Gateway nodes | `true` | -| `storeGateway.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `storeGateway.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `storeGateway.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `storeGateway.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `storeGateway.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `storeGateway.readinessProbe.enabled` | Enable readinessProbe on Store Gateway nodes | `true` | -| `storeGateway.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | -| `storeGateway.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `storeGateway.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `storeGateway.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `storeGateway.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `storeGateway.startupProbe.enabled` | Enable startupProbe on Store Gateway containers | `false` | -| `storeGateway.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `storeGateway.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `storeGateway.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `storeGateway.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `storeGateway.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `storeGateway.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `storeGateway.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `storeGateway.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `storeGateway.resources.limits` | The resources limits for the ingester containers | `{}` | -| `storeGateway.resources.requests` | The requested resources for the ingester containers | `{}` | -| `storeGateway.podSecurityContext.enabled` | Enabled Store Gateway pods' Security Context | `true` | -| `storeGateway.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `storeGateway.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `storeGateway.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `storeGateway.podSecurityContext.fsGroup` | Set Store Gateway pod's Security Context fsGroup | `1001` | -| `storeGateway.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `storeGateway.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `storeGateway.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `storeGateway.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `storeGateway.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `storeGateway.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `storeGateway.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `storeGateway.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `storeGateway.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `storeGateway.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | -| `storeGateway.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `storeGateway.hostAliases` | ingester pods host aliases | `[]` | -| `storeGateway.podLabels` | Extra labels for ingester pods | `{}` | -| `storeGateway.podAnnotations` | Annotations for ingester pods | `{}` | -| `storeGateway.podAffinityPreset` | Pod affinity preset. Ignored if `storeGateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `storeGateway.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `storeGateway.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `storeGateway.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `storeGateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `storeGateway.nodeAffinityPreset.key` | Node label key to match. Ignored if `storeGateway.affinity` is set | `""` | -| `storeGateway.nodeAffinityPreset.values` | Node label values to match. Ignored if `storeGateway.affinity` is set | `[]` | -| `storeGateway.affinity` | Affinity for Store Gateway pods assignment | `{}` | -| `storeGateway.nodeSelector` | Node labels for Store Gateway pods assignment | `{}` | -| `storeGateway.tolerations` | Tolerations for Store Gateway pods assignment | `[]` | -| `storeGateway.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `storeGateway.priorityClassName` | Store Gateway pods' priorityClassName | `""` | -| `storeGateway.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `storeGateway.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | -| `storeGateway.updateStrategy.type` | Store Gateway statefulset strategy type | `RollingUpdate` | -| `storeGateway.updateStrategy.rollingUpdate` | Store Gateway statefulset rolling update configuration parameters | `{}` | -| `storeGateway.extraVolumes` | Optionally specify extra list of additional volumes for the Store Gateway pod(s) | `[]` | -| `storeGateway.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Store Gateway container(s) | `[]` | -| `storeGateway.sidecars` | Add additional sidecar containers to the Store Gateway pod(s) | `[]` | -| `storeGateway.initContainers` | Add additional init containers to the Store Gateway pod(s) | `[]` | -| `storeGateway.persistence.enabled` | Enable persistence in Store Gateway instances | `true` | -| `storeGateway.persistence.existingClaim` | Name of an existing PVC to use | `""` | -| `storeGateway.persistence.storageClass` | PVC Storage Class for Store Gateway data volume | `""` | -| `storeGateway.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | -| `storeGateway.persistence.size` | PVC Storage Request for Store Gateway data volume | `8Gi` | -| `storeGateway.persistence.annotations` | Additional PVC annotations | `{}` | -| `storeGateway.persistence.selector` | Selector to match an existing Persistent Volume for Store Gateway's data PVC | `{}` | -| `storeGateway.persistence.dataSource` | PVC data source | `{}` | +| Name | Description | Value | +| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- | +| `storeGateway.extraEnvVars` | Array with extra environment variables to add to ingester nodes | `[]` | +| `storeGateway.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ingester nodes | `""` | +| `storeGateway.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ingester nodes | `""` | +| `storeGateway.command` | Override default container command (useful when using custom images) | `[]` | +| `storeGateway.args` | Override default container args (useful when using custom images) | `[]` | +| `storeGateway.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | +| `storeGateway.replicaCount` | Number of Store Gateway replicas to deploy | `1` | +| `storeGateway.podManagementPolicy` | Statefulset Pod management policy, it needs to be Parallel to be able to complete the cluster join | `OrderedReady` | +| `storeGateway.livenessProbe.enabled` | Enable livenessProbe on Store Gateway nodes | `true` | +| `storeGateway.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `storeGateway.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `storeGateway.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `storeGateway.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `storeGateway.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `storeGateway.readinessProbe.enabled` | Enable readinessProbe on Store Gateway nodes | `true` | +| `storeGateway.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | +| `storeGateway.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `storeGateway.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `storeGateway.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `storeGateway.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `storeGateway.startupProbe.enabled` | Enable startupProbe on Store Gateway containers | `false` | +| `storeGateway.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `storeGateway.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `storeGateway.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `storeGateway.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `storeGateway.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `storeGateway.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `storeGateway.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `storeGateway.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `storeGateway.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if storeGateway.resources is set (storeGateway.resources is recommended for production). | `none` | +| `storeGateway.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `storeGateway.podSecurityContext.enabled` | Enabled Store Gateway pods' Security Context | `true` | +| `storeGateway.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `storeGateway.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `storeGateway.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `storeGateway.podSecurityContext.fsGroup` | Set Store Gateway pod's Security Context fsGroup | `1001` | +| `storeGateway.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `storeGateway.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `storeGateway.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `storeGateway.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `storeGateway.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `storeGateway.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `storeGateway.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `storeGateway.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `storeGateway.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `storeGateway.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | +| `storeGateway.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `storeGateway.hostAliases` | ingester pods host aliases | `[]` | +| `storeGateway.podLabels` | Extra labels for ingester pods | `{}` | +| `storeGateway.podAnnotations` | Annotations for ingester pods | `{}` | +| `storeGateway.podAffinityPreset` | Pod affinity preset. Ignored if `storeGateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `storeGateway.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `storeGateway.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `storeGateway.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `storeGateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `storeGateway.nodeAffinityPreset.key` | Node label key to match. Ignored if `storeGateway.affinity` is set | `""` | +| `storeGateway.nodeAffinityPreset.values` | Node label values to match. Ignored if `storeGateway.affinity` is set | `[]` | +| `storeGateway.affinity` | Affinity for Store Gateway pods assignment | `{}` | +| `storeGateway.nodeSelector` | Node labels for Store Gateway pods assignment | `{}` | +| `storeGateway.tolerations` | Tolerations for Store Gateway pods assignment | `[]` | +| `storeGateway.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `storeGateway.priorityClassName` | Store Gateway pods' priorityClassName | `""` | +| `storeGateway.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `storeGateway.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | +| `storeGateway.updateStrategy.type` | Store Gateway statefulset strategy type | `RollingUpdate` | +| `storeGateway.updateStrategy.rollingUpdate` | Store Gateway statefulset rolling update configuration parameters | `{}` | +| `storeGateway.extraVolumes` | Optionally specify extra list of additional volumes for the Store Gateway pod(s) | `[]` | +| `storeGateway.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Store Gateway container(s) | `[]` | +| `storeGateway.sidecars` | Add additional sidecar containers to the Store Gateway pod(s) | `[]` | +| `storeGateway.initContainers` | Add additional init containers to the Store Gateway pod(s) | `[]` | +| `storeGateway.persistence.enabled` | Enable persistence in Store Gateway instances | `true` | +| `storeGateway.persistence.existingClaim` | Name of an existing PVC to use | `""` | +| `storeGateway.persistence.storageClass` | PVC Storage Class for Store Gateway data volume | `""` | +| `storeGateway.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | +| `storeGateway.persistence.size` | PVC Storage Request for Store Gateway data volume | `8Gi` | +| `storeGateway.persistence.annotations` | Additional PVC annotations | `{}` | +| `storeGateway.persistence.selector` | Selector to match an existing Persistent Volume for Store Gateway's data PVC | `{}` | +| `storeGateway.persistence.dataSource` | PVC data source | `{}` | ### Store Gateway Traffic Exposure Parameters @@ -1163,77 +1163,77 @@ The command removes all the Kubernetes components associated with the chart and ### Ruler Deployment Parameters -| Name | Description | Value | -| --------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | ---------------- | -| `ruler.enabled` | Deploy ruler component | `false` | -| `ruler.extraEnvVars` | Array with extra environment variables to add to ruler nodes | `[]` | -| `ruler.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ruler nodes | `""` | -| `ruler.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ruler nodes | `""` | -| `ruler.command` | Override default container command (useful when using custom images) | `[]` | -| `ruler.args` | Override default container args (useful when using custom images) | `[]` | -| `ruler.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | -| `ruler.podManagementPolicy` | podManagementPolicy to manage scaling operation | `""` | -| `ruler.replicaCount` | Number of Ruler replicas to deploy | `1` | -| `ruler.livenessProbe.enabled` | Enable livenessProbe on Ruler nodes | `true` | -| `ruler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `ruler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `ruler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `ruler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `ruler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `ruler.readinessProbe.enabled` | Enable readinessProbe on Ruler nodes | `true` | -| `ruler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `ruler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `ruler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `ruler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `ruler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `ruler.startupProbe.enabled` | Enable startupProbe on Ruler containers | `false` | -| `ruler.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `ruler.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `ruler.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `ruler.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `ruler.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `ruler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `ruler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `ruler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `ruler.lifecycleHooks` | for the ruler container(s) to automate configuration before or after startup | `{}` | -| `ruler.resources.limits` | The resources limits for the Ruler containers | `{}` | -| `ruler.resources.requests` | The requested resources for the Ruler containers | `{}` | -| `ruler.podSecurityContext.enabled` | Enabled Ruler pods' Security Context | `true` | -| `ruler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `ruler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `ruler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `ruler.podSecurityContext.fsGroup` | Set Ruler pod's Security Context fsGroup | `1001` | -| `ruler.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `ruler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `ruler.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `ruler.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `ruler.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `ruler.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `ruler.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `ruler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `ruler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `ruler.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `ruler.hostAliases` | ruler pods host aliases | `[]` | -| `ruler.podLabels` | Extra labels for ruler pods | `{}` | -| `ruler.podAnnotations` | Annotations for ruler pods | `{}` | -| `ruler.podAffinityPreset` | Pod affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ruler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `ruler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ruler.nodeAffinityPreset.key` | Node label key to match. Ignored if `ruler.affinity` is set | `""` | -| `ruler.nodeAffinityPreset.values` | Node label values to match. Ignored if `ruler.affinity` is set | `[]` | -| `ruler.affinity` | Affinity for ruler pods assignment | `{}` | -| `ruler.nodeSelector` | Node labels for Ruler pods assignment | `{}` | -| `ruler.tolerations` | Tolerations for Ruler pods assignment | `[]` | -| `ruler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `ruler.priorityClassName` | Ruler pods' priorityClassName | `""` | -| `ruler.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `ruler.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | -| `ruler.updateStrategy.type` | Ruler statefulset strategy type | `RollingUpdate` | -| `ruler.updateStrategy.rollingUpdate` | Ruler statefulset rolling update configuration parameters | `{}` | -| `ruler.extraVolumes` | Optionally specify extra list of additional volumes for the Ruler pod(s) | `[]` | -| `ruler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ruler container(s) | `[]` | -| `ruler.sidecars` | Add additional sidecar containers to the Ruler pod(s) | `[]` | -| `ruler.initContainers` | Add additional init containers to the Ruler pod(s) | `[]` | +| Name | Description | Value | +| --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `ruler.enabled` | Deploy ruler component | `false` | +| `ruler.extraEnvVars` | Array with extra environment variables to add to ruler nodes | `[]` | +| `ruler.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ruler nodes | `""` | +| `ruler.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ruler nodes | `""` | +| `ruler.command` | Override default container command (useful when using custom images) | `[]` | +| `ruler.args` | Override default container args (useful when using custom images) | `[]` | +| `ruler.extraArgs` | Add additional args to the default container args (useful to override configuration) | `[]` | +| `ruler.podManagementPolicy` | podManagementPolicy to manage scaling operation | `""` | +| `ruler.replicaCount` | Number of Ruler replicas to deploy | `1` | +| `ruler.livenessProbe.enabled` | Enable livenessProbe on Ruler nodes | `true` | +| `ruler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `ruler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `ruler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `ruler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `ruler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `ruler.readinessProbe.enabled` | Enable readinessProbe on Ruler nodes | `true` | +| `ruler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `ruler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `ruler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `ruler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `ruler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `ruler.startupProbe.enabled` | Enable startupProbe on Ruler containers | `false` | +| `ruler.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `ruler.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `ruler.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `ruler.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `ruler.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `ruler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `ruler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `ruler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `ruler.lifecycleHooks` | for the ruler container(s) to automate configuration before or after startup | `{}` | +| `ruler.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ruler.resources is set (ruler.resources is recommended for production). | `none` | +| `ruler.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `ruler.podSecurityContext.enabled` | Enabled Ruler pods' Security Context | `true` | +| `ruler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `ruler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `ruler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `ruler.podSecurityContext.fsGroup` | Set Ruler pod's Security Context fsGroup | `1001` | +| `ruler.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `ruler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `ruler.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `ruler.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `ruler.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `ruler.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `ruler.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `ruler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `ruler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `ruler.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `ruler.hostAliases` | ruler pods host aliases | `[]` | +| `ruler.podLabels` | Extra labels for ruler pods | `{}` | +| `ruler.podAnnotations` | Annotations for ruler pods | `{}` | +| `ruler.podAffinityPreset` | Pod affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `ruler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `ruler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `ruler.nodeAffinityPreset.key` | Node label key to match. Ignored if `ruler.affinity` is set | `""` | +| `ruler.nodeAffinityPreset.values` | Node label values to match. Ignored if `ruler.affinity` is set | `[]` | +| `ruler.affinity` | Affinity for ruler pods assignment | `{}` | +| `ruler.nodeSelector` | Node labels for Ruler pods assignment | `{}` | +| `ruler.tolerations` | Tolerations for Ruler pods assignment | `[]` | +| `ruler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `ruler.priorityClassName` | Ruler pods' priorityClassName | `""` | +| `ruler.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `ruler.terminationGracePeriodSeconds` | Seconds pod needs to terminate gracefully | `""` | +| `ruler.updateStrategy.type` | Ruler statefulset strategy type | `RollingUpdate` | +| `ruler.updateStrategy.rollingUpdate` | Ruler statefulset rolling update configuration parameters | `{}` | +| `ruler.extraVolumes` | Optionally specify extra list of additional volumes for the Ruler pod(s) | `[]` | +| `ruler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ruler container(s) | `[]` | +| `ruler.sidecars` | Add additional sidecar containers to the Ruler pod(s) | `[]` | +| `ruler.initContainers` | Add additional init containers to the Ruler pod(s) | `[]` | ### Ruler Persistence Parameters @@ -1278,17 +1278,17 @@ The command removes all the Kubernetes components associated with the chart and ### Init Container Parameters -| Name | Description | Value | -| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | -------------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | +| Name | Description | Value | +| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | ### Other Parameters @@ -1435,6 +1435,12 @@ Once the chart is installed the remote write endpoints for Prometheus or Grafana ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/grafana-mimir/templates/NOTES.txt b/bitnami/grafana-mimir/templates/NOTES.txt index 9fa59c4b7d9e58..561b8424e17116 100644 --- a/bitnami/grafana-mimir/templates/NOTES.txt +++ b/bitnami/grafana-mimir/templates/NOTES.txt @@ -151,3 +151,4 @@ From inside the cluster: {{- include "grafana-mimir.checkRollingTags" . }} {{- include "grafana-mimir.validateValues" . }} +{{- include "common.warnings.resources" (dict "sections" (list "alertmanager" "compactor" "distributor" "gateway" "ingester" "overridesExporter" "querier" "queryFrontend" "queryScheduler" "ruler" "storeGateway" "volumePermissions") "context" $) }} diff --git a/bitnami/grafana-mimir/templates/alertmanager/statefulset.yaml b/bitnami/grafana-mimir/templates/alertmanager/statefulset.yaml index e647ee5c2ed302..484732e8d37a07 100644 --- a/bitnami/grafana-mimir/templates/alertmanager/statefulset.yaml +++ b/bitnami/grafana-mimir/templates/alertmanager/statefulset.yaml @@ -96,6 +96,8 @@ spec: {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data @@ -153,6 +155,8 @@ spec: {{- end }} {{- if .Values.alertmanager.resources }} resources: {{- toYaml .Values.alertmanager.resources | nindent 12 }} + {{- else if ne .Values.alertmanager.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.alertmanager.resourcesPreset) | nindent 12 }} {{- end }} ports: - containerPort: {{ .Values.mimir.containerPorts.http }} diff --git a/bitnami/grafana-mimir/templates/compactor/statefulset.yaml b/bitnami/grafana-mimir/templates/compactor/statefulset.yaml index 3da80660ecbac6..f161ae56ec3a25 100644 --- a/bitnami/grafana-mimir/templates/compactor/statefulset.yaml +++ b/bitnami/grafana-mimir/templates/compactor/statefulset.yaml @@ -95,6 +95,8 @@ spec: {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data @@ -152,6 +154,8 @@ spec: {{- end }} {{- if .Values.compactor.resources }} resources: {{- toYaml .Values.compactor.resources | nindent 12 }} + {{- else if ne .Values.compactor.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.compactor.resourcesPreset) | nindent 12 }} {{- end }} ports: - name: http diff --git a/bitnami/grafana-mimir/templates/distributor/deployment.yaml b/bitnami/grafana-mimir/templates/distributor/deployment.yaml index db955f0ae6b542..e0e6ce3cb2563f 100644 --- a/bitnami/grafana-mimir/templates/distributor/deployment.yaml +++ b/bitnami/grafana-mimir/templates/distributor/deployment.yaml @@ -125,6 +125,8 @@ spec: {{- end }} {{- if .Values.distributor.resources }} resources: {{- toYaml .Values.distributor.resources | nindent 12 }} + {{- else if ne .Values.distributor.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.distributor.resourcesPreset) | nindent 12 }} {{- end }} ports: - containerPort: {{ .Values.mimir.containerPorts.http }} diff --git a/bitnami/grafana-mimir/templates/gateway/deployment.yaml b/bitnami/grafana-mimir/templates/gateway/deployment.yaml index cb858fabeab374..8627070f2cbf90 100644 --- a/bitnami/grafana-mimir/templates/gateway/deployment.yaml +++ b/bitnami/grafana-mimir/templates/gateway/deployment.yaml @@ -145,6 +145,8 @@ spec: {{- end }} {{- if .Values.gateway.resources }} resources: {{- toYaml .Values.gateway.resources | nindent 12 }} + {{- else if ne .Values.gateway.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.gateway.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: config diff --git a/bitnami/grafana-mimir/templates/ingester/statefulset.yaml b/bitnami/grafana-mimir/templates/ingester/statefulset.yaml index 61a660b52e3bef..dafa47a6b026ed 100644 --- a/bitnami/grafana-mimir/templates/ingester/statefulset.yaml +++ b/bitnami/grafana-mimir/templates/ingester/statefulset.yaml @@ -95,6 +95,8 @@ spec: {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data @@ -152,6 +154,8 @@ spec: {{- end }} {{- if .Values.ingester.resources }} resources: {{- toYaml .Values.ingester.resources | nindent 12 }} + {{- else if ne .Values.ingester.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.ingester.resourcesPreset) | nindent 12 }} {{- end }} ports: - name: http diff --git a/bitnami/grafana-mimir/templates/overrides-exporter/deployment.yaml b/bitnami/grafana-mimir/templates/overrides-exporter/deployment.yaml index 1c359ee0600467..3e6eebba82eb32 100644 --- a/bitnami/grafana-mimir/templates/overrides-exporter/deployment.yaml +++ b/bitnami/grafana-mimir/templates/overrides-exporter/deployment.yaml @@ -125,6 +125,8 @@ spec: {{- end }} {{- if .Values.overridesExporter.resources }} resources: {{- toYaml .Values.overridesExporter.resources | nindent 12 }} + {{- else if ne .Values.overridesExporter.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.overridesExporter.resourcesPreset) | nindent 12 }} {{- end }} ports: - containerPort: {{ .Values.mimir.containerPorts.http }} diff --git a/bitnami/grafana-mimir/templates/querier/deployment.yaml b/bitnami/grafana-mimir/templates/querier/deployment.yaml index f0a8c4df4d2ee5..07bfd1e25de753 100644 --- a/bitnami/grafana-mimir/templates/querier/deployment.yaml +++ b/bitnami/grafana-mimir/templates/querier/deployment.yaml @@ -125,6 +125,8 @@ spec: {{- end }} {{- if .Values.querier.resources }} resources: {{- toYaml .Values.querier.resources | nindent 12 }} + {{- else if ne .Values.querier.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.querier.resourcesPreset) | nindent 12 }} {{- end }} ports: - containerPort: {{ .Values.mimir.containerPorts.http }} diff --git a/bitnami/grafana-mimir/templates/query-frontend/deployment.yaml b/bitnami/grafana-mimir/templates/query-frontend/deployment.yaml index 0362a2d7507400..2de43c0c9249b6 100644 --- a/bitnami/grafana-mimir/templates/query-frontend/deployment.yaml +++ b/bitnami/grafana-mimir/templates/query-frontend/deployment.yaml @@ -124,6 +124,8 @@ spec: {{- end }} {{- if .Values.queryFrontend.resources }} resources: {{- toYaml .Values.queryFrontend.resources | nindent 12 }} + {{- else if ne .Values.queryFrontend.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.queryFrontend.resourcesPreset) | nindent 12 }} {{- end }} ports: - containerPort: {{ .Values.mimir.containerPorts.http }} diff --git a/bitnami/grafana-mimir/templates/query-scheduler/deployment.yaml b/bitnami/grafana-mimir/templates/query-scheduler/deployment.yaml index 1d82df1e29cadb..a346b67e2a0abc 100644 --- a/bitnami/grafana-mimir/templates/query-scheduler/deployment.yaml +++ b/bitnami/grafana-mimir/templates/query-scheduler/deployment.yaml @@ -112,6 +112,8 @@ spec: {{- end }} {{- if .Values.queryScheduler.resources }} resources: {{- toYaml .Values.queryScheduler.resources | nindent 12 }} + {{- else if ne .Values.queryScheduler.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.queryScheduler.resourcesPreset) | nindent 12 }} {{- end }} ports: - containerPort: {{ .Values.mimir.containerPorts.http }} diff --git a/bitnami/grafana-mimir/templates/ruler/deployment.yaml b/bitnami/grafana-mimir/templates/ruler/deployment.yaml index fdc34f77bef4ad..c1f0b17c4b2ad0 100644 --- a/bitnami/grafana-mimir/templates/ruler/deployment.yaml +++ b/bitnami/grafana-mimir/templates/ruler/deployment.yaml @@ -113,6 +113,8 @@ spec: {{- end }} {{- if .Values.ruler.resources }} resources: {{- toYaml .Values.ruler.resources | nindent 12 }} + {{- else if ne .Values.ruler.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.ruler.resourcesPreset) | nindent 12 }} {{- end }} ports: - containerPort: {{ .Values.mimir.containerPorts.http }} diff --git a/bitnami/grafana-mimir/templates/store-gateway/statefulset.yaml b/bitnami/grafana-mimir/templates/store-gateway/statefulset.yaml index a9b414bab2e424..8cb9cd68ab3c57 100644 --- a/bitnami/grafana-mimir/templates/store-gateway/statefulset.yaml +++ b/bitnami/grafana-mimir/templates/store-gateway/statefulset.yaml @@ -95,6 +95,8 @@ spec: {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data @@ -152,6 +154,8 @@ spec: {{- end }} {{- if .Values.storeGateway.resources }} resources: {{- toYaml .Values.storeGateway.resources | nindent 12 }} + {{- else if ne .Values.storeGateway.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.storeGateway.resourcesPreset) | nindent 12 }} {{- end }} ports: - name: http diff --git a/bitnami/grafana-mimir/values.yaml b/bitnami/grafana-mimir/values.yaml index ea33ffb83c55ab..e172c9eab01009 100644 --- a/bitnami/grafana-mimir/values.yaml +++ b/bitnami/grafana-mimir/values.yaml @@ -19,7 +19,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @@ -47,7 +46,6 @@ clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - ## Enable diagnostic mode in the deployment ## diagnosticMode: @@ -62,10 +60,8 @@ diagnosticMode: ## args: - infinity - ## @section Common Grafana Mimir Parameters ## - mimir: ## Bitnami Grafana Mimir image ## ref: https://hub.docker.com/r/bitnami/grafana-mimir/tags/ @@ -274,7 +270,6 @@ mimir: insecure: {{ not .Values.minio.tls.enabled }} {{- end }} {{- end }} - ## @param mimir.overrideConfiguration [object] Mimir components configuration override. Values defined here takes precedence over mimir.configuration ## e.g: ## overrideConfiguration: @@ -298,7 +293,6 @@ mimir: http: 8080 grpc: 9095 gossipRing: 7946 - ## Gossip Ring parameters ## gossipRing: @@ -328,8 +322,6 @@ mimir: blockStorage: backend: s3 config: {} - - ## @section Alertmanager Deployment Parameters ## alertmanager: @@ -422,12 +414,21 @@ alertmanager: customStartupProbe: {} ## alertmanager resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param alertmanager.resources.limits The resources limits for the alertmanager containers - ## @param alertmanager.resources.requests The requested resources for the alertmanager containers - ## - resources: - limits: {} - requests: {} + ## @param alertmanager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if alertmanager.resources is set (alertmanager.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param alertmanager.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param alertmanager.podSecurityContext.enabled Enabled Alertmanager pods' Security Context @@ -571,7 +572,6 @@ alertmanager: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## @@ -608,7 +608,6 @@ alertmanager: ## @param alertmanager.persistence.dataSource PVC data source ## dataSource: {} - ## @section Alertmanager Traffic Exposure Parameters ## @@ -624,7 +623,6 @@ alertmanager: ports: http: 8080 grpc: 9095 - ## Node ports to expose ## NOTE: choose port between <30000-32767> ## @param alertmanager.service.nodePorts.http Node port for HTTP @@ -757,7 +755,6 @@ alertmanager: blockStorage: backend: s3 config: {} - ## @section Compactor Deployment Parameters ## compactor: @@ -847,12 +844,21 @@ compactor: customStartupProbe: {} ## compactor resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param compactor.resources.limits The resources limits for the compactor containers - ## @param compactor.resources.requests The requested resources for the compactor containers - ## - resources: - limits: {} - requests: {} + ## @param compactor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if compactor.resources is set (compactor.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param compactor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param compactor.podSecurityContext.enabled Enabled Compactor pods' Security Context @@ -996,7 +1002,6 @@ compactor: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## @@ -1033,7 +1038,6 @@ compactor: ## @param compactor.persistence.dataSource PVC data source ## dataSource: {} - ## @section Compactor Traffic Exposure Parameters ## @@ -1049,7 +1053,6 @@ compactor: ports: http: 8080 grpc: 9095 - ## Node ports to expose ## NOTE: choose port between <30000-32767> ## @param compactor.service.nodePorts.http Node port for HTTP @@ -1160,7 +1163,6 @@ compactor: create: false minAvailable: 1 maxUnavailable: "" - ## @section Distributor Deployment Parameters ## distributor: @@ -1246,12 +1248,21 @@ distributor: customStartupProbe: {} ## Distributor resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param distributor.resources.limits The resources limits for the distributor containers - ## @param distributor.resources.requests The requested resources for the distributor containers - ## - resources: - limits: {} - requests: {} + ## @param distributor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if distributor.resources is set (distributor.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param distributor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param distributor.podSecurityContext.enabled Enabled Distributor pods' Security Context @@ -1395,7 +1406,6 @@ distributor: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Distributor Traffic Exposure Parameters ## @@ -1411,7 +1421,6 @@ distributor: ports: http: 8080 grpc: 9095 - ## Node ports to expose ## NOTE: choose port between <30000-32767> ## @param distributor.service.nodePorts.http Node port for HTTP @@ -1528,14 +1537,12 @@ distributor: create: false minAvailable: 1 maxUnavailable: "" - ## @section Gateway Deployment Parameters ## gateway: ## @param gateway.enabled Enable Gateway deployment ## enabled: true - ## Bitnami Nginx image ## ref: https://hub.docker.com/r/bitnami/grafana-nginx/tags/ ## @param gateway.image.registry [default: REGISTRY_NAME] Nginx image registry @@ -1565,7 +1572,6 @@ gateway: ## pullSecrets: [] debug: false - ## @param gateway.extraEnvVars Array with extra environment variables to add to gateway nodes ## e.g: ## extraEnvVars: @@ -1660,12 +1666,21 @@ gateway: http: 8080 ## gateway resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param gateway.resources.limits The resources limits for the gateway containers - ## @param gateway.resources.requests The requested resources for the gateway containers - ## - resources: - limits: {} - requests: {} + ## @param gateway.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if gateway.resources is set (gateway.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param gateway.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param gateway.podSecurityContext.enabled Enabled Gateway pods' Security Context @@ -1805,7 +1820,6 @@ gateway: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Gateway Traffic Exposure Parameters ## @@ -1917,7 +1931,6 @@ gateway: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## Configure the ingress resource that allows you to access the Mimir Gateway installation ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## @@ -2021,7 +2034,6 @@ gateway: create: false minAvailable: 1 maxUnavailable: "" - ## @section Ingester Deployment Parameters ## ingester: @@ -2111,12 +2123,21 @@ ingester: customStartupProbe: {} ## ingester resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param ingester.resources.limits The resources limits for the ingester containers - ## @param ingester.resources.requests The requested resources for the ingester containers - ## - resources: - limits: {} - requests: {} + ## @param ingester.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ingester.resources is set (ingester.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param ingester.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param ingester.podSecurityContext.enabled Enabled Ingester pods' Security Context @@ -2260,7 +2281,6 @@ ingester: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## @@ -2297,7 +2317,6 @@ ingester: ## @param ingester.persistence.dataSource PVC data source ## dataSource: {} - ## @section Ingester Traffic Exposure Parameters ## @@ -2313,7 +2332,6 @@ ingester: ports: http: 8080 grpc: 9095 - ## Node ports to expose ## NOTE: choose port between <30000-32767> ## @param ingester.service.nodePorts.http Node port for HTTP @@ -2430,7 +2448,6 @@ ingester: create: false minAvailable: 1 maxUnavailable: "" - # @section overrides-exporter Deployment Parameters ## overridesExporter: @@ -2519,12 +2536,21 @@ overridesExporter: customStartupProbe: {} ## overrides-exporter resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param overridesExporter.resources.limits The resources limits for the overrides-exporter containers - ## @param overridesExporter.resources.requests The requested resources for the overrides-exporter containers - ## - resources: - limits: {} - requests: {} + ## @param overridesExporter.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if overridesExporter.resources is set (overridesExporter.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param overridesExporter.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param overridesExporter.podSecurityContext.enabled Enabled Overrides Exporter pods' Security Context @@ -2668,7 +2694,6 @@ overridesExporter: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Overrides Exporter Traffic Exposure Parameters ## @@ -2684,7 +2709,6 @@ overridesExporter: ports: http: 8080 grpc: 9095 - ## Node ports to expose ## NOTE: choose port between <30000-32767> ## @param overridesExporter.service.nodePorts.http Node port for HTTP @@ -2801,7 +2825,6 @@ overridesExporter: create: false minAvailable: 1 maxUnavailable: "" - ## @section Querier Deployment Parameters ## querier: @@ -2887,12 +2910,21 @@ querier: customStartupProbe: {} ## querier resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param querier.resources.limits The resources limits for the querier containers - ## @param querier.resources.requests The requested resources for the querier containers - ## - resources: - limits: {} - requests: {} + ## @param querier.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if querier.resources is set (querier.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param querier.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param querier.podSecurityContext.enabled Enabled Querier pods' Security Context @@ -3036,7 +3068,6 @@ querier: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Querier Traffic Exposure Parameters ## @@ -3052,7 +3083,6 @@ querier: ports: http: 8080 grpc: 9095 - ## Node ports to expose ## NOTE: choose port between <30000-32767> ## @param querier.service.nodePorts.http Node port for HTTP @@ -3169,7 +3199,6 @@ querier: create: false minAvailable: 1 maxUnavailable: "" - ## @section Query Frontend Deployment Parameters ## queryFrontend: @@ -3255,12 +3284,21 @@ queryFrontend: customStartupProbe: {} ## ingester resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param queryFrontend.resources.limits The resources limits for the ingester containers - ## @param queryFrontend.resources.requests The requested resources for the ingester containers - ## - resources: - limits: {} - requests: {} + ## @param queryFrontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if queryFrontend.resources is set (queryFrontend.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param queryFrontend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param queryFrontend.podSecurityContext.enabled Enabled Query Frontend pods' Security Context @@ -3404,7 +3442,6 @@ queryFrontend: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Query Frontend Traffic Exposure Parameters ## @@ -3420,7 +3457,6 @@ queryFrontend: ports: http: 8080 grpc: 9095 - ## Node ports to expose ## NOTE: choose port between <30000-32767> ## @param queryFrontend.service.nodePorts.http Node port for HTTP @@ -3537,7 +3573,6 @@ queryFrontend: create: false minAvailable: 1 maxUnavailable: "" - # @section query-scheduler Deployment Parameters ## queryScheduler: @@ -3626,12 +3661,21 @@ queryScheduler: customStartupProbe: {} ## query-scheduler resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param queryScheduler.resources.limits The resources limits for the query-scheduler containers - ## @param queryScheduler.resources.requests The requested resources for the query-scheduler containers - ## - resources: - limits: {} - requests: {} + ## @param queryScheduler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if queryScheduler.resources is set (queryScheduler.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param queryScheduler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param queryScheduler.podSecurityContext.enabled Enabled Query Scheduler pods' Security Context @@ -3775,7 +3819,6 @@ queryScheduler: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Query Scheduler Traffic Exposure Parameters ## @@ -3791,7 +3834,6 @@ queryScheduler: ports: http: 8080 grpc: 9095 - ## Node ports to expose ## NOTE: choose port between <30000-32767> ## @param queryScheduler.service.nodePorts.http Node port for HTTP @@ -3908,7 +3950,6 @@ queryScheduler: create: false minAvailable: 1 maxUnavailable: "" - ## @section Store Gateway Deployment Parameters ## storeGateway: @@ -3998,12 +4039,21 @@ storeGateway: customStartupProbe: {} ## ingester resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param storeGateway.resources.limits The resources limits for the ingester containers - ## @param storeGateway.resources.requests The requested resources for the ingester containers - ## - resources: - limits: {} - requests: {} + ## @param storeGateway.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if storeGateway.resources is set (storeGateway.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param storeGateway.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param storeGateway.podSecurityContext.enabled Enabled Store Gateway pods' Security Context @@ -4147,7 +4197,6 @@ storeGateway: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## @@ -4187,7 +4236,6 @@ storeGateway: ## @param storeGateway.persistence.dataSource PVC data source ## dataSource: {} - ## @section Store Gateway Traffic Exposure Parameters ## @@ -4203,7 +4251,6 @@ storeGateway: ports: http: 8080 grpc: 9095 - ## Node ports to expose ## NOTE: choose port between <30000-32767> ## @param storeGateway.service.nodePorts.http Node port for HTTP @@ -4320,7 +4367,6 @@ storeGateway: create: false minAvailable: 1 maxUnavailable: "" - ## @section Ruler Deployment Parameters ## ruler: @@ -4416,12 +4462,21 @@ ruler: lifecycleHooks: {} ## ruler resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param ruler.resources.limits The resources limits for the Ruler containers - ## @param ruler.resources.requests The requested resources for the Ruler containers - ## - resources: - limits: {} - requests: {} + ## @param ruler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ruler.resources is set (ruler.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param ruler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param ruler.podSecurityContext.enabled Enabled Ruler pods' Security Context @@ -4562,7 +4617,6 @@ ruler: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Ruler Persistence Parameters ## @@ -4599,7 +4653,6 @@ ruler: ## app: my-app ## selector: {} - ## @section Ruler Traffic Exposure Parameters ## @@ -4741,8 +4794,6 @@ ruler: blockStorage: backend: s3 config: {} - - ## @section Init Container Parameters ## @@ -4777,12 +4828,21 @@ volumePermissions: pullSecrets: [] ## Init container's resource requests and limits ## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param volumePermissions.resources.limits The resources limits for the init container - ## @param volumePermissions.resources.requests The requested resources for the init container - ## - resources: - limits: {} - requests: {} + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Init container Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container @@ -4794,7 +4854,6 @@ volumePermissions: containerSecurityContext: seLinuxOptions: null runAsUser: 0 - ## @section Other Parameters ## @@ -4816,7 +4875,6 @@ rbac: ## - list ## rules: [] - ## ServiceAccount configuration ## serviceAccount: @@ -4833,7 +4891,6 @@ serviceAccount: ## @param serviceAccount.automountServiceAccountToken Automount service account token for the server service account ## automountServiceAccountToken: false - ## Prometheus metrics ## metrics: @@ -4885,7 +4942,6 @@ metrics: ## prometheus: my-prometheus ## selector: {} - # @section MinIO® chart parameters ## @extra minio For full list of MinIO® values configurations please refere [here](https://github.com/bitnami/charts/tree/main/bitnami/minio) ## @@ -4909,7 +4965,6 @@ minio: ## @param minio.defaultBuckets Comma, semi-colon or space separated list of MinIO® buckets to create ## defaultBuckets: "mimir, ruler, alertmanager" - ## @param minio.provisioning.enabled Enable/disable MinIO® provisioning job ## @param minio.provisioning.extraCommands Extra commands to run on MinIO® provisioning job ## @@ -4920,7 +4975,6 @@ minio: - "mc anonymous set download provisioning/mimir" - "mc anonymous set download provisioning/ruler" - "mc anonymous set download provisioning/alertmanager" - ## @param minio.tls.enabled Enable/disable MinIO® TLS support ## tls: @@ -4934,7 +4988,6 @@ minio: loadBalancerIP: "" ports: api: 80 - ## @section External Memcached (Chunks) Parameters ## externalMemcachedChunks: @@ -4944,7 +4997,6 @@ externalMemcachedChunks: ## @param externalMemcachedChunks.port Port of a running external memcached instance ## port: 11211 - ## @section Memcached Sub-chart Parameters (Chunks) ## Memcached sub-chart (Chunks) ## @@ -4975,7 +5027,6 @@ memcachedchunks: service: ports: memcached: 11211 - ## @section External Memcached (Frontend) Parameters ## externalMemcachedFrontend: @@ -4985,7 +5036,6 @@ externalMemcachedFrontend: ## @param externalMemcachedFrontend.port Port of a running external memcached instance ## port: 11211 - ## @section Memcached Sub-chart Parameters (Frontend) ## Memcached sub-chart (Frontend) ## @@ -5016,7 +5066,6 @@ memcachedfrontend: service: ports: memcached: 11211 - ## @section External Memcached (Index) Parameters ## externalMemcachedIndex: @@ -5026,7 +5075,6 @@ externalMemcachedIndex: ## @param externalMemcachedIndex.port Port of a running external memcached instance ## port: 11211 - ## @section Memcached Sub-chart Parameters (Index) ## Memcached sub-chart (Index) ## @@ -5034,7 +5082,6 @@ memcachedindex: ## @param memcachedindex.enabled Deploy memcached sub-chart ## enabled: true - ## Bitnami Memcached image version ## ref: https://hub.docker.com/r/bitnami/memcached/tags/ ## @param memcachedindex.image.registry [default: REGISTRY_NAME] Memcached image registry @@ -5058,7 +5105,6 @@ memcachedindex: service: ports: memcached: 11211 - ## @section External Memcached (Metadata) Parameters ## externalMemcachedMetadata: @@ -5068,7 +5114,6 @@ externalMemcachedMetadata: ## @param externalMemcachedMetadata.port Port of a running external memcached instance ## port: 11211 - ## @section Memcached Sub-chart Parameters (Metadata) ## Memcached sub-chart (Metadata) ## From b03da4d3d3c700815be1619b05e6af141d260488 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 14:23:52 +0100 Subject: [PATCH 016/129] [bitnami/grafana-loki] feat: :sparkles: :lock: Add resource preset support (#23455) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [bitnami/grafana-loki] feat: :sparkles: :lock: Add resource preset support Signed-off-by: Javier Salmeron Garcia * Update bitnami/grafana-loki/Chart.yaml Co-authored-by: Celia Garcia <61272496+CeliaGMqrz@users.noreply.github.com> Signed-off-by: Javier J. Salmerón-García --------- Signed-off-by: Javier Salmeron Garcia Signed-off-by: Javier J. Salmerón-García Co-authored-by: Celia Garcia <61272496+CeliaGMqrz@users.noreply.github.com> --- bitnami/grafana-loki/Chart.lock | 6 +- bitnami/grafana-loki/Chart.yaml | 2 +- bitnami/grafana-loki/README.md | 1606 +++++++++-------- bitnami/grafana-loki/templates/NOTES.txt | 1 + .../templates/compactor/deployment.yaml | 2 + .../templates/distributor/deployment.yaml | 2 + .../templates/gateway/deployment.yaml | 2 + .../templates/index-gateway/statefulset.yaml | 2 + .../templates/ingester/statefulset.yaml | 4 + .../templates/promtail/daemonset.yaml | 2 + .../templates/querier/statefulset.yaml | 4 + .../templates/query-frontend/deployment.yaml | 2 + .../templates/query-scheduler/deployment.yaml | 2 + .../templates/ruler/statefulset.yaml | 4 + .../templates/table-manager/deployment.yaml | 2 + bitnami/grafana-loki/values.yaml | 306 ++-- 16 files changed, 1019 insertions(+), 930 deletions(-) diff --git a/bitnami/grafana-loki/Chart.lock b/bitnami/grafana-loki/Chart.lock index 8ebe06393d8ad7..e92b5d7ad07dbc 100644 --- a/bitnami/grafana-loki/Chart.lock +++ b/bitnami/grafana-loki/Chart.lock @@ -13,6 +13,6 @@ dependencies: version: 6.10.1 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:c54ffaaf5263040ab91cf155d5d8f4101d952b1dfa2885e5c927a61ff6c45d22 -generated: "2024-02-07T10:46:45.413001837Z" + version: 2.15.3 +digest: sha256:7f3b9418b065d11dd005bf462d99189c73958be628bdc75d02020964b43f611a +generated: "2024-02-14T14:58:03.988308727+01:00" diff --git a/bitnami/grafana-loki/Chart.yaml b/bitnami/grafana-loki/Chart.yaml index 7f06cf2159fae6..28b65937b4d91d 100644 --- a/bitnami/grafana-loki/Chart.yaml +++ b/bitnami/grafana-loki/Chart.yaml @@ -57,4 +57,4 @@ maintainers: name: grafana-loki sources: - https://github.com/bitnami/charts/tree/main/bitnami/grafana-loki -version: 2.16.0 +version: 2.17.0 diff --git a/bitnami/grafana-loki/README.md b/bitnami/grafana-loki/README.md index 6c700ee3a0da0b..bf53634c5e789c 100644 --- a/bitnami/grafana-loki/README.md +++ b/bitnami/grafana-loki/README.md @@ -100,83 +100,83 @@ The command removes all the Kubernetes components associated with the chart and ### Compactor Deployment Parameters -| Name | Description | Value | -| ------------------------------------------------------------- | --------------------------------------------------------------------------------------------------- | ------------------- | -| `compactor.enabled` | Enable Compactor deployment | `true` | -| `compactor.extraEnvVars` | Array with extra environment variables to add to compactor nodes | `[]` | -| `compactor.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for compactor nodes | `""` | -| `compactor.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for compactor nodes | `""` | -| `compactor.command` | Override default container command (useful when using custom images) | `[]` | -| `compactor.args` | Override default container args (useful when using custom images) | `[]` | -| `compactor.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `compactor.replicaCount` | Number of Compactor replicas to deploy | `1` | -| `compactor.livenessProbe.enabled` | Enable livenessProbe on Compactor nodes | `true` | -| `compactor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `compactor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `compactor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `compactor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `compactor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `compactor.readinessProbe.enabled` | Enable readinessProbe on Compactor nodes | `true` | -| `compactor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | -| `compactor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `compactor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `compactor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `compactor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `compactor.startupProbe.enabled` | Enable startupProbe on Compactor containers | `false` | -| `compactor.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `compactor.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `compactor.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `compactor.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `compactor.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `compactor.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `compactor.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `compactor.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `compactor.resources.limits` | The resources limits for the compactor containers | `{}` | -| `compactor.resources.requests` | The requested resources for the compactor containers | `{}` | -| `compactor.podSecurityContext.enabled` | Enabled Compactor pods' Security Context | `true` | -| `compactor.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `compactor.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `compactor.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `compactor.podSecurityContext.fsGroup` | Set Compactor pod's Security Context fsGroup | `1001` | -| `compactor.containerSecurityContext.enabled` | Enable containers' Security Context | `true` | -| `compactor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `compactor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `compactor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `compactor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `compactor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `compactor.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `compactor.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `compactor.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `compactor.lifecycleHooks` | for the compactor container(s) to automate configuration before or after startup | `{}` | -| `compactor.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `compactor.hostAliases` | compactor pods host aliases | `[]` | -| `compactor.podLabels` | Extra labels for compactor pods | `{}` | -| `compactor.podAnnotations` | Annotations for compactor pods | `{}` | -| `compactor.podAffinityPreset` | Pod affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `compactor.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `compactor.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `compactor.nodeAffinityPreset.key` | Node label key to match. Ignored if `compactor.affinity` is set | `""` | -| `compactor.nodeAffinityPreset.values` | Node label values to match. Ignored if `compactor.affinity` is set | `[]` | -| `compactor.affinity` | Affinity for Compactor pods assignment | `{}` | -| `compactor.nodeSelector` | Node labels for Compactor pods assignment | `{}` | -| `compactor.tolerations` | Tolerations for Compactor pods assignment | `[]` | -| `compactor.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `compactor.priorityClassName` | Compactor pods' priorityClassName | `""` | -| `compactor.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `compactor.updateStrategy.type` | Compactor statefulset strategy type | `RollingUpdate` | -| `compactor.updateStrategy.rollingUpdate` | Compactor statefulset rolling update configuration parameters | `nil` | -| `compactor.extraVolumes` | Optionally specify extra list of additional volumes for the Compactor pod(s) | `[]` | -| `compactor.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Compactor container(s) | `[]` | -| `compactor.sidecars` | Add additional sidecar containers to the Compactor pod(s) | `[]` | -| `compactor.initContainers` | Add additional init containers to the Compactor pod(s) | `[]` | -| `compactor.persistence.enabled` | Enable persistence in Compactor instances | `true` | -| `compactor.persistence.existingClaim` | Name of an existing PVC to use | `""` | -| `compactor.persistence.storageClass` | PVC Storage Class for Memcached data volume | `""` | -| `compactor.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | -| `compactor.persistence.size` | PVC Storage Request for Memcached data volume | `8Gi` | -| `compactor.persistence.annotations` | Additional PVC annotations | `{}` | -| `compactor.persistence.selector` | Selector to match an existing Persistent Volume for Compactor's data PVC | `{}` | -| `compactor.persistence.dataSource` | PVC data source | `{}` | +| Name | Description | Value | +| ------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------- | +| `compactor.enabled` | Enable Compactor deployment | `true` | +| `compactor.extraEnvVars` | Array with extra environment variables to add to compactor nodes | `[]` | +| `compactor.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for compactor nodes | `""` | +| `compactor.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for compactor nodes | `""` | +| `compactor.command` | Override default container command (useful when using custom images) | `[]` | +| `compactor.args` | Override default container args (useful when using custom images) | `[]` | +| `compactor.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | +| `compactor.replicaCount` | Number of Compactor replicas to deploy | `1` | +| `compactor.livenessProbe.enabled` | Enable livenessProbe on Compactor nodes | `true` | +| `compactor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `compactor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `compactor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `compactor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `compactor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `compactor.readinessProbe.enabled` | Enable readinessProbe on Compactor nodes | `true` | +| `compactor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | +| `compactor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `compactor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `compactor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `compactor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `compactor.startupProbe.enabled` | Enable startupProbe on Compactor containers | `false` | +| `compactor.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `compactor.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `compactor.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `compactor.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `compactor.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `compactor.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `compactor.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `compactor.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `compactor.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if compactor.resources is set (compactor.resources is recommended for production). | `none` | +| `compactor.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `compactor.podSecurityContext.enabled` | Enabled Compactor pods' Security Context | `true` | +| `compactor.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `compactor.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `compactor.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `compactor.podSecurityContext.fsGroup` | Set Compactor pod's Security Context fsGroup | `1001` | +| `compactor.containerSecurityContext.enabled` | Enable containers' Security Context | `true` | +| `compactor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `compactor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `compactor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `compactor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `compactor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `compactor.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `compactor.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `compactor.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `compactor.lifecycleHooks` | for the compactor container(s) to automate configuration before or after startup | `{}` | +| `compactor.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `compactor.hostAliases` | compactor pods host aliases | `[]` | +| `compactor.podLabels` | Extra labels for compactor pods | `{}` | +| `compactor.podAnnotations` | Annotations for compactor pods | `{}` | +| `compactor.podAffinityPreset` | Pod affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `compactor.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `compactor.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `compactor.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `compactor.nodeAffinityPreset.key` | Node label key to match. Ignored if `compactor.affinity` is set | `""` | +| `compactor.nodeAffinityPreset.values` | Node label values to match. Ignored if `compactor.affinity` is set | `[]` | +| `compactor.affinity` | Affinity for Compactor pods assignment | `{}` | +| `compactor.nodeSelector` | Node labels for Compactor pods assignment | `{}` | +| `compactor.tolerations` | Tolerations for Compactor pods assignment | `[]` | +| `compactor.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `compactor.priorityClassName` | Compactor pods' priorityClassName | `""` | +| `compactor.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `compactor.updateStrategy.type` | Compactor statefulset strategy type | `RollingUpdate` | +| `compactor.updateStrategy.rollingUpdate` | Compactor statefulset rolling update configuration parameters | `nil` | +| `compactor.extraVolumes` | Optionally specify extra list of additional volumes for the Compactor pod(s) | `[]` | +| `compactor.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Compactor container(s) | `[]` | +| `compactor.sidecars` | Add additional sidecar containers to the Compactor pod(s) | `[]` | +| `compactor.initContainers` | Add additional init containers to the Compactor pod(s) | `[]` | +| `compactor.persistence.enabled` | Enable persistence in Compactor instances | `true` | +| `compactor.persistence.existingClaim` | Name of an existing PVC to use | `""` | +| `compactor.persistence.storageClass` | PVC Storage Class for Memcached data volume | `""` | +| `compactor.persistence.accessModes` | PVC Access modes | `["ReadWriteOnce"]` | +| `compactor.persistence.size` | PVC Storage Request for Memcached data volume | `8Gi` | +| `compactor.persistence.annotations` | Additional PVC annotations | `{}` | +| `compactor.persistence.selector` | Selector to match an existing Persistent Volume for Compactor's data PVC | `{}` | +| `compactor.persistence.dataSource` | PVC data source | `{}` | ### Compactor Traffic Exposure Parameters @@ -203,87 +203,87 @@ The command removes all the Kubernetes components associated with the chart and ### Gateway Deployment Parameters -| Name | Description | Value | -| ----------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ----------------------- | -| `gateway.enabled` | Enable Gateway deployment | `true` | -| `gateway.image.registry` | Nginx image registry | `REGISTRY_NAME` | -| `gateway.image.repository` | Nginx image repository | `REPOSITORY_NAME/nginx` | -| `gateway.image.digest` | Nginx image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `gateway.image.pullPolicy` | Nginx image pull policy | `IfNotPresent` | -| `gateway.image.pullSecrets` | Nginx image pull secrets | `[]` | -| `gateway.image.debug` | Enable debugging in the initialization process | `false` | -| `gateway.extraEnvVars` | Array with extra environment variables to add to gateway nodes | `[]` | -| `gateway.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for gateway nodes | `""` | -| `gateway.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for gateway nodes | `""` | -| `gateway.command` | Override default container command (useful when using custom images) | `[]` | -| `gateway.args` | Override default container args (useful when using custom images) | `[]` | -| `gateway.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `gateway.verboseLogging` | Show the gateway access_log | `false` | -| `gateway.replicaCount` | Number of Gateway replicas to deploy | `1` | -| `gateway.auth.enabled` | Enable basic auth | `false` | -| `gateway.auth.username` | Basic auth username | `user` | -| `gateway.auth.password` | Basic auth password | `""` | -| `gateway.auth.existingSecret` | Name of a secret containing the Basic auth password | `""` | -| `gateway.livenessProbe.enabled` | Enable livenessProbe on Gateway nodes | `true` | -| `gateway.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `gateway.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `gateway.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `gateway.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `gateway.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `gateway.readinessProbe.enabled` | Enable readinessProbe on Gateway nodes | `true` | -| `gateway.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `gateway.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `gateway.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `gateway.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `gateway.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `gateway.startupProbe.enabled` | Enable startupProbe on Gateway containers | `false` | -| `gateway.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | -| `gateway.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `gateway.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `gateway.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `gateway.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `gateway.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `gateway.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `gateway.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `gateway.containerPorts.http` | Gateway HTTP port | `8080` | -| `gateway.resources.limits` | The resources limits for the gateway containers | `{}` | -| `gateway.resources.requests` | The requested resources for the gateway containers | `{}` | -| `gateway.podSecurityContext.enabled` | Enabled Gateway pods' Security Context | `true` | -| `gateway.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `gateway.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `gateway.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `gateway.podSecurityContext.fsGroup` | Set Gateway pod's Security Context fsGroup | `1001` | -| `gateway.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `gateway.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `gateway.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `gateway.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `gateway.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `gateway.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `gateway.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `gateway.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `gateway.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `gateway.lifecycleHooks` | for the gateway container(s) to automate configuration before or after startup | `{}` | -| `gateway.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `gateway.hostAliases` | gateway pods host aliases | `[]` | -| `gateway.podLabels` | Extra labels for gateway pods | `{}` | -| `gateway.podAnnotations` | Annotations for gateway pods | `{}` | -| `gateway.podAffinityPreset` | Pod affinity preset. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `gateway.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `gateway.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `gateway.nodeAffinityPreset.key` | Node label key to match. Ignored if `gateway.affinity` is set | `""` | -| `gateway.nodeAffinityPreset.values` | Node label values to match. Ignored if `gateway.affinity` is set | `[]` | -| `gateway.affinity` | Affinity for Gateway pods assignment | `{}` | -| `gateway.nodeSelector` | Node labels for Gateway pods assignment | `{}` | -| `gateway.tolerations` | Tolerations for Gateway pods assignment | `[]` | -| `gateway.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `gateway.priorityClassName` | Gateway pods' priorityClassName | `""` | -| `gateway.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `gateway.updateStrategy.type` | Gateway statefulset strategy type | `RollingUpdate` | -| `gateway.updateStrategy.rollingUpdate` | Gateway statefulset rolling update configuration parameters | `nil` | -| `gateway.extraVolumes` | Optionally specify extra list of additional volumes for the Gateway pod(s) | `[]` | -| `gateway.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Gateway container(s) | `[]` | -| `gateway.sidecars` | Add additional sidecar containers to the Gateway pod(s) | `[]` | -| `gateway.initContainers` | Add additional init containers to the Gateway pod(s) | `[]` | +| Name | Description | Value | +| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------- | +| `gateway.enabled` | Enable Gateway deployment | `true` | +| `gateway.image.registry` | Nginx image registry | `REGISTRY_NAME` | +| `gateway.image.repository` | Nginx image repository | `REPOSITORY_NAME/nginx` | +| `gateway.image.digest` | Nginx image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `gateway.image.pullPolicy` | Nginx image pull policy | `IfNotPresent` | +| `gateway.image.pullSecrets` | Nginx image pull secrets | `[]` | +| `gateway.image.debug` | Enable debugging in the initialization process | `false` | +| `gateway.extraEnvVars` | Array with extra environment variables to add to gateway nodes | `[]` | +| `gateway.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for gateway nodes | `""` | +| `gateway.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for gateway nodes | `""` | +| `gateway.command` | Override default container command (useful when using custom images) | `[]` | +| `gateway.args` | Override default container args (useful when using custom images) | `[]` | +| `gateway.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | +| `gateway.verboseLogging` | Show the gateway access_log | `false` | +| `gateway.replicaCount` | Number of Gateway replicas to deploy | `1` | +| `gateway.auth.enabled` | Enable basic auth | `false` | +| `gateway.auth.username` | Basic auth username | `user` | +| `gateway.auth.password` | Basic auth password | `""` | +| `gateway.auth.existingSecret` | Name of a secret containing the Basic auth password | `""` | +| `gateway.livenessProbe.enabled` | Enable livenessProbe on Gateway nodes | `true` | +| `gateway.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `gateway.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `gateway.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `gateway.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `gateway.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `gateway.readinessProbe.enabled` | Enable readinessProbe on Gateway nodes | `true` | +| `gateway.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `gateway.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `gateway.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `gateway.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `gateway.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `gateway.startupProbe.enabled` | Enable startupProbe on Gateway containers | `false` | +| `gateway.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `10` | +| `gateway.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `gateway.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `gateway.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `gateway.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `gateway.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `gateway.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `gateway.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `gateway.containerPorts.http` | Gateway HTTP port | `8080` | +| `gateway.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if gateway.resources is set (gateway.resources is recommended for production). | `none` | +| `gateway.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `gateway.podSecurityContext.enabled` | Enabled Gateway pods' Security Context | `true` | +| `gateway.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `gateway.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `gateway.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `gateway.podSecurityContext.fsGroup` | Set Gateway pod's Security Context fsGroup | `1001` | +| `gateway.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `gateway.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `gateway.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `gateway.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `gateway.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `gateway.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `gateway.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `gateway.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `gateway.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `gateway.lifecycleHooks` | for the gateway container(s) to automate configuration before or after startup | `{}` | +| `gateway.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `gateway.hostAliases` | gateway pods host aliases | `[]` | +| `gateway.podLabels` | Extra labels for gateway pods | `{}` | +| `gateway.podAnnotations` | Annotations for gateway pods | `{}` | +| `gateway.podAffinityPreset` | Pod affinity preset. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `gateway.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `gateway.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `gateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `gateway.nodeAffinityPreset.key` | Node label key to match. Ignored if `gateway.affinity` is set | `""` | +| `gateway.nodeAffinityPreset.values` | Node label values to match. Ignored if `gateway.affinity` is set | `[]` | +| `gateway.affinity` | Affinity for Gateway pods assignment | `{}` | +| `gateway.nodeSelector` | Node labels for Gateway pods assignment | `{}` | +| `gateway.tolerations` | Tolerations for Gateway pods assignment | `[]` | +| `gateway.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `gateway.priorityClassName` | Gateway pods' priorityClassName | `""` | +| `gateway.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `gateway.updateStrategy.type` | Gateway statefulset strategy type | `RollingUpdate` | +| `gateway.updateStrategy.rollingUpdate` | Gateway statefulset rolling update configuration parameters | `nil` | +| `gateway.extraVolumes` | Optionally specify extra list of additional volumes for the Gateway pod(s) | `[]` | +| `gateway.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Gateway container(s) | `[]` | +| `gateway.sidecars` | Add additional sidecar containers to the Gateway pod(s) | `[]` | +| `gateway.initContainers` | Add additional init containers to the Gateway pod(s) | `[]` | ### Gateway Traffic Exposure Parameters @@ -323,76 +323,76 @@ The command removes all the Kubernetes components associated with the chart and ### index-gateway Deployment Parameters -| Name | Description | Value | -| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------- | -| `indexGateway.enabled` | Enable index-gateway deployment | `false` | -| `indexGateway.extraEnvVars` | Array with extra environment variables to add to indexGateway nodes | `[]` | -| `indexGateway.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for indexGateway nodes | `""` | -| `indexGateway.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for indexGateway nodes | `""` | -| `indexGateway.command` | Override default container command (useful when using custom images) | `[]` | -| `indexGateway.args` | Override default container args (useful when using custom images) | `[]` | -| `indexGateway.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `indexGateway.replicaCount` | Number of index-gateway replicas to deploy | `1` | -| `indexGateway.podManagementPolicy` | podManagementPolicy to manage scaling operation | `""` | -| `indexGateway.livenessProbe.enabled` | Enable livenessProbe on index-gateway nodes | `true` | -| `indexGateway.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | -| `indexGateway.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `indexGateway.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `indexGateway.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `indexGateway.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `indexGateway.readinessProbe.enabled` | Enable readinessProbe on index-gateway nodes | `true` | -| `indexGateway.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | -| `indexGateway.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `indexGateway.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `indexGateway.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `indexGateway.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `indexGateway.startupProbe.enabled` | Enable startupProbe on index-gateway containers | `false` | -| `indexGateway.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `indexGateway.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `indexGateway.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `indexGateway.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `indexGateway.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `indexGateway.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `indexGateway.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `indexGateway.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `indexGateway.resources.limits` | The resources limits for the indexGateway containers | `{}` | -| `indexGateway.resources.requests` | The requested resources for the indexGateway containers | `{}` | -| `indexGateway.podSecurityContext.enabled` | Enabled index-gateway pods' Security Context | `true` | -| `indexGateway.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `indexGateway.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `indexGateway.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `indexGateway.podSecurityContext.fsGroup` | Set index-gateway pod's Security Context fsGroup | `1001` | -| `indexGateway.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `indexGateway.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `indexGateway.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `indexGateway.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `indexGateway.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `indexGateway.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `indexGateway.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `indexGateway.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `indexGateway.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `indexGateway.lifecycleHooks` | for the indexGateway container(s) to automate configuration before or after startup | `{}` | -| `indexGateway.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `indexGateway.hostAliases` | indexGateway pods host aliases | `[]` | -| `indexGateway.podLabels` | Extra labels for indexGateway pods | `{}` | -| `indexGateway.podAnnotations` | Annotations for indexGateway pods | `{}` | -| `indexGateway.podAffinityPreset` | Pod affinity preset. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `indexGateway.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `indexGateway.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `indexGateway.nodeAffinityPreset.key` | Node label key to match. Ignored if `indexGateway.affinity` is set | `""` | -| `indexGateway.nodeAffinityPreset.values` | Node label values to match. Ignored if `indexGateway.affinity` is set | `[]` | -| `indexGateway.affinity` | Affinity for index-gateway pods assignment | `{}` | -| `indexGateway.nodeSelector` | Node labels for index-gateway pods assignment | `{}` | -| `indexGateway.tolerations` | Tolerations for index-gateway pods assignment | `[]` | -| `indexGateway.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `indexGateway.priorityClassName` | index-gateway pods' priorityClassName | `""` | -| `indexGateway.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `indexGateway.updateStrategy.type` | index-gateway statefulset strategy type | `RollingUpdate` | -| `indexGateway.updateStrategy.rollingUpdate` | index-gateway statefulset rolling update configuration parameters | `nil` | -| `indexGateway.extraVolumes` | Optionally specify extra list of additional volumes for the index-gateway pod(s) | `[]` | -| `indexGateway.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the index-gateway container(s) | `[]` | -| `indexGateway.sidecars` | Add additional sidecar containers to the index-gateway pod(s) | `[]` | -| `indexGateway.initContainers` | Add additional init containers to the index-gateway pod(s) | `[]` | +| Name | Description | Value | +| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------- | +| `indexGateway.enabled` | Enable index-gateway deployment | `false` | +| `indexGateway.extraEnvVars` | Array with extra environment variables to add to indexGateway nodes | `[]` | +| `indexGateway.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for indexGateway nodes | `""` | +| `indexGateway.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for indexGateway nodes | `""` | +| `indexGateway.command` | Override default container command (useful when using custom images) | `[]` | +| `indexGateway.args` | Override default container args (useful when using custom images) | `[]` | +| `indexGateway.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | +| `indexGateway.replicaCount` | Number of index-gateway replicas to deploy | `1` | +| `indexGateway.podManagementPolicy` | podManagementPolicy to manage scaling operation | `""` | +| `indexGateway.livenessProbe.enabled` | Enable livenessProbe on index-gateway nodes | `true` | +| `indexGateway.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `60` | +| `indexGateway.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `indexGateway.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `indexGateway.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `indexGateway.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `indexGateway.readinessProbe.enabled` | Enable readinessProbe on index-gateway nodes | `true` | +| `indexGateway.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `60` | +| `indexGateway.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `indexGateway.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `indexGateway.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `indexGateway.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `indexGateway.startupProbe.enabled` | Enable startupProbe on index-gateway containers | `false` | +| `indexGateway.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `indexGateway.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `indexGateway.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `indexGateway.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `indexGateway.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `indexGateway.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `indexGateway.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `indexGateway.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `indexGateway.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if indexGateway.resources is set (indexGateway.resources is recommended for production). | `none` | +| `indexGateway.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `indexGateway.podSecurityContext.enabled` | Enabled index-gateway pods' Security Context | `true` | +| `indexGateway.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `indexGateway.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `indexGateway.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `indexGateway.podSecurityContext.fsGroup` | Set index-gateway pod's Security Context fsGroup | `1001` | +| `indexGateway.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `indexGateway.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `indexGateway.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `indexGateway.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `indexGateway.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `indexGateway.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `indexGateway.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `indexGateway.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `indexGateway.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `indexGateway.lifecycleHooks` | for the indexGateway container(s) to automate configuration before or after startup | `{}` | +| `indexGateway.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `indexGateway.hostAliases` | indexGateway pods host aliases | `[]` | +| `indexGateway.podLabels` | Extra labels for indexGateway pods | `{}` | +| `indexGateway.podAnnotations` | Annotations for indexGateway pods | `{}` | +| `indexGateway.podAffinityPreset` | Pod affinity preset. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `indexGateway.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `indexGateway.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `indexGateway.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `indexGateway.nodeAffinityPreset.key` | Node label key to match. Ignored if `indexGateway.affinity` is set | `""` | +| `indexGateway.nodeAffinityPreset.values` | Node label values to match. Ignored if `indexGateway.affinity` is set | `[]` | +| `indexGateway.affinity` | Affinity for index-gateway pods assignment | `{}` | +| `indexGateway.nodeSelector` | Node labels for index-gateway pods assignment | `{}` | +| `indexGateway.tolerations` | Tolerations for index-gateway pods assignment | `[]` | +| `indexGateway.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `indexGateway.priorityClassName` | index-gateway pods' priorityClassName | `""` | +| `indexGateway.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `indexGateway.updateStrategy.type` | index-gateway statefulset strategy type | `RollingUpdate` | +| `indexGateway.updateStrategy.rollingUpdate` | index-gateway statefulset rolling update configuration parameters | `nil` | +| `indexGateway.extraVolumes` | Optionally specify extra list of additional volumes for the index-gateway pod(s) | `[]` | +| `indexGateway.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the index-gateway container(s) | `[]` | +| `indexGateway.sidecars` | Add additional sidecar containers to the index-gateway pod(s) | `[]` | +| `indexGateway.initContainers` | Add additional init containers to the index-gateway pod(s) | `[]` | ### index-gateway Traffic Exposure Parameters @@ -421,74 +421,74 @@ The command removes all the Kubernetes components associated with the chart and ### Distributor Deployment Parameters -| Name | Description | Value | -| --------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | ---------------- | -| `distributor.extraEnvVars` | Array with extra environment variables to add to distributor nodes | `[]` | -| `distributor.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for distributor nodes | `""` | -| `distributor.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for distributor nodes | `""` | -| `distributor.command` | Override default container command (useful when using custom images) | `[]` | -| `distributor.args` | Override default container args (useful when using custom images) | `[]` | -| `distributor.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `distributor.replicaCount` | Number of Distributor replicas to deploy | `1` | -| `distributor.livenessProbe.enabled` | Enable livenessProbe on Distributor nodes | `true` | -| `distributor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `distributor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `distributor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `distributor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `distributor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `distributor.readinessProbe.enabled` | Enable readinessProbe on Distributor nodes | `true` | -| `distributor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `distributor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `distributor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `distributor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `distributor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `distributor.startupProbe.enabled` | Enable startupProbe on Distributor containers | `false` | -| `distributor.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `distributor.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `distributor.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `distributor.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `distributor.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `distributor.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `distributor.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `distributor.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `distributor.resources.limits` | The resources limits for the distributor containers | `{}` | -| `distributor.resources.requests` | The requested resources for the distributor containers | `{}` | -| `distributor.podSecurityContext.enabled` | Enabled Distributor pods' Security Context | `true` | -| `distributor.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `distributor.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `distributor.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `distributor.podSecurityContext.fsGroup` | Set Distributor pod's Security Context fsGroup | `1001` | -| `distributor.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `distributor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `distributor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `distributor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `distributor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `distributor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `distributor.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `distributor.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `distributor.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `distributor.lifecycleHooks` | for the distributor container(s) to automate configuration before or after startup | `{}` | -| `distributor.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `distributor.hostAliases` | distributor pods host aliases | `[]` | -| `distributor.podLabels` | Extra labels for distributor pods | `{}` | -| `distributor.podAnnotations` | Annotations for distributor pods | `{}` | -| `distributor.podAffinityPreset` | Pod affinity preset. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `distributor.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `distributor.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `distributor.nodeAffinityPreset.key` | Node label key to match. Ignored if `distributor.affinity` is set | `""` | -| `distributor.nodeAffinityPreset.values` | Node label values to match. Ignored if `distributor.affinity` is set | `[]` | -| `distributor.affinity` | Affinity for Distributor pods assignment | `{}` | -| `distributor.nodeSelector` | Node labels for Distributor pods assignment | `{}` | -| `distributor.tolerations` | Tolerations for Distributor pods assignment | `[]` | -| `distributor.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `distributor.priorityClassName` | Distributor pods' priorityClassName | `""` | -| `distributor.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `distributor.updateStrategy.type` | Distributor statefulset strategy type | `RollingUpdate` | -| `distributor.updateStrategy.rollingUpdate` | Distributor statefulset rolling update configuration parameters | `nil` | -| `distributor.extraVolumes` | Optionally specify extra list of additional volumes for the Distributor pod(s) | `[]` | -| `distributor.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Distributor container(s) | `[]` | -| `distributor.sidecars` | Add additional sidecar containers to the Distributor pod(s) | `[]` | -| `distributor.initContainers` | Add additional init containers to the Distributor pod(s) | `[]` | +| Name | Description | Value | +| --------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `distributor.extraEnvVars` | Array with extra environment variables to add to distributor nodes | `[]` | +| `distributor.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for distributor nodes | `""` | +| `distributor.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for distributor nodes | `""` | +| `distributor.command` | Override default container command (useful when using custom images) | `[]` | +| `distributor.args` | Override default container args (useful when using custom images) | `[]` | +| `distributor.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | +| `distributor.replicaCount` | Number of Distributor replicas to deploy | `1` | +| `distributor.livenessProbe.enabled` | Enable livenessProbe on Distributor nodes | `true` | +| `distributor.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `distributor.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `distributor.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `distributor.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `distributor.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `distributor.readinessProbe.enabled` | Enable readinessProbe on Distributor nodes | `true` | +| `distributor.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `distributor.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `distributor.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `distributor.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `distributor.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `distributor.startupProbe.enabled` | Enable startupProbe on Distributor containers | `false` | +| `distributor.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `distributor.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `distributor.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `distributor.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `distributor.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `distributor.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `distributor.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `distributor.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `distributor.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if distributor.resources is set (distributor.resources is recommended for production). | `none` | +| `distributor.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `distributor.podSecurityContext.enabled` | Enabled Distributor pods' Security Context | `true` | +| `distributor.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `distributor.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `distributor.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `distributor.podSecurityContext.fsGroup` | Set Distributor pod's Security Context fsGroup | `1001` | +| `distributor.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `distributor.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `distributor.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `distributor.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `distributor.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `distributor.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `distributor.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `distributor.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `distributor.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `distributor.lifecycleHooks` | for the distributor container(s) to automate configuration before or after startup | `{}` | +| `distributor.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `distributor.hostAliases` | distributor pods host aliases | `[]` | +| `distributor.podLabels` | Extra labels for distributor pods | `{}` | +| `distributor.podAnnotations` | Annotations for distributor pods | `{}` | +| `distributor.podAffinityPreset` | Pod affinity preset. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `distributor.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `distributor.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `distributor.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `distributor.nodeAffinityPreset.key` | Node label key to match. Ignored if `distributor.affinity` is set | `""` | +| `distributor.nodeAffinityPreset.values` | Node label values to match. Ignored if `distributor.affinity` is set | `[]` | +| `distributor.affinity` | Affinity for Distributor pods assignment | `{}` | +| `distributor.nodeSelector` | Node labels for Distributor pods assignment | `{}` | +| `distributor.tolerations` | Tolerations for Distributor pods assignment | `[]` | +| `distributor.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `distributor.priorityClassName` | Distributor pods' priorityClassName | `""` | +| `distributor.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `distributor.updateStrategy.type` | Distributor statefulset strategy type | `RollingUpdate` | +| `distributor.updateStrategy.rollingUpdate` | Distributor statefulset rolling update configuration parameters | `nil` | +| `distributor.extraVolumes` | Optionally specify extra list of additional volumes for the Distributor pod(s) | `[]` | +| `distributor.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Distributor container(s) | `[]` | +| `distributor.sidecars` | Add additional sidecar containers to the Distributor pod(s) | `[]` | +| `distributor.initContainers` | Add additional init containers to the Distributor pod(s) | `[]` | ### Distributor Traffic Exposure Parameters @@ -517,75 +517,75 @@ The command removes all the Kubernetes components associated with the chart and ### Ingester Deployment Parameters -| Name | Description | Value | -| ------------------------------------------------------------ | -------------------------------------------------------------------------------------------------- | ---------------- | -| `ingester.extraEnvVars` | Array with extra environment variables to add to ingester nodes | `[]` | -| `ingester.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ingester nodes | `""` | -| `ingester.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ingester nodes | `""` | -| `ingester.command` | Override default container command (useful when using custom images) | `[]` | -| `ingester.args` | Override default container args (useful when using custom images) | `[]` | -| `ingester.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `ingester.replicaCount` | Number of Ingester replicas to deploy | `1` | -| `ingester.livenessProbe.enabled` | Enable livenessProbe on Ingester nodes | `true` | -| `ingester.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `ingester.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `ingester.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `ingester.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `ingester.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `ingester.readinessProbe.enabled` | Enable readinessProbe on Ingester nodes | `true` | -| `ingester.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `ingester.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `ingester.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `ingester.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `ingester.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `ingester.startupProbe.enabled` | Enable startupProbe on Ingester containers | `false` | -| `ingester.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `ingester.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `ingester.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `ingester.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `ingester.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `ingester.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `ingester.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `ingester.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `ingester.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | -| `ingester.resources.limits` | The resources limits for the Ingester containers | `{}` | -| `ingester.resources.requests` | The requested resources for the Ingester containers | `{}` | -| `ingester.podSecurityContext.enabled` | Enabled Ingester pods' Security Context | `true` | -| `ingester.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `ingester.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `ingester.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `ingester.podSecurityContext.fsGroup` | Set Ingester pod's Security Context fsGroup | `1001` | -| `ingester.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `ingester.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `ingester.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `ingester.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `ingester.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `ingester.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `ingester.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `ingester.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `ingester.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `ingester.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `ingester.hostAliases` | ingester pods host aliases | `[]` | -| `ingester.podLabels` | Extra labels for ingester pods | `{}` | -| `ingester.podAnnotations` | Annotations for ingester pods | `{}` | -| `ingester.podAffinityPreset` | Pod affinity preset. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ingester.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `ingester.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ingester.nodeAffinityPreset.key` | Node label key to match. Ignored if `ingester.affinity` is set | `""` | -| `ingester.nodeAffinityPreset.values` | Node label values to match. Ignored if `ingester.affinity` is set | `[]` | -| `ingester.affinity` | Affinity for ingester pods assignment | `{}` | -| `ingester.nodeSelector` | Node labels for Ingester pods assignment | `{}` | -| `ingester.tolerations` | Tolerations for Ingester pods assignment | `[]` | -| `ingester.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `ingester.podManagementPolicy` | podManagementPolicy to manage scaling operation | `""` | -| `ingester.priorityClassName` | Ingester pods' priorityClassName | `""` | -| `ingester.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `ingester.updateStrategy.type` | Ingester statefulset strategy type | `RollingUpdate` | -| `ingester.updateStrategy.rollingUpdate` | Ingester statefulset rolling update configuration parameters | `nil` | -| `ingester.extraVolumes` | Optionally specify extra list of additional volumes for the Ingester pod(s) | `[]` | -| `ingester.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ingester container(s) | `[]` | -| `ingester.sidecars` | Add additional sidecar containers to the Ingester pod(s) | `[]` | -| `ingester.initContainers` | Add additional init containers to the Ingester pod(s) | `[]` | +| Name | Description | Value | +| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `ingester.extraEnvVars` | Array with extra environment variables to add to ingester nodes | `[]` | +| `ingester.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ingester nodes | `""` | +| `ingester.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ingester nodes | `""` | +| `ingester.command` | Override default container command (useful when using custom images) | `[]` | +| `ingester.args` | Override default container args (useful when using custom images) | `[]` | +| `ingester.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | +| `ingester.replicaCount` | Number of Ingester replicas to deploy | `1` | +| `ingester.livenessProbe.enabled` | Enable livenessProbe on Ingester nodes | `true` | +| `ingester.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `ingester.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `ingester.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `ingester.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `ingester.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `ingester.readinessProbe.enabled` | Enable readinessProbe on Ingester nodes | `true` | +| `ingester.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `ingester.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `ingester.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `ingester.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `ingester.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `ingester.startupProbe.enabled` | Enable startupProbe on Ingester containers | `false` | +| `ingester.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `ingester.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `ingester.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `ingester.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `ingester.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `ingester.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `ingester.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `ingester.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `ingester.lifecycleHooks` | for the ingester container(s) to automate configuration before or after startup | `{}` | +| `ingester.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ingester.resources is set (ingester.resources is recommended for production). | `none` | +| `ingester.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `ingester.podSecurityContext.enabled` | Enabled Ingester pods' Security Context | `true` | +| `ingester.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `ingester.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `ingester.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `ingester.podSecurityContext.fsGroup` | Set Ingester pod's Security Context fsGroup | `1001` | +| `ingester.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `ingester.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `ingester.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `ingester.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `ingester.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `ingester.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `ingester.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `ingester.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `ingester.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `ingester.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `ingester.hostAliases` | ingester pods host aliases | `[]` | +| `ingester.podLabels` | Extra labels for ingester pods | `{}` | +| `ingester.podAnnotations` | Annotations for ingester pods | `{}` | +| `ingester.podAffinityPreset` | Pod affinity preset. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `ingester.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `ingester.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `ingester.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `ingester.nodeAffinityPreset.key` | Node label key to match. Ignored if `ingester.affinity` is set | `""` | +| `ingester.nodeAffinityPreset.values` | Node label values to match. Ignored if `ingester.affinity` is set | `[]` | +| `ingester.affinity` | Affinity for ingester pods assignment | `{}` | +| `ingester.nodeSelector` | Node labels for Ingester pods assignment | `{}` | +| `ingester.tolerations` | Tolerations for Ingester pods assignment | `[]` | +| `ingester.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `ingester.podManagementPolicy` | podManagementPolicy to manage scaling operation | `""` | +| `ingester.priorityClassName` | Ingester pods' priorityClassName | `""` | +| `ingester.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `ingester.updateStrategy.type` | Ingester statefulset strategy type | `RollingUpdate` | +| `ingester.updateStrategy.rollingUpdate` | Ingester statefulset rolling update configuration parameters | `nil` | +| `ingester.extraVolumes` | Optionally specify extra list of additional volumes for the Ingester pod(s) | `[]` | +| `ingester.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ingester container(s) | `[]` | +| `ingester.sidecars` | Add additional sidecar containers to the Ingester pod(s) | `[]` | +| `ingester.initContainers` | Add additional init containers to the Ingester pod(s) | `[]` | ### Ingester Persistence Parameters @@ -626,75 +626,75 @@ The command removes all the Kubernetes components associated with the chart and ### Querier Deployment Parameters -| Name | Description | Value | -| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------- | ---------------- | -| `querier.replicaCount` | Number of Querier replicas to deploy | `1` | -| `querier.extraEnvVars` | Array with extra environment variables to add to Querier nodes | `[]` | -| `querier.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Querier nodes | `""` | -| `querier.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Querier nodes | `""` | -| `querier.command` | Override default container command (useful when using custom images) | `[]` | -| `querier.args` | Override default container args (useful when using custom images) | `[]` | -| `querier.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `querier.podManagementPolicy` | podManagementPolicy to manage scaling operation | `""` | -| `querier.livenessProbe.enabled` | Enable livenessProbe on Querier nodes | `true` | -| `querier.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `querier.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `querier.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `querier.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `querier.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `querier.readinessProbe.enabled` | Enable readinessProbe on Querier nodes | `true` | -| `querier.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `querier.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `querier.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `querier.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `querier.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `querier.startupProbe.enabled` | Enable startupProbe on Querier containers | `false` | -| `querier.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `querier.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `querier.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `querier.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `querier.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `querier.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `querier.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `querier.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `querier.resources.limits` | The resources limits for the Querier containers | `{}` | -| `querier.resources.requests` | The requested resources for the Querier containers | `{}` | -| `querier.podSecurityContext.enabled` | Enabled Querier pods' Security Context | `true` | -| `querier.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `querier.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `querier.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `querier.podSecurityContext.fsGroup` | Set Querier pod's Security Context fsGroup | `1001` | -| `querier.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `querier.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `querier.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `querier.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `querier.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `querier.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `querier.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `querier.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `querier.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `querier.lifecycleHooks` | for the Querier container(s) to automate configuration before or after startup | `{}` | -| `querier.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `querier.hostAliases` | querier pods host aliases | `[]` | -| `querier.podLabels` | Extra labels for querier pods | `{}` | -| `querier.podAnnotations` | Annotations for querier pods | `{}` | -| `querier.podAffinityPreset` | Pod affinity preset. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `querier.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `querier.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `querier.nodeAffinityPreset.key` | Node label key to match. Ignored if `querier.affinity` is set | `""` | -| `querier.nodeAffinityPreset.values` | Node label values to match. Ignored if `querier.affinity` is set | `[]` | -| `querier.affinity` | Affinity for Querier pods assignment | `{}` | -| `querier.nodeSelector` | Node labels for Querier pods assignment | `{}` | -| `querier.tolerations` | Tolerations for Querier pods assignment | `[]` | -| `querier.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `querier.priorityClassName` | Querier pods' priorityClassName | `""` | -| `querier.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `querier.updateStrategy.type` | Querier statefulset strategy type | `RollingUpdate` | -| `querier.updateStrategy.rollingUpdate` | Querier statefulset rolling update configuration parameters | `nil` | -| `querier.extraVolumes` | Optionally specify extra list of additional volumes for the Querier pod(s) | `[]` | -| `querier.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the querier container(s) | `[]` | -| `querier.sidecars` | Add additional sidecar containers to the Querier pod(s) | `[]` | -| `querier.initContainers` | Add additional init containers to the Querier pod(s) | `[]` | +| Name | Description | Value | +| ----------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `querier.replicaCount` | Number of Querier replicas to deploy | `1` | +| `querier.extraEnvVars` | Array with extra environment variables to add to Querier nodes | `[]` | +| `querier.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Querier nodes | `""` | +| `querier.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Querier nodes | `""` | +| `querier.command` | Override default container command (useful when using custom images) | `[]` | +| `querier.args` | Override default container args (useful when using custom images) | `[]` | +| `querier.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | +| `querier.podManagementPolicy` | podManagementPolicy to manage scaling operation | `""` | +| `querier.livenessProbe.enabled` | Enable livenessProbe on Querier nodes | `true` | +| `querier.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `querier.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `querier.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `querier.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `querier.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `querier.readinessProbe.enabled` | Enable readinessProbe on Querier nodes | `true` | +| `querier.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `querier.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `querier.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `querier.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `querier.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `querier.startupProbe.enabled` | Enable startupProbe on Querier containers | `false` | +| `querier.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `querier.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `querier.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `querier.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `querier.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `querier.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `querier.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `querier.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `querier.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if querier.resources is set (querier.resources is recommended for production). | `none` | +| `querier.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `querier.podSecurityContext.enabled` | Enabled Querier pods' Security Context | `true` | +| `querier.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `querier.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `querier.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `querier.podSecurityContext.fsGroup` | Set Querier pod's Security Context fsGroup | `1001` | +| `querier.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `querier.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `querier.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `querier.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `querier.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `querier.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `querier.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `querier.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `querier.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `querier.lifecycleHooks` | for the Querier container(s) to automate configuration before or after startup | `{}` | +| `querier.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `querier.hostAliases` | querier pods host aliases | `[]` | +| `querier.podLabels` | Extra labels for querier pods | `{}` | +| `querier.podAnnotations` | Annotations for querier pods | `{}` | +| `querier.podAffinityPreset` | Pod affinity preset. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `querier.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `querier.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `querier.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `querier.nodeAffinityPreset.key` | Node label key to match. Ignored if `querier.affinity` is set | `""` | +| `querier.nodeAffinityPreset.values` | Node label values to match. Ignored if `querier.affinity` is set | `[]` | +| `querier.affinity` | Affinity for Querier pods assignment | `{}` | +| `querier.nodeSelector` | Node labels for Querier pods assignment | `{}` | +| `querier.tolerations` | Tolerations for Querier pods assignment | `[]` | +| `querier.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `querier.priorityClassName` | Querier pods' priorityClassName | `""` | +| `querier.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `querier.updateStrategy.type` | Querier statefulset strategy type | `RollingUpdate` | +| `querier.updateStrategy.rollingUpdate` | Querier statefulset rolling update configuration parameters | `nil` | +| `querier.extraVolumes` | Optionally specify extra list of additional volumes for the Querier pod(s) | `[]` | +| `querier.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the querier container(s) | `[]` | +| `querier.sidecars` | Add additional sidecar containers to the Querier pod(s) | `[]` | +| `querier.initContainers` | Add additional init containers to the Querier pod(s) | `[]` | ### Querier Persistence Parameters @@ -735,74 +735,74 @@ The command removes all the Kubernetes components associated with the chart and ### Query Frontend Deployment Parameters -| Name | Description | Value | -| ----------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ---------------- | -| `queryFrontend.extraEnvVars` | Array with extra environment variables to add to queryFrontend nodes | `[]` | -| `queryFrontend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for queryFrontend nodes | `""` | -| `queryFrontend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for queryFrontend nodes | `""` | -| `queryFrontend.command` | Override default container command (useful when using custom images) | `[]` | -| `queryFrontend.args` | Override default container args (useful when using custom images) | `[]` | -| `queryFrontend.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `queryFrontend.replicaCount` | Number of queryFrontend replicas to deploy | `1` | -| `queryFrontend.livenessProbe.enabled` | Enable livenessProbe on queryFrontend nodes | `true` | -| `queryFrontend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `queryFrontend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `queryFrontend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `queryFrontend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `queryFrontend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `queryFrontend.readinessProbe.enabled` | Enable readinessProbe on queryFrontend nodes | `true` | -| `queryFrontend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `queryFrontend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `queryFrontend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `queryFrontend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `queryFrontend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `queryFrontend.startupProbe.enabled` | Enable startupProbe on queryFrontend containers | `false` | -| `queryFrontend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `queryFrontend.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `queryFrontend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `queryFrontend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `queryFrontend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `queryFrontend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `queryFrontend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `queryFrontend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `queryFrontend.resources.limits` | The resources limits for the queryFrontend containers | `{}` | -| `queryFrontend.resources.requests` | The requested resources for the queryFrontend containers | `{}` | -| `queryFrontend.podSecurityContext.enabled` | Enabled queryFrontend pods' Security Context | `true` | -| `queryFrontend.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `queryFrontend.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `queryFrontend.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `queryFrontend.podSecurityContext.fsGroup` | Set queryFrontend pod's Security Context fsGroup | `1001` | -| `queryFrontend.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `queryFrontend.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `queryFrontend.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `queryFrontend.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `queryFrontend.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `queryFrontend.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `queryFrontend.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `queryFrontend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `queryFrontend.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `queryFrontend.lifecycleHooks` | for the queryFrontend container(s) to automate configuration before or after startup | `{}` | -| `queryFrontend.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `queryFrontend.hostAliases` | queryFrontend pods host aliases | `[]` | -| `queryFrontend.podLabels` | Extra labels for queryFrontend pods | `{}` | -| `queryFrontend.podAnnotations` | Annotations for queryFrontend pods | `{}` | -| `queryFrontend.podAffinityPreset` | Pod affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `queryFrontend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `queryFrontend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `queryFrontend.nodeAffinityPreset.key` | Node label key to match. Ignored if `queryFrontend.affinity` is set | `""` | -| `queryFrontend.nodeAffinityPreset.values` | Node label values to match. Ignored if `queryFrontend.affinity` is set | `[]` | -| `queryFrontend.affinity` | Affinity for queryFrontend pods assignment | `{}` | -| `queryFrontend.nodeSelector` | Node labels for queryFrontend pods assignment | `{}` | -| `queryFrontend.tolerations` | Tolerations for queryFrontend pods assignment | `[]` | -| `queryFrontend.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `queryFrontend.priorityClassName` | queryFrontend pods' priorityClassName | `""` | -| `queryFrontend.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `queryFrontend.updateStrategy.type` | queryFrontend statefulset strategy type | `RollingUpdate` | -| `queryFrontend.updateStrategy.rollingUpdate` | queryFrontend statefulset rolling update configuration parameters | `nil` | -| `queryFrontend.extraVolumes` | Optionally specify extra list of additional volumes for the queryFrontend pod(s) | `[]` | -| `queryFrontend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the queryFrontend container(s) | `[]` | -| `queryFrontend.sidecars` | Add additional sidecar containers to the queryFrontend pod(s) | `[]` | -| `queryFrontend.initContainers` | Add additional init containers to the queryFrontend pod(s) | `[]` | +| Name | Description | Value | +| ----------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `queryFrontend.extraEnvVars` | Array with extra environment variables to add to queryFrontend nodes | `[]` | +| `queryFrontend.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for queryFrontend nodes | `""` | +| `queryFrontend.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for queryFrontend nodes | `""` | +| `queryFrontend.command` | Override default container command (useful when using custom images) | `[]` | +| `queryFrontend.args` | Override default container args (useful when using custom images) | `[]` | +| `queryFrontend.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | +| `queryFrontend.replicaCount` | Number of queryFrontend replicas to deploy | `1` | +| `queryFrontend.livenessProbe.enabled` | Enable livenessProbe on queryFrontend nodes | `true` | +| `queryFrontend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `queryFrontend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `queryFrontend.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `queryFrontend.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `queryFrontend.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `queryFrontend.readinessProbe.enabled` | Enable readinessProbe on queryFrontend nodes | `true` | +| `queryFrontend.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `queryFrontend.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `queryFrontend.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `queryFrontend.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `queryFrontend.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `queryFrontend.startupProbe.enabled` | Enable startupProbe on queryFrontend containers | `false` | +| `queryFrontend.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `queryFrontend.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `queryFrontend.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `queryFrontend.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `queryFrontend.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `queryFrontend.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `queryFrontend.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `queryFrontend.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `queryFrontend.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if queryFrontend.resources is set (queryFrontend.resources is recommended for production). | `none` | +| `queryFrontend.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `queryFrontend.podSecurityContext.enabled` | Enabled queryFrontend pods' Security Context | `true` | +| `queryFrontend.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `queryFrontend.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `queryFrontend.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `queryFrontend.podSecurityContext.fsGroup` | Set queryFrontend pod's Security Context fsGroup | `1001` | +| `queryFrontend.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `queryFrontend.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `queryFrontend.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `queryFrontend.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `queryFrontend.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `queryFrontend.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `queryFrontend.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `queryFrontend.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `queryFrontend.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `queryFrontend.lifecycleHooks` | for the queryFrontend container(s) to automate configuration before or after startup | `{}` | +| `queryFrontend.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `queryFrontend.hostAliases` | queryFrontend pods host aliases | `[]` | +| `queryFrontend.podLabels` | Extra labels for queryFrontend pods | `{}` | +| `queryFrontend.podAnnotations` | Annotations for queryFrontend pods | `{}` | +| `queryFrontend.podAffinityPreset` | Pod affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `queryFrontend.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `queryFrontend.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `queryFrontend.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `queryFrontend.nodeAffinityPreset.key` | Node label key to match. Ignored if `queryFrontend.affinity` is set | `""` | +| `queryFrontend.nodeAffinityPreset.values` | Node label values to match. Ignored if `queryFrontend.affinity` is set | `[]` | +| `queryFrontend.affinity` | Affinity for queryFrontend pods assignment | `{}` | +| `queryFrontend.nodeSelector` | Node labels for queryFrontend pods assignment | `{}` | +| `queryFrontend.tolerations` | Tolerations for queryFrontend pods assignment | `[]` | +| `queryFrontend.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `queryFrontend.priorityClassName` | queryFrontend pods' priorityClassName | `""` | +| `queryFrontend.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `queryFrontend.updateStrategy.type` | queryFrontend statefulset strategy type | `RollingUpdate` | +| `queryFrontend.updateStrategy.rollingUpdate` | queryFrontend statefulset rolling update configuration parameters | `nil` | +| `queryFrontend.extraVolumes` | Optionally specify extra list of additional volumes for the queryFrontend pod(s) | `[]` | +| `queryFrontend.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the queryFrontend container(s) | `[]` | +| `queryFrontend.sidecars` | Add additional sidecar containers to the queryFrontend pod(s) | `[]` | +| `queryFrontend.initContainers` | Add additional init containers to the queryFrontend pod(s) | `[]` | ### Query Frontend Traffic Exposure Parameters @@ -832,75 +832,75 @@ The command removes all the Kubernetes components associated with the chart and ### Query Scheduler Deployment Parameters -| Name | Description | Value | -| ------------------------------------------------------------------ | -------------------------------------------------------------------------------------------------------- | ---------------- | -| `queryScheduler.extraEnvVars` | Array with extra environment variables to add to queryScheduler nodes | `[]` | -| `queryScheduler.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for queryScheduler nodes | `""` | -| `queryScheduler.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for queryScheduler nodes | `""` | -| `queryScheduler.command` | Override default container command (useful when using custom images) | `[]` | -| `queryScheduler.args` | Override default container args (useful when using custom images) | `[]` | -| `queryScheduler.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `queryScheduler.replicaCount` | Number of queryScheduler replicas to deploy | `1` | -| `queryScheduler.livenessProbe.enabled` | Enable livenessProbe on queryScheduler nodes | `true` | -| `queryScheduler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `queryScheduler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `queryScheduler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `queryScheduler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `queryScheduler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `queryScheduler.minReadySeconds` | Minimum time to wait before performing readiness check | `10` | -| `queryScheduler.readinessProbe.enabled` | Enable readinessProbe on queryScheduler nodes | `true` | -| `queryScheduler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `queryScheduler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `queryScheduler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `queryScheduler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `queryScheduler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `queryScheduler.startupProbe.enabled` | Enable startupProbe on queryScheduler containers | `false` | -| `queryScheduler.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `queryScheduler.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `queryScheduler.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `queryScheduler.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `queryScheduler.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `queryScheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `queryScheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `queryScheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `queryScheduler.resources.limits` | The resources limits for the queryScheduler containers | `{}` | -| `queryScheduler.resources.requests` | The requested resources for the queryScheduler containers | `{}` | -| `queryScheduler.podSecurityContext.enabled` | Enabled queryScheduler pods' Security Context | `true` | -| `queryScheduler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `queryScheduler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `queryScheduler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `queryScheduler.podSecurityContext.fsGroup` | Set queryScheduler pod's Security Context fsGroup | `1001` | -| `queryScheduler.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `queryScheduler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `queryScheduler.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `queryScheduler.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `queryScheduler.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `queryScheduler.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `queryScheduler.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `queryScheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `queryScheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `queryScheduler.lifecycleHooks` | for the queryScheduler container(s) to automate configuration before or after startup | `{}` | -| `queryScheduler.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `queryScheduler.hostAliases` | queryScheduler pods host aliases | `[]` | -| `queryScheduler.podLabels` | Extra labels for queryScheduler pods | `{}` | -| `queryScheduler.podAnnotations` | Annotations for queryScheduler pods | `{}` | -| `queryScheduler.podAffinityPreset` | Pod affinity preset. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `queryScheduler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `queryScheduler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `queryScheduler.nodeAffinityPreset.key` | Node label key to match. Ignored if `queryScheduler.affinity` is set | `""` | -| `queryScheduler.nodeAffinityPreset.values` | Node label values to match. Ignored if `queryScheduler.affinity` is set | `[]` | -| `queryScheduler.affinity` | Affinity for queryScheduler pods assignment | `{}` | -| `queryScheduler.nodeSelector` | Node labels for queryScheduler pods assignment | `{}` | -| `queryScheduler.tolerations` | Tolerations for queryScheduler pods assignment | `[]` | -| `queryScheduler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `queryScheduler.priorityClassName` | queryScheduler pods' priorityClassName | `""` | -| `queryScheduler.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `queryScheduler.updateStrategy.type` | queryScheduler statefulset strategy type | `RollingUpdate` | -| `queryScheduler.updateStrategy.rollingUpdate` | queryScheduler statefulset rolling update configuration parameters | `nil` | -| `queryScheduler.extraVolumes` | Optionally specify extra list of additional volumes for the queryScheduler pod(s) | `[]` | -| `queryScheduler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the queryScheduler container(s) | `[]` | -| `queryScheduler.sidecars` | Add additional sidecar containers to the queryScheduler pod(s) | `[]` | -| `queryScheduler.initContainers` | Add additional init containers to the queryScheduler pod(s) | `[]` | +| Name | Description | Value | +| ------------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `queryScheduler.extraEnvVars` | Array with extra environment variables to add to queryScheduler nodes | `[]` | +| `queryScheduler.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for queryScheduler nodes | `""` | +| `queryScheduler.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for queryScheduler nodes | `""` | +| `queryScheduler.command` | Override default container command (useful when using custom images) | `[]` | +| `queryScheduler.args` | Override default container args (useful when using custom images) | `[]` | +| `queryScheduler.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | +| `queryScheduler.replicaCount` | Number of queryScheduler replicas to deploy | `1` | +| `queryScheduler.livenessProbe.enabled` | Enable livenessProbe on queryScheduler nodes | `true` | +| `queryScheduler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `queryScheduler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `queryScheduler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `queryScheduler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `queryScheduler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `queryScheduler.minReadySeconds` | Minimum time to wait before performing readiness check | `10` | +| `queryScheduler.readinessProbe.enabled` | Enable readinessProbe on queryScheduler nodes | `true` | +| `queryScheduler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `queryScheduler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `queryScheduler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `queryScheduler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `queryScheduler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `queryScheduler.startupProbe.enabled` | Enable startupProbe on queryScheduler containers | `false` | +| `queryScheduler.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `queryScheduler.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `queryScheduler.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `queryScheduler.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `queryScheduler.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `queryScheduler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `queryScheduler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `queryScheduler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `queryScheduler.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if queryScheduler.resources is set (queryScheduler.resources is recommended for production). | `none` | +| `queryScheduler.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `queryScheduler.podSecurityContext.enabled` | Enabled queryScheduler pods' Security Context | `true` | +| `queryScheduler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `queryScheduler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `queryScheduler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `queryScheduler.podSecurityContext.fsGroup` | Set queryScheduler pod's Security Context fsGroup | `1001` | +| `queryScheduler.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `queryScheduler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `queryScheduler.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `queryScheduler.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `queryScheduler.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `queryScheduler.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `queryScheduler.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `queryScheduler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `queryScheduler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `queryScheduler.lifecycleHooks` | for the queryScheduler container(s) to automate configuration before or after startup | `{}` | +| `queryScheduler.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `queryScheduler.hostAliases` | queryScheduler pods host aliases | `[]` | +| `queryScheduler.podLabels` | Extra labels for queryScheduler pods | `{}` | +| `queryScheduler.podAnnotations` | Annotations for queryScheduler pods | `{}` | +| `queryScheduler.podAffinityPreset` | Pod affinity preset. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `queryScheduler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `queryScheduler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `queryScheduler.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `queryScheduler.nodeAffinityPreset.key` | Node label key to match. Ignored if `queryScheduler.affinity` is set | `""` | +| `queryScheduler.nodeAffinityPreset.values` | Node label values to match. Ignored if `queryScheduler.affinity` is set | `[]` | +| `queryScheduler.affinity` | Affinity for queryScheduler pods assignment | `{}` | +| `queryScheduler.nodeSelector` | Node labels for queryScheduler pods assignment | `{}` | +| `queryScheduler.tolerations` | Tolerations for queryScheduler pods assignment | `[]` | +| `queryScheduler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `queryScheduler.priorityClassName` | queryScheduler pods' priorityClassName | `""` | +| `queryScheduler.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `queryScheduler.updateStrategy.type` | queryScheduler statefulset strategy type | `RollingUpdate` | +| `queryScheduler.updateStrategy.rollingUpdate` | queryScheduler statefulset rolling update configuration parameters | `nil` | +| `queryScheduler.extraVolumes` | Optionally specify extra list of additional volumes for the queryScheduler pod(s) | `[]` | +| `queryScheduler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the queryScheduler container(s) | `[]` | +| `queryScheduler.sidecars` | Add additional sidecar containers to the queryScheduler pod(s) | `[]` | +| `queryScheduler.initContainers` | Add additional init containers to the queryScheduler pod(s) | `[]` | ### Query Scheduler Traffic Exposure Parameters @@ -929,76 +929,76 @@ The command removes all the Kubernetes components associated with the chart and ### Ruler Deployment Parameters -| Name | Description | Value | -| --------------------------------------------------------- | ----------------------------------------------------------------------------------------------- | ---------------- | -| `ruler.enabled` | Deploy ruler component | `false` | -| `ruler.extraEnvVars` | Array with extra environment variables to add to ruler nodes | `[]` | -| `ruler.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ruler nodes | `""` | -| `ruler.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ruler nodes | `""` | -| `ruler.command` | Override default container command (useful when using custom images) | `[]` | -| `ruler.args` | Override default container args (useful when using custom images) | `[]` | -| `ruler.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `ruler.podManagementPolicy` | podManagementPolicy to manage scaling operation | `""` | -| `ruler.replicaCount` | Number of Ruler replicas to deploy | `1` | -| `ruler.livenessProbe.enabled` | Enable livenessProbe on Ruler nodes | `true` | -| `ruler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `ruler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `ruler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `ruler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `ruler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `ruler.readinessProbe.enabled` | Enable readinessProbe on Ruler nodes | `true` | -| `ruler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `ruler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `ruler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `ruler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `ruler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `ruler.startupProbe.enabled` | Enable startupProbe on Ruler containers | `false` | -| `ruler.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `ruler.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `ruler.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `ruler.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `ruler.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `ruler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `ruler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `ruler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `ruler.lifecycleHooks` | for the ruler container(s) to automate configuration before or after startup | `{}` | -| `ruler.resources.limits` | The resources limits for the Ruler containers | `{}` | -| `ruler.resources.requests` | The requested resources for the Ruler containers | `{}` | -| `ruler.podSecurityContext.enabled` | Enabled Ruler pods' Security Context | `true` | -| `ruler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `ruler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `ruler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `ruler.podSecurityContext.fsGroup` | Set Ruler pod's Security Context fsGroup | `1001` | -| `ruler.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `ruler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `ruler.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `ruler.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `ruler.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `ruler.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `ruler.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `ruler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `ruler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `ruler.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `ruler.hostAliases` | ruler pods host aliases | `[]` | -| `ruler.podLabels` | Extra labels for ruler pods | `{}` | -| `ruler.podAnnotations` | Annotations for ruler pods | `{}` | -| `ruler.podAffinityPreset` | Pod affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ruler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `ruler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `ruler.nodeAffinityPreset.key` | Node label key to match. Ignored if `ruler.affinity` is set | `""` | -| `ruler.nodeAffinityPreset.values` | Node label values to match. Ignored if `ruler.affinity` is set | `[]` | -| `ruler.affinity` | Affinity for ruler pods assignment | `{}` | -| `ruler.nodeSelector` | Node labels for Ruler pods assignment | `{}` | -| `ruler.tolerations` | Tolerations for Ruler pods assignment | `[]` | -| `ruler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `ruler.priorityClassName` | Ruler pods' priorityClassName | `""` | -| `ruler.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `ruler.updateStrategy.type` | Ruler statefulset strategy type | `RollingUpdate` | -| `ruler.updateStrategy.rollingUpdate` | Ruler statefulset rolling update configuration parameters | `nil` | -| `ruler.extraVolumes` | Optionally specify extra list of additional volumes for the Ruler pod(s) | `[]` | -| `ruler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ruler container(s) | `[]` | -| `ruler.sidecars` | Add additional sidecar containers to the Ruler pod(s) | `[]` | -| `ruler.initContainers` | Add additional init containers to the Ruler pod(s) | `[]` | +| Name | Description | Value | +| --------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `ruler.enabled` | Deploy ruler component | `false` | +| `ruler.extraEnvVars` | Array with extra environment variables to add to ruler nodes | `[]` | +| `ruler.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for ruler nodes | `""` | +| `ruler.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for ruler nodes | `""` | +| `ruler.command` | Override default container command (useful when using custom images) | `[]` | +| `ruler.args` | Override default container args (useful when using custom images) | `[]` | +| `ruler.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | +| `ruler.podManagementPolicy` | podManagementPolicy to manage scaling operation | `""` | +| `ruler.replicaCount` | Number of Ruler replicas to deploy | `1` | +| `ruler.livenessProbe.enabled` | Enable livenessProbe on Ruler nodes | `true` | +| `ruler.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `ruler.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `ruler.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `ruler.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `ruler.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `ruler.readinessProbe.enabled` | Enable readinessProbe on Ruler nodes | `true` | +| `ruler.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `ruler.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `ruler.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `ruler.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `ruler.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `ruler.startupProbe.enabled` | Enable startupProbe on Ruler containers | `false` | +| `ruler.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `ruler.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `ruler.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `ruler.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `ruler.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `ruler.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `ruler.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `ruler.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `ruler.lifecycleHooks` | for the ruler container(s) to automate configuration before or after startup | `{}` | +| `ruler.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ruler.resources is set (ruler.resources is recommended for production). | `none` | +| `ruler.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `ruler.podSecurityContext.enabled` | Enabled Ruler pods' Security Context | `true` | +| `ruler.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `ruler.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `ruler.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `ruler.podSecurityContext.fsGroup` | Set Ruler pod's Security Context fsGroup | `1001` | +| `ruler.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `ruler.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `ruler.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `ruler.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `ruler.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `ruler.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `ruler.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `ruler.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `ruler.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `ruler.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `ruler.hostAliases` | ruler pods host aliases | `[]` | +| `ruler.podLabels` | Extra labels for ruler pods | `{}` | +| `ruler.podAnnotations` | Annotations for ruler pods | `{}` | +| `ruler.podAffinityPreset` | Pod affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `ruler.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `ruler.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `ruler.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `ruler.nodeAffinityPreset.key` | Node label key to match. Ignored if `ruler.affinity` is set | `""` | +| `ruler.nodeAffinityPreset.values` | Node label values to match. Ignored if `ruler.affinity` is set | `[]` | +| `ruler.affinity` | Affinity for ruler pods assignment | `{}` | +| `ruler.nodeSelector` | Node labels for Ruler pods assignment | `{}` | +| `ruler.tolerations` | Tolerations for Ruler pods assignment | `[]` | +| `ruler.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `ruler.priorityClassName` | Ruler pods' priorityClassName | `""` | +| `ruler.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `ruler.updateStrategy.type` | Ruler statefulset strategy type | `RollingUpdate` | +| `ruler.updateStrategy.rollingUpdate` | Ruler statefulset rolling update configuration parameters | `nil` | +| `ruler.extraVolumes` | Optionally specify extra list of additional volumes for the Ruler pod(s) | `[]` | +| `ruler.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the ruler container(s) | `[]` | +| `ruler.sidecars` | Add additional sidecar containers to the Ruler pod(s) | `[]` | +| `ruler.initContainers` | Add additional init containers to the Ruler pod(s) | `[]` | ### Ruler Persistence Parameters @@ -1039,75 +1039,75 @@ The command removes all the Kubernetes components associated with the chart and ### table-manager Deployment Parameters -| Name | Description | Value | -| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | ---------------- | -| `tableManager.enabled` | Deploy table-manager | `false` | -| `tableManager.extraEnvVars` | Array with extra environment variables to add to tableManager nodes | `[]` | -| `tableManager.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for tableManager nodes | `""` | -| `tableManager.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for tableManager nodes | `""` | -| `tableManager.command` | Override default container command (useful when using custom images) | `[]` | -| `tableManager.args` | Override default container args (useful when using custom images) | `[]` | -| `tableManager.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `tableManager.replicaCount` | Number of table-manager replicas to deploy | `1` | -| `tableManager.livenessProbe.enabled` | Enable livenessProbe on table-manager nodes | `true` | -| `tableManager.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `tableManager.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `tableManager.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `tableManager.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `tableManager.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `tableManager.readinessProbe.enabled` | Enable readinessProbe on table-manager nodes | `true` | -| `tableManager.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `tableManager.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `tableManager.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `tableManager.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `tableManager.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `tableManager.startupProbe.enabled` | Enable startupProbe on table-manager containers | `false` | -| `tableManager.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `tableManager.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `tableManager.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `tableManager.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `tableManager.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `tableManager.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `tableManager.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `tableManager.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `tableManager.resources.limits` | The resources limits for the tableManager containers | `{}` | -| `tableManager.resources.requests` | The requested resources for the tableManager containers | `{}` | -| `tableManager.podSecurityContext.enabled` | Enabled table-manager pods' Security Context | `true` | -| `tableManager.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `tableManager.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `tableManager.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `tableManager.podSecurityContext.fsGroup` | Set table-manager pod's Security Context fsGroup | `1001` | -| `tableManager.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `tableManager.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `tableManager.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `tableManager.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `tableManager.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `tableManager.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `tableManager.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `tableManager.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `tableManager.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `tableManager.lifecycleHooks` | for the tableManager container(s) to automate configuration before or after startup | `{}` | -| `tableManager.automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `tableManager.hostAliases` | tableManager pods host aliases | `[]` | -| `tableManager.podLabels` | Extra labels for tableManager pods | `{}` | -| `tableManager.podAnnotations` | Annotations for tableManager pods | `{}` | -| `tableManager.podAffinityPreset` | Pod affinity preset. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `tableManager.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `tableManager.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `tableManager.nodeAffinityPreset.key` | Node label key to match. Ignored if `tableManager.affinity` is set | `""` | -| `tableManager.nodeAffinityPreset.values` | Node label values to match. Ignored if `tableManager.affinity` is set | `[]` | -| `tableManager.affinity` | Affinity for table-manager pods assignment | `{}` | -| `tableManager.nodeSelector` | Node labels for table-manager pods assignment | `{}` | -| `tableManager.tolerations` | Tolerations for table-manager pods assignment | `[]` | -| `tableManager.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `tableManager.priorityClassName` | table-manager pods' priorityClassName | `""` | -| `tableManager.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `tableManager.updateStrategy.type` | table-manager statefulset strategy type | `RollingUpdate` | -| `tableManager.updateStrategy.rollingUpdate` | table-manager statefulset rolling update configuration parameters | `nil` | -| `tableManager.extraVolumes` | Optionally specify extra list of additional volumes for the table-manager pod(s) | `[]` | -| `tableManager.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the table-manager container(s) | `[]` | -| `tableManager.sidecars` | Add additional sidecar containers to the table-manager pod(s) | `[]` | -| `tableManager.initContainers` | Add additional init containers to the table-manager pod(s) | `[]` | +| Name | Description | Value | +| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ---------------- | +| `tableManager.enabled` | Deploy table-manager | `false` | +| `tableManager.extraEnvVars` | Array with extra environment variables to add to tableManager nodes | `[]` | +| `tableManager.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for tableManager nodes | `""` | +| `tableManager.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for tableManager nodes | `""` | +| `tableManager.command` | Override default container command (useful when using custom images) | `[]` | +| `tableManager.args` | Override default container args (useful when using custom images) | `[]` | +| `tableManager.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | +| `tableManager.replicaCount` | Number of table-manager replicas to deploy | `1` | +| `tableManager.livenessProbe.enabled` | Enable livenessProbe on table-manager nodes | `true` | +| `tableManager.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `tableManager.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `tableManager.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `tableManager.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `tableManager.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `tableManager.readinessProbe.enabled` | Enable readinessProbe on table-manager nodes | `true` | +| `tableManager.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `tableManager.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `tableManager.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `tableManager.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `tableManager.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `tableManager.startupProbe.enabled` | Enable startupProbe on table-manager containers | `false` | +| `tableManager.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `tableManager.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `tableManager.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `tableManager.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `tableManager.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `tableManager.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `tableManager.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `tableManager.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `tableManager.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if tableManager.resources is set (tableManager.resources is recommended for production). | `none` | +| `tableManager.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `tableManager.podSecurityContext.enabled` | Enabled table-manager pods' Security Context | `true` | +| `tableManager.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `tableManager.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `tableManager.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `tableManager.podSecurityContext.fsGroup` | Set table-manager pod's Security Context fsGroup | `1001` | +| `tableManager.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `tableManager.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `tableManager.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `tableManager.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `tableManager.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `tableManager.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `tableManager.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `tableManager.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `tableManager.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `tableManager.lifecycleHooks` | for the tableManager container(s) to automate configuration before or after startup | `{}` | +| `tableManager.automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `tableManager.hostAliases` | tableManager pods host aliases | `[]` | +| `tableManager.podLabels` | Extra labels for tableManager pods | `{}` | +| `tableManager.podAnnotations` | Annotations for tableManager pods | `{}` | +| `tableManager.podAffinityPreset` | Pod affinity preset. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `tableManager.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `tableManager.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `tableManager.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `tableManager.nodeAffinityPreset.key` | Node label key to match. Ignored if `tableManager.affinity` is set | `""` | +| `tableManager.nodeAffinityPreset.values` | Node label values to match. Ignored if `tableManager.affinity` is set | `[]` | +| `tableManager.affinity` | Affinity for table-manager pods assignment | `{}` | +| `tableManager.nodeSelector` | Node labels for table-manager pods assignment | `{}` | +| `tableManager.tolerations` | Tolerations for table-manager pods assignment | `[]` | +| `tableManager.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `tableManager.priorityClassName` | table-manager pods' priorityClassName | `""` | +| `tableManager.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `tableManager.updateStrategy.type` | table-manager statefulset strategy type | `RollingUpdate` | +| `tableManager.updateStrategy.rollingUpdate` | table-manager statefulset rolling update configuration parameters | `nil` | +| `tableManager.extraVolumes` | Optionally specify extra list of additional volumes for the table-manager pod(s) | `[]` | +| `tableManager.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the table-manager container(s) | `[]` | +| `tableManager.sidecars` | Add additional sidecar containers to the table-manager pod(s) | `[]` | +| `tableManager.initContainers` | Add additional init containers to the table-manager pod(s) | `[]` | ### table-manager Traffic Exposure Parameters @@ -1136,83 +1136,83 @@ The command removes all the Kubernetes components associated with the chart and ### Promtail Deployment Parameters -| Name | Description | Value | -| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------- | -------------------------- | -| `promtail.enabled` | Deploy promtail | `true` | -| `promtail.image.registry` | Grafana Promtail image registry | `REGISTRY_NAME` | -| `promtail.image.repository` | Grafana Promtail image repository | `REPOSITORY_NAME/promtail` | -| `promtail.image.digest` | Grafana Promtail image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `promtail.image.pullPolicy` | Grafana Promtail image pull policy | `IfNotPresent` | -| `promtail.image.pullSecrets` | Grafana Promtail image pull secrets | `[]` | -| `promtail.extraEnvVars` | Array with extra environment variables to add to promtail nodes | `[]` | -| `promtail.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for promtail nodes | `""` | -| `promtail.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for promtail nodes | `""` | -| `promtail.command` | Override default container command (useful when using custom images) | `[]` | -| `promtail.args` | Override default container args (useful when using custom images) | `[]` | -| `promtail.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | -| `promtail.containerPorts.http` | Promtail HTTP port | `8080` | -| `promtail.livenessProbe.enabled` | Enable livenessProbe on Promtail nodes | `true` | -| `promtail.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | -| `promtail.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `promtail.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | -| `promtail.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | -| `promtail.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `promtail.readinessProbe.enabled` | Enable readinessProbe on Promtail nodes | `true` | -| `promtail.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | -| `promtail.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `promtail.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | -| `promtail.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | -| `promtail.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `promtail.startupProbe.enabled` | Enable startupProbe on Promtail containers | `false` | -| `promtail.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `promtail.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `promtail.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `promtail.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `promtail.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `promtail.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `promtail.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `promtail.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `promtail.lifecycleHooks` | for the promtail container(s) to automate configuration before or after startup | `{}` | -| `promtail.resources.limits` | The resources limits for the Promtail containers | `{}` | -| `promtail.resources.requests` | The requested resources for the Promtail containers | `{}` | -| `promtail.podSecurityContext.enabled` | Enabled Promtail pods' Security Context | `true` | -| `promtail.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `promtail.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `promtail.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `promtail.podSecurityContext.fsGroup` | Set Promtail pod's Security Context fsGroup | `0` | -| `promtail.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `promtail.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `promtail.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `0` | -| `promtail.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | -| `promtail.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `promtail.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `promtail.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `promtail.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `promtail.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `promtail.automountServiceAccountToken` | Mount Service Account token in pod | `true` | -| `promtail.hostAliases` | promtail pods host aliases | `[]` | -| `promtail.podLabels` | Extra labels for promtail pods | `{}` | -| `promtail.podAnnotations` | Annotations for promtail pods | `{}` | -| `promtail.podAffinityPreset` | Pod affinity preset. Ignored if `promtail.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `promtail.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `promtail.affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `promtail.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `promtail.affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `promtail.nodeAffinityPreset.key` | Node label key to match. Ignored if `promtail.affinity` is set | `""` | -| `promtail.nodeAffinityPreset.values` | Node label values to match. Ignored if `promtail.affinity` is set | `[]` | -| `promtail.affinity` | Affinity for promtail pods assignment | `{}` | -| `promtail.nodeSelector` | Node labels for Promtail pods assignment | `{}` | -| `promtail.tolerations` | Tolerations for Promtail pods assignment | `[]` | -| `promtail.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | -| `promtail.priorityClassName` | Promtail pods' priorityClassName | `""` | -| `promtail.schedulerName` | Kubernetes pod scheduler registry | `""` | -| `promtail.updateStrategy.type` | Promtail statefulset strategy type | `RollingUpdate` | -| `promtail.updateStrategy.rollingUpdate` | Promtail statefulset rolling update configuration parameters | `nil` | -| `promtail.extraVolumes` | Optionally specify extra list of additional volumes for the Promtail pod(s) | `[]` | -| `promtail.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the promtail container(s) | `[]` | -| `promtail.sidecars` | Add additional sidecar containers to the Promtail pod(s) | `[]` | -| `promtail.initContainers` | Add additional init containers to the Promtail pod(s) | `[]` | -| `promtail.configuration` | Promtail configuration | `""` | -| `promtail.existingSecret` | Name of a Secret that contains the Promtail configuration | `""` | -| `promtail.logLevel` | Promtail logging level | `info` | +| Name | Description | Value | +| ------------------------------------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `promtail.enabled` | Deploy promtail | `true` | +| `promtail.image.registry` | Grafana Promtail image registry | `REGISTRY_NAME` | +| `promtail.image.repository` | Grafana Promtail image repository | `REPOSITORY_NAME/promtail` | +| `promtail.image.digest` | Grafana Promtail image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `promtail.image.pullPolicy` | Grafana Promtail image pull policy | `IfNotPresent` | +| `promtail.image.pullSecrets` | Grafana Promtail image pull secrets | `[]` | +| `promtail.extraEnvVars` | Array with extra environment variables to add to promtail nodes | `[]` | +| `promtail.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for promtail nodes | `""` | +| `promtail.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for promtail nodes | `""` | +| `promtail.command` | Override default container command (useful when using custom images) | `[]` | +| `promtail.args` | Override default container args (useful when using custom images) | `[]` | +| `promtail.extraArgs` | Additional container args (will be concatenated to args, unless diagnosticMode is enabled) | `[]` | +| `promtail.containerPorts.http` | Promtail HTTP port | `8080` | +| `promtail.livenessProbe.enabled` | Enable livenessProbe on Promtail nodes | `true` | +| `promtail.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `10` | +| `promtail.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `promtail.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `promtail.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `promtail.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `promtail.readinessProbe.enabled` | Enable readinessProbe on Promtail nodes | `true` | +| `promtail.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `promtail.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `promtail.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `promtail.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `promtail.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `promtail.startupProbe.enabled` | Enable startupProbe on Promtail containers | `false` | +| `promtail.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `promtail.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `promtail.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `promtail.startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `promtail.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `promtail.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `promtail.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `promtail.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `promtail.lifecycleHooks` | for the promtail container(s) to automate configuration before or after startup | `{}` | +| `promtail.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if promtail.resources is set (promtail.resources is recommended for production). | `none` | +| `promtail.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `promtail.podSecurityContext.enabled` | Enabled Promtail pods' Security Context | `true` | +| `promtail.podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `promtail.podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `promtail.podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `promtail.podSecurityContext.fsGroup` | Set Promtail pod's Security Context fsGroup | `0` | +| `promtail.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `promtail.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `promtail.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `0` | +| `promtail.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `false` | +| `promtail.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `promtail.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `promtail.containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `promtail.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `promtail.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `promtail.automountServiceAccountToken` | Mount Service Account token in pod | `true` | +| `promtail.hostAliases` | promtail pods host aliases | `[]` | +| `promtail.podLabels` | Extra labels for promtail pods | `{}` | +| `promtail.podAnnotations` | Annotations for promtail pods | `{}` | +| `promtail.podAffinityPreset` | Pod affinity preset. Ignored if `promtail.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `promtail.podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `promtail.affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `promtail.nodeAffinityPreset.type` | Node affinity preset type. Ignored if `promtail.affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `promtail.nodeAffinityPreset.key` | Node label key to match. Ignored if `promtail.affinity` is set | `""` | +| `promtail.nodeAffinityPreset.values` | Node label values to match. Ignored if `promtail.affinity` is set | `[]` | +| `promtail.affinity` | Affinity for promtail pods assignment | `{}` | +| `promtail.nodeSelector` | Node labels for Promtail pods assignment | `{}` | +| `promtail.tolerations` | Tolerations for Promtail pods assignment | `[]` | +| `promtail.topologySpreadConstraints` | Topology Spread Constraints for pod assignment spread across your cluster among failure-domains | `[]` | +| `promtail.priorityClassName` | Promtail pods' priorityClassName | `""` | +| `promtail.schedulerName` | Kubernetes pod scheduler registry | `""` | +| `promtail.updateStrategy.type` | Promtail statefulset strategy type | `RollingUpdate` | +| `promtail.updateStrategy.rollingUpdate` | Promtail statefulset rolling update configuration parameters | `nil` | +| `promtail.extraVolumes` | Optionally specify extra list of additional volumes for the Promtail pod(s) | `[]` | +| `promtail.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the promtail container(s) | `[]` | +| `promtail.sidecars` | Add additional sidecar containers to the Promtail pod(s) | `[]` | +| `promtail.initContainers` | Add additional init containers to the Promtail pod(s) | `[]` | +| `promtail.configuration` | Promtail configuration | `""` | +| `promtail.existingSecret` | Name of a Secret that contains the Promtail configuration | `""` | +| `promtail.logLevel` | Promtail logging level | `info` | ### Promtail Traffic Exposure Parameters @@ -1245,19 +1245,19 @@ The command removes all the Kubernetes components associated with the chart and ### Init Container Parameters -| Name | Description | Value | -| ---------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | -------------------------- | -| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | -| `volumePermissions.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| Name | Description | Value | +| ---------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | +| `volumePermissions.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | ### Other Parameters @@ -1387,6 +1387,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/grafa ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/grafana-loki/templates/NOTES.txt b/bitnami/grafana-loki/templates/NOTES.txt index 68ef907db03170..7eea1aa94bfbd8 100644 --- a/bitnami/grafana-loki/templates/NOTES.txt +++ b/bitnami/grafana-loki/templates/NOTES.txt @@ -102,3 +102,4 @@ Installed components: {{- include "grafana-loki.checkRollingTags" . }} {{- include "grafana-loki.validateValues" . }} +{{- include "common.warnings.resources" (dict "sections" (list "compactor" "distributor" "gateway" "indexGateway" "ingester" "promtail" "querier" "queryFrontend" "queryScheduler" "ruler" "tableManager" "volumePermissions") "context" $) }} diff --git a/bitnami/grafana-loki/templates/compactor/deployment.yaml b/bitnami/grafana-loki/templates/compactor/deployment.yaml index 8ee760fe69a4fe..7ee610f1da8c2b 100644 --- a/bitnami/grafana-loki/templates/compactor/deployment.yaml +++ b/bitnami/grafana-loki/templates/compactor/deployment.yaml @@ -119,6 +119,8 @@ spec: name: http-memberlist {{- if .Values.compactor.resources }} resources: {{- toYaml .Values.compactor.resources | nindent 12 }} + {{- else if ne .Values.compactor.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.compactor.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.compactor.customLivenessProbe }} diff --git a/bitnami/grafana-loki/templates/distributor/deployment.yaml b/bitnami/grafana-loki/templates/distributor/deployment.yaml index 429dfa3ab449d6..0d335d75ea5672 100644 --- a/bitnami/grafana-loki/templates/distributor/deployment.yaml +++ b/bitnami/grafana-loki/templates/distributor/deployment.yaml @@ -121,6 +121,8 @@ spec: name: grpc {{- if .Values.distributor.resources }} resources: {{- toYaml .Values.distributor.resources | nindent 12 }} + {{- else if ne .Values.distributor.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.distributor.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.distributor.customLivenessProbe }} diff --git a/bitnami/grafana-loki/templates/gateway/deployment.yaml b/bitnami/grafana-loki/templates/gateway/deployment.yaml index c3ded728ee25c1..d19a16225df537 100644 --- a/bitnami/grafana-loki/templates/gateway/deployment.yaml +++ b/bitnami/grafana-loki/templates/gateway/deployment.yaml @@ -148,6 +148,8 @@ spec: {{- end }} {{- if .Values.gateway.resources }} resources: {{- toYaml .Values.gateway.resources | nindent 12 }} + {{- else if ne .Values.gateway.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.gateway.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: config diff --git a/bitnami/grafana-loki/templates/index-gateway/statefulset.yaml b/bitnami/grafana-loki/templates/index-gateway/statefulset.yaml index d20f15a9a6e443..585c561ba614b3 100644 --- a/bitnami/grafana-loki/templates/index-gateway/statefulset.yaml +++ b/bitnami/grafana-loki/templates/index-gateway/statefulset.yaml @@ -122,6 +122,8 @@ spec: name: grpc {{- if .Values.indexGateway.resources }} resources: {{- toYaml .Values.indexGateway.resources | nindent 12 }} + {{- else if ne .Values.indexGateway.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.indexGateway.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.indexGateway.customLivenessProbe }} diff --git a/bitnami/grafana-loki/templates/ingester/statefulset.yaml b/bitnami/grafana-loki/templates/ingester/statefulset.yaml index 2b940a36dbb3da..7f51bc4fcacae2 100644 --- a/bitnami/grafana-loki/templates/ingester/statefulset.yaml +++ b/bitnami/grafana-loki/templates/ingester/statefulset.yaml @@ -96,6 +96,8 @@ spec: {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data @@ -146,6 +148,8 @@ spec: name: grpc {{- if .Values.ingester.resources }} resources: {{- toYaml .Values.ingester.resources | nindent 12 }} + {{- else if ne .Values.ingester.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.ingester.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.ingester.customLivenessProbe }} diff --git a/bitnami/grafana-loki/templates/promtail/daemonset.yaml b/bitnami/grafana-loki/templates/promtail/daemonset.yaml index 4318f2f20e73a1..505cbae0a5fb40 100644 --- a/bitnami/grafana-loki/templates/promtail/daemonset.yaml +++ b/bitnami/grafana-loki/templates/promtail/daemonset.yaml @@ -119,6 +119,8 @@ spec: name: http {{- if .Values.promtail.resources }} resources: {{- toYaml .Values.promtail.resources | nindent 12 }} + {{- else if ne .Values.promtail.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.promtail.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.promtail.customLivenessProbe }} diff --git a/bitnami/grafana-loki/templates/querier/statefulset.yaml b/bitnami/grafana-loki/templates/querier/statefulset.yaml index 685942f0558665..b738eb1fc029f5 100644 --- a/bitnami/grafana-loki/templates/querier/statefulset.yaml +++ b/bitnami/grafana-loki/templates/querier/statefulset.yaml @@ -98,6 +98,8 @@ spec: {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data @@ -151,6 +153,8 @@ spec: name: grpc {{- if .Values.querier.resources }} resources: {{- toYaml .Values.querier.resources | nindent 12 }} + {{- else if ne .Values.querier.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.querier.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.querier.customLivenessProbe }} diff --git a/bitnami/grafana-loki/templates/query-frontend/deployment.yaml b/bitnami/grafana-loki/templates/query-frontend/deployment.yaml index caa0b4bbf7f5b3..5ec04aa7c716d7 100644 --- a/bitnami/grafana-loki/templates/query-frontend/deployment.yaml +++ b/bitnami/grafana-loki/templates/query-frontend/deployment.yaml @@ -120,6 +120,8 @@ spec: name: grpc {{- if .Values.queryFrontend.resources }} resources: {{- toYaml .Values.queryFrontend.resources | nindent 12 }} + {{- else if ne .Values.queryFrontend.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.queryFrontend.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.queryFrontend.customLivenessProbe }} diff --git a/bitnami/grafana-loki/templates/query-scheduler/deployment.yaml b/bitnami/grafana-loki/templates/query-scheduler/deployment.yaml index 4b0ba8065bcb0d..2beda26538bb0d 100644 --- a/bitnami/grafana-loki/templates/query-scheduler/deployment.yaml +++ b/bitnami/grafana-loki/templates/query-scheduler/deployment.yaml @@ -121,6 +121,8 @@ spec: name: grpc {{- if .Values.queryScheduler.resources }} resources: {{- toYaml .Values.queryScheduler.resources | nindent 12 }} + {{- else if ne .Values.queryScheduler.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.queryScheduler.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.queryScheduler.customLivenessProbe }} diff --git a/bitnami/grafana-loki/templates/ruler/statefulset.yaml b/bitnami/grafana-loki/templates/ruler/statefulset.yaml index 950a9e2ea9288a..6a376d7efad4eb 100644 --- a/bitnami/grafana-loki/templates/ruler/statefulset.yaml +++ b/bitnami/grafana-loki/templates/ruler/statefulset.yaml @@ -99,6 +99,8 @@ spec: {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: data @@ -149,6 +151,8 @@ spec: name: grpc {{- if .Values.ruler.resources }} resources: {{- toYaml .Values.ruler.resources | nindent 12 }} + {{- else if ne .Values.ruler.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.ruler.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.ruler.customLivenessProbe }} diff --git a/bitnami/grafana-loki/templates/table-manager/deployment.yaml b/bitnami/grafana-loki/templates/table-manager/deployment.yaml index ff1a0dd27c436c..86937eb39d13e8 100644 --- a/bitnami/grafana-loki/templates/table-manager/deployment.yaml +++ b/bitnami/grafana-loki/templates/table-manager/deployment.yaml @@ -118,6 +118,8 @@ spec: name: grpc {{- if .Values.tableManager.resources }} resources: {{- toYaml .Values.tableManager.resources | nindent 12 }} + {{- else if ne .Values.tableManager.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.tableManager.resourcesPreset) | nindent 12 }} {{- end }} {{- if not .Values.diagnosticMode.enabled }} {{- if .Values.tableManager.customLivenessProbe }} diff --git a/bitnami/grafana-loki/values.yaml b/bitnami/grafana-loki/values.yaml index 85ad63016cbe8f..f35b964d921f83 100644 --- a/bitnami/grafana-loki/values.yaml +++ b/bitnami/grafana-loki/values.yaml @@ -19,7 +19,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @@ -44,7 +43,6 @@ clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - ## Enable diagnostic mode in the deployments/statefulsets ## diagnosticMode: @@ -59,7 +57,6 @@ diagnosticMode: ## args: - infinity - ## @section Common Grafana Loki Parameters ## loki: @@ -90,7 +87,6 @@ loki: ## - myRegistryKeySecretName ## pullSecrets: [] - ## @param loki.configuration [string] Loki components configuration ## configuration: | @@ -242,11 +238,9 @@ loki: ## @param loki.existingConfigmap Name of a ConfigMap with the Loki configuration ## existingConfigmap: "" - ## @param loki.dataDir path to the Loki data directory ## dataDir: "/bitnami/grafana-loki" - ## @param loki.containerPorts.http Loki components web container port ## @param loki.containerPorts.grpc Loki components GRPC container port ## @param loki.containerPorts.gossipRing Loki components Gossip Ring container port @@ -268,7 +262,6 @@ loki: ## @param loki.gossipRing.service.annotations Additional custom annotations for Gossip Ring headless service ## annotations: {} - ## @section Compactor Deployment Parameters ## compactor: @@ -355,12 +348,21 @@ compactor: customStartupProbe: {} ## compactor resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param compactor.resources.limits The resources limits for the compactor containers - ## @param compactor.resources.requests The requested resources for the compactor containers - ## - resources: - limits: {} - requests: {} + ## @param compactor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if compactor.resources is set (compactor.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param compactor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param compactor.podSecurityContext.enabled Enabled Compactor pods' Security Context @@ -500,7 +502,6 @@ compactor: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## Enable persistence using Persistent Volume Claims ## ref: https://kubernetes.io/docs/concepts/storage/persistent-volumes/ ## @@ -540,7 +541,6 @@ compactor: ## @param compactor.persistence.dataSource PVC data source ## dataSource: {} - ## @section Compactor Traffic Exposure Parameters ## @@ -652,14 +652,12 @@ compactor: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## @section Gateway Deployment Parameters ## gateway: ## @param gateway.enabled Enable Gateway deployment ## enabled: true - ## Bitnami Nginx image ## ref: https://hub.docker.com/r/bitnami/grafana-nginx/tags/ ## @param gateway.image.registry [default: REGISTRY_NAME] Nginx image registry @@ -689,7 +687,6 @@ gateway: ## pullSecrets: [] debug: false - ## @param gateway.extraEnvVars Array with extra environment variables to add to gateway nodes ## e.g: ## extraEnvVars: @@ -787,12 +784,21 @@ gateway: http: 8080 ## gateway resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param gateway.resources.limits The resources limits for the gateway containers - ## @param gateway.resources.requests The requested resources for the gateway containers - ## - resources: - limits: {} - requests: {} + ## @param gateway.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if gateway.resources is set (gateway.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param gateway.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param gateway.podSecurityContext.enabled Enabled Gateway pods' Security Context @@ -932,7 +938,6 @@ gateway: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Gateway Traffic Exposure Parameters ## @@ -1044,7 +1049,6 @@ gateway: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## Configure the ingress resource that allows you to access the Loki Gateway installation ## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/ ## @@ -1138,7 +1142,6 @@ gateway: ## -----END CERTIFICATE----- ## secrets: [] - ## @section index-gateway Deployment Parameters ## indexGateway: @@ -1229,12 +1232,21 @@ indexGateway: customStartupProbe: {} ## indexGateway resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param indexGateway.resources.limits The resources limits for the indexGateway containers - ## @param indexGateway.resources.requests The requested resources for the indexGateway containers - ## - resources: - limits: {} - requests: {} + ## @param indexGateway.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if indexGateway.resources is set (indexGateway.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param indexGateway.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param indexGateway.podSecurityContext.enabled Enabled index-gateway pods' Security Context @@ -1374,7 +1386,6 @@ indexGateway: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section index-gateway Traffic Exposure Parameters ## @@ -1490,7 +1501,6 @@ indexGateway: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## @section Distributor Deployment Parameters ## distributor: @@ -1574,12 +1584,21 @@ distributor: customStartupProbe: {} ## distributor resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param distributor.resources.limits The resources limits for the distributor containers - ## @param distributor.resources.requests The requested resources for the distributor containers - ## - resources: - limits: {} - requests: {} + ## @param distributor.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if distributor.resources is set (distributor.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param distributor.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param distributor.podSecurityContext.enabled Enabled Distributor pods' Security Context @@ -1719,7 +1738,6 @@ distributor: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Distributor Traffic Exposure Parameters ## @@ -1835,7 +1853,6 @@ distributor: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## @section Ingester Deployment Parameters ## ingester: @@ -1922,12 +1939,21 @@ ingester: lifecycleHooks: {} ## ingester resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param ingester.resources.limits The resources limits for the Ingester containers - ## @param ingester.resources.requests The requested resources for the Ingester containers - ## - resources: - limits: {} - requests: {} + ## @param ingester.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ingester.resources is set (ingester.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param ingester.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param ingester.podSecurityContext.enabled Enabled Ingester pods' Security Context @@ -2068,7 +2094,6 @@ ingester: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Ingester Persistence Parameters ## @@ -2108,7 +2133,6 @@ ingester: ## app: my-app ## selector: {} - ## @section Ingester Traffic Exposure Parameters ## @@ -2224,7 +2248,6 @@ ingester: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## @section Querier Deployment Parameters ## querier: @@ -2312,12 +2335,21 @@ querier: customStartupProbe: {} ## querier resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param querier.resources.limits The resources limits for the Querier containers - ## @param querier.resources.requests The requested resources for the Querier containers - ## - resources: - limits: {} - requests: {} + ## @param querier.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if querier.resources is set (querier.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param querier.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param querier.podSecurityContext.enabled Enabled Querier pods' Security Context @@ -2457,7 +2489,6 @@ querier: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Querier Persistence Parameters ## @@ -2497,7 +2528,6 @@ querier: ## app: my-app ## selector: {} - ## @section Querier Traffic Exposure Parameters ## @@ -2613,7 +2643,6 @@ querier: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## @section Query Frontend Deployment Parameters ## queryFrontend: @@ -2697,12 +2726,21 @@ queryFrontend: customStartupProbe: {} ## queryFrontend resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param queryFrontend.resources.limits The resources limits for the queryFrontend containers - ## @param queryFrontend.resources.requests The requested resources for the queryFrontend containers - ## - resources: - limits: {} - requests: {} + ## @param queryFrontend.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if queryFrontend.resources is set (queryFrontend.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param queryFrontend.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param queryFrontend.podSecurityContext.enabled Enabled queryFrontend pods' Security Context @@ -2842,7 +2880,6 @@ queryFrontend: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Query Frontend Traffic Exposure Parameters ## @@ -3008,11 +3045,9 @@ queryScheduler: periodSeconds: 10 successThreshold: 1 timeoutSeconds: 1 - ## @param queryScheduler.minReadySeconds Minimum time to wait before performing readiness check ## minReadySeconds: 10 - ## @param queryScheduler.readinessProbe.enabled Enable readinessProbe on queryScheduler nodes ## @param queryScheduler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe ## @param queryScheduler.readinessProbe.periodSeconds Period seconds for readinessProbe @@ -3052,12 +3087,21 @@ queryScheduler: customStartupProbe: {} ## queryScheduler resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param queryScheduler.resources.limits The resources limits for the queryScheduler containers - ## @param queryScheduler.resources.requests The requested resources for the queryScheduler containers - ## - resources: - limits: {} - requests: {} + ## @param queryScheduler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if queryScheduler.resources is set (queryScheduler.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param queryScheduler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param queryScheduler.podSecurityContext.enabled Enabled queryScheduler pods' Security Context @@ -3197,7 +3241,6 @@ queryScheduler: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Query Scheduler Traffic Exposure Parameters ## @@ -3313,7 +3356,6 @@ queryScheduler: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## @section Ruler Deployment Parameters ## ruler: @@ -3407,12 +3449,21 @@ ruler: lifecycleHooks: {} ## ruler resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param ruler.resources.limits The resources limits for the Ruler containers - ## @param ruler.resources.requests The requested resources for the Ruler containers - ## - resources: - limits: {} - requests: {} + ## @param ruler.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if ruler.resources is set (ruler.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param ruler.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param ruler.podSecurityContext.enabled Enabled Ruler pods' Security Context @@ -3549,7 +3600,6 @@ ruler: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Ruler Persistence Parameters ## @@ -3589,7 +3639,6 @@ ruler: ## app: my-app ## selector: {} - ## @section Ruler Traffic Exposure Parameters ## @@ -3705,7 +3754,6 @@ ruler: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## @section table-manager Deployment Parameters ## tableManager: @@ -3792,12 +3840,21 @@ tableManager: customStartupProbe: {} ## tableManager resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param tableManager.resources.limits The resources limits for the tableManager containers - ## @param tableManager.resources.requests The requested resources for the tableManager containers - ## - resources: - limits: {} - requests: {} + ## @param tableManager.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if tableManager.resources is set (tableManager.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param tableManager.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param tableManager.podSecurityContext.enabled Enabled table-manager pods' Security Context @@ -3937,7 +3994,6 @@ tableManager: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section table-manager Traffic Exposure Parameters ## @@ -4053,7 +4109,6 @@ tableManager: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## @section Promtail Deployment Parameters ## promtail: @@ -4087,7 +4142,6 @@ promtail: ## - myRegistryKeySecretName ## pullSecrets: [] - ## @param promtail.extraEnvVars Array with extra environment variables to add to promtail nodes ## e.g: ## extraEnvVars: @@ -4110,12 +4164,10 @@ promtail: ## @param promtail.extraArgs Additional container args (will be concatenated to args, unless diagnosticMode is enabled) ## extraArgs: [] - ## @param promtail.containerPorts.http Promtail HTTP port ## containerPorts: http: 8080 - ## Configure extra options for Promtail containers' liveness, readiness and startup probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes ## @param promtail.livenessProbe.enabled Enable livenessProbe on Promtail nodes @@ -4174,12 +4226,21 @@ promtail: lifecycleHooks: {} ## promtail resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param promtail.resources.limits The resources limits for the Promtail containers - ## @param promtail.resources.requests The requested resources for the Promtail containers - ## - resources: - limits: {} - requests: {} + ## @param promtail.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if promtail.resources is set (promtail.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param promtail.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param promtail.podSecurityContext.enabled Enabled Promtail pods' Security Context @@ -4316,7 +4377,6 @@ promtail: ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @param promtail.configuration [string] Promtail configuration ## configuration: | @@ -4404,11 +4464,9 @@ promtail: ## @param promtail.existingSecret Name of a Secret that contains the Promtail configuration ## existingSecret: "" - ## @param promtail.logLevel Promtail logging level ## logLevel: info - ## @section Promtail Traffic Exposure Parameters ## @@ -4523,7 +4581,6 @@ promtail: ## ingressNSMatchLabels: {} ingressNSPodMatchLabels: {} - ## Create RBAC ## @param promtail.rbac.create Create RBAC rules ## @@ -4547,7 +4604,6 @@ promtail: ## @param promtail.serviceAccount.annotations Additional custom annotations for the ServiceAccount ## annotations: {} - ## @section Init Container Parameters ## @@ -4584,12 +4640,21 @@ volumePermissions: pullSecrets: [] ## Init container's resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param volumePermissions.resources.limits The resources limits for the init container - ## @param volumePermissions.resources.requests The requested resources for the init container - ## - resources: - limits: {} - requests: {} + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Init container Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container @@ -4604,7 +4669,6 @@ volumePermissions: runAsUser: 0 seccompProfile: type: "RuntimeDefault" - ## @section Other Parameters ## @@ -4626,7 +4690,6 @@ serviceAccount: ## @param serviceAccount.annotations Additional custom annotations for the ServiceAccount ## annotations: {} - ## @section Metrics Parameters ## Prometheus Exporter / Metrics ## @@ -4670,7 +4733,6 @@ metrics: ## @param metrics.serviceMonitor.jobLabel The name of the label on the target service to use as the job name in prometheus. ## jobLabel: "" - ## @section External Memcached (Chunks) Parameters ## externalMemcachedChunks: @@ -4680,7 +4742,6 @@ externalMemcachedChunks: ## @param externalMemcachedChunks.port Port of a running external memcached instance ## port: 11211 - ## @section Memcached Sub-chart Parameters (Chunks) ## Memcached sub-chart (Chunks) ## @@ -4711,7 +4772,6 @@ memcachedchunks: service: ports: memcached: 11211 - ## @section External Memcached (Frontend) Parameters ## externalMemcachedFrontend: @@ -4721,7 +4781,6 @@ externalMemcachedFrontend: ## @param externalMemcachedFrontend.port Port of a running external memcached instance ## port: 11211 - ## @section Memcached Sub-chart Parameters (Frontend) ## Memcached sub-chart (Frontend) ## @@ -4752,7 +4811,6 @@ memcachedfrontend: service: ports: memcached: 11211 - ## @section External Memcached (Index-Queries) Parameters ## externalMemcachedIndexQueries: @@ -4762,7 +4820,6 @@ externalMemcachedIndexQueries: ## @param externalMemcachedIndexQueries.port Port of a running external memcached instance ## port: 11211 - ## @section Memcached Sub-chart Parameters (Index-Queries) ## Memcached sub-chart (Index-Queries) ## @@ -4770,7 +4827,6 @@ memcachedindexqueries: ## @param memcachedindexqueries.enabled Deploy memcached sub-chart ## enabled: true - ## Bitnami Memcached image version ## ref: https://hub.docker.com/r/bitnami/memcached/tags/ ## @param memcachedindexqueries.image.registry [default: REGISTRY_NAME] Memcached image registry @@ -4794,7 +4850,6 @@ memcachedindexqueries: service: ports: memcached: 11211 - ## @section External Memcached (IndexWrites) Parameters ## externalMemcachedIndexWrites: @@ -4804,7 +4859,6 @@ externalMemcachedIndexWrites: ## @param externalMemcachedIndexWrites.port Port of a running external memcached instance ## port: 11211 - ## @section Memcached Sub-chart Parameters (Index-Writes) ## Memcached sub-chart (Index-Writes) ## From 7ab0f6a2bcb0d872da3ec0f041e47a42995980dd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 16:26:34 +0100 Subject: [PATCH 017/129] [bitnami/mariadb-galera] feat: :sparkles: :lock: Add readOnlyRootFilesystem support (#23596) * [bitnami/mariadb-galera] feat: :sparkles: :lock: Add readOnlyRootFilesystem support Signed-off-by: Javier Salmeron Garcia * chore: :wrench: Bump image tag Signed-off-by: Javier Salmeron Garcia * test: :white_check_mark: Change permissions of mariadb my.cnf file Signed-off-by: Javier Salmeron Garcia --------- Signed-off-by: Javier Salmeron Garcia --- .vib/mariadb-galera/goss/goss.yaml | 2 +- bitnami/mariadb-galera/README.md | 2 ++ .../mariadb-galera/templates/statefulset.yaml | 24 +++++++++++++++---- bitnami/mariadb-galera/values.yaml | 6 ++++- 4 files changed, 28 insertions(+), 6 deletions(-) diff --git a/.vib/mariadb-galera/goss/goss.yaml b/.vib/mariadb-galera/goss/goss.yaml index 2fbbdde19ca2ff..fb571d0ee25a4f 100644 --- a/.vib/mariadb-galera/goss/goss.yaml +++ b/.vib/mariadb-galera/goss/goss.yaml @@ -11,7 +11,7 @@ file: filetype: directory exists: true /opt/bitnami/mariadb/conf/my.cnf: - mode: "0664" + mode: "0644" filetype: file exists: true contents: diff --git a/bitnami/mariadb-galera/README.md b/bitnami/mariadb-galera/README.md index 96afcb7aacc956..683d852a42c82e 100644 --- a/bitnami/mariadb-galera/README.md +++ b/bitnami/mariadb-galera/README.md @@ -150,6 +150,7 @@ The following diagram shows you the options you have for using Bitnami's MariaDB | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | | `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | | `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | @@ -266,6 +267,7 @@ The following diagram shows you the options you have for using Bitnami's MariaDB | `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | | `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `metrics.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | | `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | | `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | diff --git a/bitnami/mariadb-galera/templates/statefulset.yaml b/bitnami/mariadb-galera/templates/statefulset.yaml index a68d1eb25f2889..1d92394f409e85 100644 --- a/bitnami/mariadb-galera/templates/statefulset.yaml +++ b/bitnami/mariadb-galera/templates/statefulset.yaml @@ -63,9 +63,7 @@ spec: topologySpreadConstraints: {{- include "common.tplvalues.render" (dict "value" .Values.topologySpreadConstraints "context" $) | nindent 8 }} {{- end }} {{- if .Values.podSecurityContext.enabled }} - securityContext: - fsGroup: {{ .Values.podSecurityContext.fsGroup }} - runAsUser: {{ .Values.podSecurityContext.runAsUser }} + securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }} {{- end }} {{- if .Values.initContainers }} initContainers: {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} @@ -353,6 +351,14 @@ spec: - name: mariadb-galera-credentials mountPath: /opt/bitnami/mariadb/secrets/ {{- end }} + - name: tmp-dir + mountPath: /tmp + - name: app-conf-dir + mountPath: /opt/bitnami/mariadb/conf + - name: app-tmp-dir + mountPath: /opt/bitnami/mariadb/tmp + - name: app-logs-dir + mountPath: /opt/bitnami/mariadb/logs {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} @@ -416,11 +422,13 @@ spec: {{- else if ne .Values.metrics.resourcesPreset "none" }} resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} {{- end }} - {{- if and .Values.usePasswordFiles (not .Values.customPasswordFiles) }} volumeMounts: + {{- if and .Values.usePasswordFiles (not .Values.customPasswordFiles) }} - name: mariadb-galera-credentials mountPath: /opt/bitnami/mysqld-exporter/secrets/ {{- end }} + - name: tmp-dir + mountPath: /tmp {{- end }} {{- if .Values.sidecars }} {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} @@ -456,6 +464,14 @@ spec: configMap: name: {{ template "mariadb-galera.initdbScriptsCM" . }} {{- end }} + - name: app-conf-dir + emptyDir: {} + - name: app-tmp-dir + emptyDir: {} + - name: app-logs-dir + emptyDir: {} + - name: tmp-dir + emptyDir: {} {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} {{- end }} diff --git a/bitnami/mariadb-galera/values.yaml b/bitnami/mariadb-galera/values.yaml index c3bedb34a2897e..863e02e32cd387 100644 --- a/bitnami/mariadb-galera/values.yaml +++ b/bitnami/mariadb-galera/values.yaml @@ -77,7 +77,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mariadb-galera - tag: 11.2.3-debian-11-r1 + tag: 11.2.3-debian-11-r16 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -289,6 +289,7 @@ podSecurityContext: ## @param containerSecurityContext.enabled Enabled containers' Security Context ## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param containerSecurityContext.privileged Set container's Security Context privileged ## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem @@ -299,6 +300,7 @@ containerSecurityContext: enabled: true seLinuxOptions: null runAsUser: 1001 + runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false @@ -914,6 +916,7 @@ metrics: ## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param metrics.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged ## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem @@ -924,6 +927,7 @@ metrics: enabled: true seLinuxOptions: null runAsUser: 1001 + runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false From 0bbd7a8ff6ef39d94c0c97e09eb0fba499958310 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 16:32:24 +0100 Subject: [PATCH 018/129] [bitnami/nats] feat: :sparkles: :lock: Add readOnlyRootFilesystem support (#23613) Signed-off-by: Javier Salmeron Garcia --- bitnami/nats/Chart.yaml | 2 +- bitnami/nats/README.md | 1 + bitnami/nats/templates/deployment.yaml | 16 ++++++++++++++++ bitnami/nats/templates/statefulset.yaml | 16 ++++++++++++++++ bitnami/nats/values.yaml | 4 +++- 5 files changed, 37 insertions(+), 2 deletions(-) diff --git a/bitnami/nats/Chart.yaml b/bitnami/nats/Chart.yaml index 7288529bf955ca..ba5d52ee2561c0 100644 --- a/bitnami/nats/Chart.yaml +++ b/bitnami/nats/Chart.yaml @@ -31,4 +31,4 @@ maintainers: name: nats sources: - https://github.com/bitnami/charts/tree/main/bitnami/nats -version: 7.15.0 +version: 7.16.0 diff --git a/bitnami/nats/README.md b/bitnami/nats/README.md index d9aec3501f5a99..ef51a4597021db 100644 --- a/bitnami/nats/README.md +++ b/bitnami/nats/README.md @@ -135,6 +135,7 @@ The command removes all the Kubernetes components associated with the chart and | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | | `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | | `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | diff --git a/bitnami/nats/templates/deployment.yaml b/bitnami/nats/templates/deployment.yaml index a7c4720d7e6b45..3138be22b301cb 100644 --- a/bitnami/nats/templates/deployment.yaml +++ b/bitnami/nats/templates/deployment.yaml @@ -144,6 +144,14 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: + - name: tmp-dir + mountPath: /tmp + - name: app-conf-dir + mountPath: /opt/bitnami/nats/conf + - name: app-tmp-dir + mountPath: /opt/bitnami/nats/tmp + - name: app-logs-dir + mountPath: /opt/bitnami/nats/logs - name: config mountPath: /bitnami/nats/conf/{{ .Values.natsFilename }}.conf subPath: {{ .Values.natsFilename }}.conf @@ -188,6 +196,14 @@ spec: {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} {{- end }} volumes: + - name: app-conf-dir + emptyDir: {} + - name: app-tmp-dir + emptyDir: {} + - name: app-logs-dir + emptyDir: {} + - name: tmp-dir + emptyDir: {} - name: config secret: secretName: {{ include "nats.secretName" . }} diff --git a/bitnami/nats/templates/statefulset.yaml b/bitnami/nats/templates/statefulset.yaml index 4e782b1687d273..da53b7241ef01c 100644 --- a/bitnami/nats/templates/statefulset.yaml +++ b/bitnami/nats/templates/statefulset.yaml @@ -149,6 +149,14 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: + - name: tmp-dir + mountPath: /tmp + - name: app-conf-dir + mountPath: /opt/bitnami/nats/conf + - name: app-tmp-dir + mountPath: /opt/bitnami/nats/tmp + - name: app-logs-dir + mountPath: /opt/bitnami/nats/logs - name: config mountPath: /bitnami/nats/conf/{{ .Values.natsFilename }}.conf subPath: {{ .Values.natsFilename }}.conf @@ -197,6 +205,14 @@ spec: {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} {{- end }} volumes: + - name: app-conf-dir + emptyDir: {} + - name: app-tmp-dir + emptyDir: {} + - name: app-logs-dir + emptyDir: {} + - name: tmp-dir + emptyDir: {} - name: config secret: secretName: {{ include "nats.secretName" . }} diff --git a/bitnami/nats/values.yaml b/bitnami/nats/values.yaml index 5f091768804508..076e5dec7c1a0c 100644 --- a/bitnami/nats/values.yaml +++ b/bitnami/nats/values.yaml @@ -65,7 +65,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/nats - tag: 2.10.10-debian-11-r2 + tag: 2.10.11-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -336,6 +336,7 @@ podSecurityContext: ## @param containerSecurityContext.enabled Enabled containers' Security Context ## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param containerSecurityContext.privileged Set container's Security Context privileged ## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem @@ -347,6 +348,7 @@ containerSecurityContext: enabled: true seLinuxOptions: null runAsUser: 1001 + runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false From ac7af838d4ec700a8e0d6d69f82a14a6f1fc20b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fran=20de=20Paz=20Gal=C3=A1n?= Date: Tue, 20 Feb 2024 18:07:29 +0100 Subject: [PATCH 019/129] [bitnami/postgresql-ha] Add allowExternalEgress to avoid breaking Istio (#23615) * [bitnami/postgresql-ha] Add allowExternalEgress to avoid breaking istio Signed-off-by: Fran de Paz * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers --------- Signed-off-by: Fran de Paz Signed-off-by: Bitnami Containers Co-authored-by: Bitnami Containers --- bitnami/postgresql-ha/Chart.yaml | 2 +- bitnami/postgresql-ha/README.md | 4 ++-- bitnami/postgresql-ha/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bitnami/postgresql-ha/Chart.yaml b/bitnami/postgresql-ha/Chart.yaml index 9d6e0be747141b..6c0383373ee2cb 100644 --- a/bitnami/postgresql-ha/Chart.yaml +++ b/bitnami/postgresql-ha/Chart.yaml @@ -40,4 +40,4 @@ maintainers: name: postgresql-ha sources: - https://github.com/bitnami/charts/tree/main/bitnami/postgresql-ha -version: 13.4.0 +version: 13.4.1 diff --git a/bitnami/postgresql-ha/README.md b/bitnami/postgresql-ha/README.md index 68ee43e9c707fb..0e92309fc786b7 100644 --- a/bitnami/postgresql-ha/README.md +++ b/bitnami/postgresql-ha/README.md @@ -186,7 +186,7 @@ Additionally, if `persistence.resourcePolicy` is set to `keep`, you should manua | `postgresql.customStartupProbe` | Override default startup probe | `{}` | | `postgresql.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | | `postgresql.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `postgresql.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `false` | +| `postgresql.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | | `postgresql.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | | `postgresql.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | | `postgresql.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | @@ -442,7 +442,7 @@ Additionally, if `persistence.resourcePolicy` is set to `keep`, you should manua | `pgpool.startupProbe.successThreshold` | Success threshold for startupProbe | `1` | | `pgpool.networkPolicy.enabled` | Specifies whether a NetworkPolicy should be created | `true` | | `pgpool.networkPolicy.allowExternal` | Don't require server label for connections | `true` | -| `pgpool.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `false` | +| `pgpool.networkPolicy.allowExternalEgress` | Allow the pod to access any range of port and all destinations. | `true` | | `pgpool.networkPolicy.extraIngress` | Add extra ingress rules to the NetworkPolice | `[]` | | `pgpool.networkPolicy.extraEgress` | Add extra ingress rules to the NetworkPolicy | `[]` | | `pgpool.networkPolicy.ingressNSMatchLabels` | Labels to match to allow traffic from other namespaces | `{}` | diff --git a/bitnami/postgresql-ha/values.yaml b/bitnami/postgresql-ha/values.yaml index 894e1daaa3dbe1..c5b4ec2845664d 100644 --- a/bitnami/postgresql-ha/values.yaml +++ b/bitnami/postgresql-ha/values.yaml @@ -394,7 +394,7 @@ postgresql: allowExternal: true ## @param postgresql.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## - allowExternalEgress: false + allowExternalEgress: true ## @param postgresql.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice ## e.g: ## extraIngress: @@ -1405,7 +1405,7 @@ pgpool: allowExternal: true ## @param pgpool.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations. ## - allowExternalEgress: false + allowExternalEgress: true ## @param pgpool.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolice ## e.g: ## extraIngress: From 8e186b6d76538b361342c1ea00f25274d63c97e2 Mon Sep 17 00:00:00 2001 From: Javier Salmeron Garcia Date: Tue, 20 Feb 2024 18:13:05 +0100 Subject: [PATCH 020/129] [bitnami/nats] chore: :recycle: Move all emptydirs to one Signed-off-by: Javier Salmeron Garcia --- bitnami/nats/Chart.yaml | 2 +- bitnami/nats/templates/deployment.yaml | 20 +++++++++----------- bitnami/nats/templates/statefulset.yaml | 20 +++++++++----------- 3 files changed, 19 insertions(+), 23 deletions(-) diff --git a/bitnami/nats/Chart.yaml b/bitnami/nats/Chart.yaml index ba5d52ee2561c0..929718b63644c1 100644 --- a/bitnami/nats/Chart.yaml +++ b/bitnami/nats/Chart.yaml @@ -31,4 +31,4 @@ maintainers: name: nats sources: - https://github.com/bitnami/charts/tree/main/bitnami/nats -version: 7.16.0 +version: 7.17.0 diff --git a/bitnami/nats/templates/deployment.yaml b/bitnami/nats/templates/deployment.yaml index 3138be22b301cb..e12048cec36108 100644 --- a/bitnami/nats/templates/deployment.yaml +++ b/bitnami/nats/templates/deployment.yaml @@ -144,14 +144,18 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - - name: tmp-dir + - name: empty-dir mountPath: /tmp - - name: app-conf-dir + subPath: tmp-dir + - name: empty-dir mountPath: /opt/bitnami/nats/conf - - name: app-tmp-dir + subPath: app-conf-dir + - name: empty-dir mountPath: /opt/bitnami/nats/tmp - - name: app-logs-dir + subPath: app-tmp-dir + - name: empty-dir mountPath: /opt/bitnami/nats/logs + subPath: app-logs-dir - name: config mountPath: /bitnami/nats/conf/{{ .Values.natsFilename }}.conf subPath: {{ .Values.natsFilename }}.conf @@ -196,13 +200,7 @@ spec: {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} {{- end }} volumes: - - name: app-conf-dir - emptyDir: {} - - name: app-tmp-dir - emptyDir: {} - - name: app-logs-dir - emptyDir: {} - - name: tmp-dir + - name: empty-dir emptyDir: {} - name: config secret: diff --git a/bitnami/nats/templates/statefulset.yaml b/bitnami/nats/templates/statefulset.yaml index da53b7241ef01c..0e13764456f00d 100644 --- a/bitnami/nats/templates/statefulset.yaml +++ b/bitnami/nats/templates/statefulset.yaml @@ -149,14 +149,18 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - - name: tmp-dir + - name: empty-dir mountPath: /tmp - - name: app-conf-dir + subPath: tmp-dir + - name: empty-dir mountPath: /opt/bitnami/nats/conf - - name: app-tmp-dir + subPath: app-conf-dir + - name: empty-dir mountPath: /opt/bitnami/nats/tmp - - name: app-logs-dir + subPath: app-tmp-dir + - name: empty-dir mountPath: /opt/bitnami/nats/logs + subPath: app-logs-dir - name: config mountPath: /bitnami/nats/conf/{{ .Values.natsFilename }}.conf subPath: {{ .Values.natsFilename }}.conf @@ -205,13 +209,7 @@ spec: {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} {{- end }} volumes: - - name: app-conf-dir - emptyDir: {} - - name: app-tmp-dir - emptyDir: {} - - name: app-logs-dir - emptyDir: {} - - name: tmp-dir + - name: empty-dir emptyDir: {} - name: config secret: From 045d64e84fbe9e6318e005f384e6845bde90e205 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 18:15:12 +0100 Subject: [PATCH 021/129] [bitnami/etcd] feat: :sparkles: :lock: Add readOnlyRootFilesystem support (#23611) * [bitnami/etcd] feat: :sparkles: :lock: Add readOnlyRootFilesystem support Signed-off-by: Javier Salmeron Garcia * chore: :recycle: Move all emptydirs to one Signed-off-by: Javier Salmeron Garcia * chore: :recycle: cronjob Move all emptydirs to one Signed-off-by: Javier Salmeron Garcia --------- Signed-off-by: Javier Salmeron Garcia --- bitnami/etcd/Chart.yaml | 2 +- bitnami/etcd/README.md | 2 ++ bitnami/etcd/templates/cronjob.yaml | 7 ++++++ bitnami/etcd/templates/statefulset.yaml | 30 +++++++++++++++++-------- bitnami/etcd/values.yaml | 4 ++++ 5 files changed, 35 insertions(+), 10 deletions(-) diff --git a/bitnami/etcd/Chart.yaml b/bitnami/etcd/Chart.yaml index 03f807385c0c96..f07fbfcd59f1db 100644 --- a/bitnami/etcd/Chart.yaml +++ b/bitnami/etcd/Chart.yaml @@ -32,4 +32,4 @@ maintainers: name: etcd sources: - https://github.com/bitnami/charts/tree/main/bitnami/etcd -version: 9.13.0 +version: 9.14.0 diff --git a/bitnami/etcd/README.md b/bitnami/etcd/README.md index c228ee1afb95ff..ff3d0392f5c933 100644 --- a/bitnami/etcd/README.md +++ b/bitnami/etcd/README.md @@ -148,9 +148,11 @@ The command removes all the Kubernetes components associated with the chart and | `containerSecurityContext.enabled` | Enabled etcd containers' Security Context | `true` | | `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `containerSecurityContext.runAsUser` | Set etcd containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsGroup` | Set etcd containers' Security Context runAsUser | `0` | | `containerSecurityContext.runAsNonRoot` | Set Controller container's Security Context runAsNonRoot | `true` | | `containerSecurityContext.privileged` | Set primary container's Security Context privileged | `false` | | `containerSecurityContext.allowPrivilegeEscalation` | Set primary container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | | `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | | `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | | `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` | diff --git a/bitnami/etcd/templates/cronjob.yaml b/bitnami/etcd/templates/cronjob.yaml index 8729203b57cb3f..643ad6e978c506 100644 --- a/bitnami/etcd/templates/cronjob.yaml +++ b/bitnami/etcd/templates/cronjob.yaml @@ -60,6 +60,8 @@ spec: volumeMounts: - name: snapshot-volume mountPath: /snapshots + - name: tmp-dir + mountPath: /tmp {{- end }} containers: - name: etcd-snapshotter @@ -122,6 +124,9 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.disasterRecovery.cronjob.resourcesPreset) | nindent 16 }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir - name: snapshot-volume mountPath: /snapshots {{- if .Values.disasterRecovery.pvc.subPath }} @@ -133,6 +138,8 @@ spec: readOnly: true {{- end }} volumes: + - name: empty-dir + emptyDir: {} {{- if .Values.auth.client.secureTransport }} - name: certs secret: diff --git a/bitnami/etcd/templates/statefulset.yaml b/bitnami/etcd/templates/statefulset.yaml index 9ecad5aa215d4a..fdfd8ce5762ed6 100644 --- a/bitnami/etcd/templates/statefulset.yaml +++ b/bitnami/etcd/templates/statefulset.yaml @@ -103,6 +103,9 @@ spec: volumeMounts: - name: data mountPath: /bitnami/etcd + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- end }} {{- end }} containers: @@ -332,6 +335,17 @@ spec: resources: {{- include "common.tplvalues.render" (dict "value" .Values.resources "context" $) | nindent 12 }} {{- end }} volumeMounts: + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: configuration + mountPath: /opt/bitnami/etcd/conf/ + {{- else }} + - name: empty-dir + mountPath: /opt/bitnami/etcd/conf/ + subPath: app-conf-dir + {{- end }} + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir - name: data mountPath: /bitnami/etcd {{- if and (eq .Values.auth.token.enabled true) (eq .Values.auth.token.type "jwt") }} @@ -350,10 +364,6 @@ spec: subPath: {{ .Values.disasterRecovery.pvc.subPath }} {{- end }} {{- end }} - {{- if or .Values.configuration .Values.existingConfigmap }} - - name: etcd-config - mountPath: /opt/bitnami/etcd/conf/ - {{- end }} {{- if or .Values.auth.client.enableAuthentication (and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS )) }} - name: etcd-client-certs mountPath: /opt/bitnami/etcd/certs/client/ @@ -371,6 +381,13 @@ spec: {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} {{- end }} volumes: + - name: empty-dir + emptyDir: {} + {{- if or .Values.configuration .Values.existingConfigmap }} + - name: configuration + configMap: + name: {{ include "etcd.configmapName" . }} + {{- end }} {{- if and (eq .Values.auth.token.enabled true) (eq .Values.auth.token.type "jwt") }} - name: etcd-jwt-token secret: @@ -387,11 +404,6 @@ spec: persistentVolumeClaim: claimName: {{ include "etcd.disasterRecovery.pvc.name" . }} {{- end }} - {{- if or .Values.configuration .Values.existingConfigmap }} - - name: etcd-config - configMap: - name: {{ include "etcd.configmapName" . }} - {{- end }} {{- if or .Values.auth.client.enableAuthentication (and .Values.auth.client.secureTransport (not .Values.auth.client.useAutoTLS )) }} - name: etcd-client-certs secret: diff --git a/bitnami/etcd/values.yaml b/bitnami/etcd/values.yaml index 2b48e9f309aa62..5b006e412a10c8 100644 --- a/bitnami/etcd/values.yaml +++ b/bitnami/etcd/values.yaml @@ -309,9 +309,11 @@ podSecurityContext: ## @param containerSecurityContext.enabled Enabled etcd containers' Security Context ## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser Set etcd containers' Security Context runAsUser +## @param containerSecurityContext.runAsGroup Set etcd containers' Security Context runAsUser ## @param containerSecurityContext.runAsNonRoot Set Controller container's Security Context runAsNonRoot ## @param containerSecurityContext.privileged Set primary container's Security Context privileged ## @param containerSecurityContext.allowPrivilegeEscalation Set primary container's Security Context allowPrivilegeEscalation +## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem ## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped ## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile ## @@ -319,9 +321,11 @@ containerSecurityContext: enabled: true seLinuxOptions: null runAsUser: 1001 + runAsGroup: 0 runAsNonRoot: true privileged: false allowPrivilegeEscalation: false + readOnlyRootFilesystem: false capabilities: drop: ["ALL"] seccompProfile: From a30dddc1883dcf95f82e9f2dc2a3360afda8a24e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 20 Feb 2024 18:15:21 +0100 Subject: [PATCH 022/129] [bitnami/schema-registry] feat: :sparkles: :lock: Add readOnlyRootFilesystem support (#23614) * [bitnami/schema-registry] feat: :sparkles: :lock: Add readOnlyRootFilesystem support Signed-off-by: Javier Salmeron Garcia * chore: :recycle: Move all emptydirs to one Signed-off-by: Javier Salmeron Garcia * chore: :recycle: Rename subPaths Signed-off-by: Javier Salmeron Garcia --------- Signed-off-by: Javier Salmeron Garcia --- .vib/schema-registry/goss/goss.yaml | 2 +- bitnami/schema-registry/Chart.yaml | 2 +- bitnami/schema-registry/README.md | 1 + .../schema-registry/templates/statefulset.yaml | 15 +++++++++++---- bitnami/schema-registry/values.yaml | 4 +++- 5 files changed, 17 insertions(+), 7 deletions(-) diff --git a/.vib/schema-registry/goss/goss.yaml b/.vib/schema-registry/goss/goss.yaml index 31d3ab2eb5855f..bbf498a010c390 100644 --- a/.vib/schema-registry/goss/goss.yaml +++ b/.vib/schema-registry/goss/goss.yaml @@ -3,7 +3,7 @@ file: /opt/bitnami/schema-registry/etc/schema-registry/schema-registry.properties: - mode: "0664" + mode: "0644" filetype: file exists: true contents: diff --git a/bitnami/schema-registry/Chart.yaml b/bitnami/schema-registry/Chart.yaml index 9f3fcdab12d81e..b9d763b42e02ea 100644 --- a/bitnami/schema-registry/Chart.yaml +++ b/bitnami/schema-registry/Chart.yaml @@ -34,4 +34,4 @@ maintainers: name: schema-registry sources: - https://github.com/bitnami/charts/tree/main/bitnami/schema-registry -version: 16.8.0 +version: 16.9.0 diff --git a/bitnami/schema-registry/README.md b/bitnami/schema-registry/README.md index 754499a30c4536..a72f7ce0a70382 100644 --- a/bitnami/schema-registry/README.md +++ b/bitnami/schema-registry/README.md @@ -140,6 +140,7 @@ The command removes all the Kubernetes components associated with the chart and | `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | | `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | | `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | | `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | diff --git a/bitnami/schema-registry/templates/statefulset.yaml b/bitnami/schema-registry/templates/statefulset.yaml index c0fafdc2e73a8e..c310b2e9141cfe 100644 --- a/bitnami/schema-registry/templates/statefulset.yaml +++ b/bitnami/schema-registry/templates/statefulset.yaml @@ -236,8 +236,16 @@ spec: {{- if .Values.lifecycleHooks }} lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.lifecycleHooks "context" $) | nindent 12 }} {{- end }} - {{- if or .Values.configuration .Values.existingConfigmap .Values.log4j .Values.existingLog4jConfigMap (contains "SSL" $kafkaProtocol) .Values.extraVolumes }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/schema-registry/etc + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/bitnami/schema-registry/logs + subPath: app-logs-dir {{- if or .Values.configuration .Values.existingConfigmap }} - name: configuration mountPath: /bitnami/schema-registry/etc/schema-registry/schema-registry.properties @@ -256,12 +264,12 @@ spec: {{- if .Values.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} - {{- end }} {{- if .Values.sidecars }} {{- include "common.tplvalues.render" ( dict "value" .Values.sidecars "context" $) | nindent 8 }} {{- end }} - {{- if or .Values.configuration .Values.existingConfigmap .Values.log4j .Values.existingLog4jConfigMap (contains "SSL" $kafkaProtocol) .Values.auth.tls.enabled .Values.extraVolumes }} volumes: + - name: empty-dir + emptyDir: {} {{- if or .Values.configuration .Values.existingConfigmap }} - name: configuration configMap: @@ -289,4 +297,3 @@ spec: {{- if .Values.extraVolumes }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes "context" $) | nindent 8 }} {{- end }} - {{- end }} diff --git a/bitnami/schema-registry/values.yaml b/bitnami/schema-registry/values.yaml index e3b3755d3da149..6db5336eff4dbf 100644 --- a/bitnami/schema-registry/values.yaml +++ b/bitnami/schema-registry/values.yaml @@ -69,7 +69,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/schema-registry - tag: 7.5.3-debian-11-r3 + tag: 7.5.3-debian-11-r17 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -306,6 +306,7 @@ podSecurityContext: ## @param containerSecurityContext.enabled Enabled containers' Security Context ## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param containerSecurityContext.privileged Set container's Security Context privileged ## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem @@ -317,6 +318,7 @@ containerSecurityContext: enabled: true seLinuxOptions: null runAsUser: 1001 + runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false From c6d0a8cbaae78100911838a7e4a5a1fc671d283d Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 09:29:03 +0100 Subject: [PATCH 023/129] [bitnami/argo-workflows] Release 6.4.1 (#23399) * [bitnami/argo-workflows] Release 6.4.1 updating components versions Signed-off-by: Bitnami Containers * Update CRDs automatically Signed-off-by: Bitnami Containers * [bitnami/argo-workflows] Add extraDeploy to runtime-parameters.yaml Signed-off-by: Gonzalo Gomez Gracia --------- Signed-off-by: Bitnami Containers Signed-off-by: Gonzalo Gomez Gracia Co-authored-by: Gonzalo Gomez Gracia --- .vib/argo-workflows/runtime-parameters.yaml | 19 ++++++++++++++++++- bitnami/argo-workflows/Chart.yaml | 10 +++++----- bitnami/argo-workflows/README.md | 2 +- .../argoproj.io_clusterworkflowtemplates.yaml | 2 +- .../crds/argoproj.io_cronworkflows.yaml | 2 +- .../argoproj.io_workflowartifactgctasks.yaml | 2 +- .../argoproj.io_workfloweventbindings.yaml | 2 +- .../crds/argoproj.io_workflows.yaml | 2 +- .../crds/argoproj.io_workflowtaskresults.yaml | 2 +- .../crds/argoproj.io_workflowtasksets.yaml | 2 +- .../crds/argoproj.io_workflowtemplates.yaml | 2 +- bitnami/argo-workflows/values.yaml | 6 +++--- 12 files changed, 35 insertions(+), 18 deletions(-) diff --git a/.vib/argo-workflows/runtime-parameters.yaml b/.vib/argo-workflows/runtime-parameters.yaml index 69c159e0741e84..78b04b25de3407 100644 --- a/.vib/argo-workflows/runtime-parameters.yaml +++ b/.vib/argo-workflows/runtime-parameters.yaml @@ -25,4 +25,21 @@ postgresql: ports: postgresql: 5432 mysql: - enabled: false \ No newline at end of file + enabled: false +# The service account running the workflows needs to have 'patch' privileges on pods for the given namespace +# In our tests, that combination is 'default/default' +extraDeploy: + - | + apiVersion: rbac.authorization.k8s.io/v1 + kind: RoleBinding + metadata: + name: default-cluster-admin + namespace: default + roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: cluster-admin + subjects: + - kind: ServiceAccount + name: default + namespace: default diff --git a/bitnami/argo-workflows/Chart.yaml b/bitnami/argo-workflows/Chart.yaml index e40163dcd59e81..d34949dc1920d3 100644 --- a/bitnami/argo-workflows/Chart.yaml +++ b/bitnami/argo-workflows/Chart.yaml @@ -6,13 +6,13 @@ annotations: licenses: Apache-2.0 images: | - name: argo-workflow-controller - image: docker.io/bitnami/argo-workflow-controller:3.5.1-debian-11-r1 + image: docker.io/bitnami/argo-workflow-controller:3.5.4-debian-11-r3 - name: argo-workflow-exec - image: docker.io/bitnami/argo-workflow-exec:3.5.1-debian-11-r1 + image: docker.io/bitnami/argo-workflow-exec:3.5.4-debian-11-r10 - name: argo-workflow-cli - image: docker.io/bitnami/argo-workflow-cli:3.5.1-debian-11-r1 + image: docker.io/bitnami/argo-workflow-cli:3.5.4-debian-11-r3 apiVersion: v2 -appVersion: 3.5.1 +appVersion: 3.5.4 dependencies: - condition: postgresql.enabled name: postgresql @@ -42,4 +42,4 @@ maintainers: name: argo-workflows sources: - https://github.com/bitnami/charts/tree/main/bitnami/argo-workflows -version: 6.6.0 +version: 6.6.1 diff --git a/bitnami/argo-workflows/README.md b/bitnami/argo-workflows/README.md index f0382d0b57b672..23a6caa263c541 100644 --- a/bitnami/argo-workflows/README.md +++ b/bitnami/argo-workflows/README.md @@ -652,4 +652,4 @@ Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and -limitations under the License. +limitations under the License. \ No newline at end of file diff --git a/bitnami/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml b/bitnami/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml index 4081bc48a5f8fb..b7af2811433175 100644 --- a/bitnami/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml +++ b/bitnami/argo-workflows/crds/argoproj.io_clusterworkflowtemplates.yaml @@ -1,5 +1,5 @@ # Source: https://raw.githubusercontent.com/argoproj/argo-workflows/v{version}/manifests/base/crds/minimal/argoproj.io_clusterworkflowtemplates.yaml -# Version: 3.5.1 +# Version: 3.5.4 apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/bitnami/argo-workflows/crds/argoproj.io_cronworkflows.yaml b/bitnami/argo-workflows/crds/argoproj.io_cronworkflows.yaml index 820b72b08dcd5b..522ee89e297539 100644 --- a/bitnami/argo-workflows/crds/argoproj.io_cronworkflows.yaml +++ b/bitnami/argo-workflows/crds/argoproj.io_cronworkflows.yaml @@ -1,5 +1,5 @@ # Source: https://raw.githubusercontent.com/argoproj/argo-workflows/v{version}/manifests/base/crds/minimal/argoproj.io_cronworkflows.yaml -# Version: 3.5.1 +# Version: 3.5.4 apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/bitnami/argo-workflows/crds/argoproj.io_workflowartifactgctasks.yaml b/bitnami/argo-workflows/crds/argoproj.io_workflowartifactgctasks.yaml index 357a162496fd3d..64fea16fe29a27 100644 --- a/bitnami/argo-workflows/crds/argoproj.io_workflowartifactgctasks.yaml +++ b/bitnami/argo-workflows/crds/argoproj.io_workflowartifactgctasks.yaml @@ -1,5 +1,5 @@ # Source: https://raw.githubusercontent.com/argoproj/argo-workflows/v{version}/manifests/base/crds/minimal/argoproj.io_workflowartifactgctasks.yaml -# Version: 3.5.1 +# Version: 3.5.4 apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/bitnami/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml b/bitnami/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml index fa08ee9a194a27..443e7e5879932f 100644 --- a/bitnami/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml +++ b/bitnami/argo-workflows/crds/argoproj.io_workfloweventbindings.yaml @@ -1,5 +1,5 @@ # Source: https://raw.githubusercontent.com/argoproj/argo-workflows/v{version}/manifests/base/crds/minimal/argoproj.io_workfloweventbindings.yaml -# Version: 3.5.1 +# Version: 3.5.4 apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/bitnami/argo-workflows/crds/argoproj.io_workflows.yaml b/bitnami/argo-workflows/crds/argoproj.io_workflows.yaml index 22db6f666e2d64..3c9629737cf9d2 100644 --- a/bitnami/argo-workflows/crds/argoproj.io_workflows.yaml +++ b/bitnami/argo-workflows/crds/argoproj.io_workflows.yaml @@ -1,5 +1,5 @@ # Source: https://raw.githubusercontent.com/argoproj/argo-workflows/v{version}/manifests/base/crds/minimal/argoproj.io_workflows.yaml -# Version: 3.5.1 +# Version: 3.5.4 apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/bitnami/argo-workflows/crds/argoproj.io_workflowtaskresults.yaml b/bitnami/argo-workflows/crds/argoproj.io_workflowtaskresults.yaml index aee0e59c234c2f..a5a9e856a39b62 100644 --- a/bitnami/argo-workflows/crds/argoproj.io_workflowtaskresults.yaml +++ b/bitnami/argo-workflows/crds/argoproj.io_workflowtaskresults.yaml @@ -1,5 +1,5 @@ # Source: https://raw.githubusercontent.com/argoproj/argo-workflows/v{version}/manifests/base/crds/minimal/argoproj.io_workflowtaskresults.yaml -# Version: 3.5.1 +# Version: 3.5.4 apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/bitnami/argo-workflows/crds/argoproj.io_workflowtasksets.yaml b/bitnami/argo-workflows/crds/argoproj.io_workflowtasksets.yaml index 944056887c85ad..f684ecd36100ec 100644 --- a/bitnami/argo-workflows/crds/argoproj.io_workflowtasksets.yaml +++ b/bitnami/argo-workflows/crds/argoproj.io_workflowtasksets.yaml @@ -1,5 +1,5 @@ # Source: https://raw.githubusercontent.com/argoproj/argo-workflows/v{version}/manifests/base/crds/minimal/argoproj.io_workflowtasksets.yaml -# Version: 3.5.1 +# Version: 3.5.4 apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/bitnami/argo-workflows/crds/argoproj.io_workflowtemplates.yaml b/bitnami/argo-workflows/crds/argoproj.io_workflowtemplates.yaml index ad9b8f49083a47..8a63dc79b3efe2 100644 --- a/bitnami/argo-workflows/crds/argoproj.io_workflowtemplates.yaml +++ b/bitnami/argo-workflows/crds/argoproj.io_workflowtemplates.yaml @@ -1,5 +1,5 @@ # Source: https://raw.githubusercontent.com/argoproj/argo-workflows/v{version}/manifests/base/crds/minimal/argoproj.io_workflowtemplates.yaml -# Version: 3.5.1 +# Version: 3.5.4 apiVersion: apiextensions.k8s.io/v1 kind: CustomResourceDefinition metadata: diff --git a/bitnami/argo-workflows/values.yaml b/bitnami/argo-workflows/values.yaml index 9d04a9a6197f55..c988045307122d 100644 --- a/bitnami/argo-workflows/values.yaml +++ b/bitnami/argo-workflows/values.yaml @@ -66,7 +66,7 @@ server: image: registry: docker.io repository: bitnami/argo-workflow-cli - tag: 3.5.1-debian-11-r1 + tag: 3.5.4-debian-11-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -552,7 +552,7 @@ controller: image: registry: docker.io repository: bitnami/argo-workflow-controller - tag: 3.5.1-debian-11-r1 + tag: 3.5.4-debian-11-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1104,7 +1104,7 @@ executor: image: registry: docker.io repository: bitnami/argo-workflow-exec - tag: 3.5.1-debian-11-r1 + tag: 3.5.4-debian-11-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 50a8bafeb6a7032a5d503acd24ed3a8c464e384f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Wed, 21 Feb 2024 09:56:25 +0100 Subject: [PATCH 024/129] [bitnami/clickhouse] feat: :sparkles: :lock: Add readOnlyRootFilesystem support (#23605) * [bitnami/clickhouse] feat: :sparkles: :lock: Add readOnlyRootFilesystem support Signed-off-by: Javier Salmeron Garcia * chore: :recycle: Move all emptydirs to one Signed-off-by: Javier Salmeron Garcia --------- Signed-off-by: Javier Salmeron Garcia --- bitnami/clickhouse/README.md | 1 + bitnami/clickhouse/templates/statefulset.yaml | 20 +++++++++++++++++++ bitnami/clickhouse/values.yaml | 4 +++- 3 files changed, 24 insertions(+), 1 deletion(-) diff --git a/bitnami/clickhouse/README.md b/bitnami/clickhouse/README.md index 3af786ab01bcab..8dbd6599ff45cb 100644 --- a/bitnami/clickhouse/README.md +++ b/bitnami/clickhouse/README.md @@ -140,6 +140,7 @@ The command removes all the Kubernetes components associated with the chart and | `containerSecurityContext.enabled` | Enable containers' Security Context | `true` | | `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | | `containerSecurityContext.runAsNonRoot` | Set containers' Security Context runAsNonRoot | `true` | | `containerSecurityContext.readOnlyRootFilesystem` | Set read only root file system pod's | `false` | | `containerSecurityContext.privileged` | Set contraller container's Security Context privileged | `false` | diff --git a/bitnami/clickhouse/templates/statefulset.yaml b/bitnami/clickhouse/templates/statefulset.yaml index 2a50f93e4f1a4f..799fc248813f88 100644 --- a/bitnami/clickhouse/templates/statefulset.yaml +++ b/bitnami/clickhouse/templates/statefulset.yaml @@ -102,6 +102,9 @@ spec: mountPath: /tmp/certs - name: clickhouse-certificates mountPath: /opt/bitnami/clickhouse/certs + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- else if and $.Values.volumePermissions.enabled $.Values.persistence.enabled }} - name: volume-permissions image: {{ include "clickhouse.volumePermissions.image" $ }} @@ -137,6 +140,9 @@ spec: volumeMounts: - name: data mountPath: /bitnami/clickhouse + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- if $.Values.tls.enabled }} - name: raw-certificates mountPath: /tmp/certs @@ -309,6 +315,18 @@ spec: lifecycle: {{- include "common.tplvalues.render" (dict "value" $.Values.lifecycleHooks "context" $) | nindent 12 }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /opt/bitnami/clickhouse/etc + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/bitnami/clickhouse/logs + subPath: app-logs-dir + - name: empty-dir + mountPath: /opt/bitnami/clickhouse/tmp + subPath: app-tmp-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir - name: scripts mountPath: /scripts/setup.sh subPath: setup.sh @@ -355,6 +373,8 @@ spec: configMap: name: {{ printf "%s-scripts" (include "common.names.fullname" $) }} defaultMode: 0755 + - name: empty-dir + emptyDir: {} - name: config configMap: name: {{ template "clickhouse.configmapName" $ }} diff --git a/bitnami/clickhouse/values.yaml b/bitnami/clickhouse/values.yaml index 1fb6a301c4139f..2d2a01de32202c 100644 --- a/bitnami/clickhouse/values.yaml +++ b/bitnami/clickhouse/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/clickhouse - tag: 24.1.5-debian-11-r0 + tag: 24.1.5-debian-11-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -218,6 +218,7 @@ podSecurityContext: ## @param containerSecurityContext.enabled Enable containers' Security Context ## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser +## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param containerSecurityContext.runAsNonRoot Set containers' Security Context runAsNonRoot ## @param containerSecurityContext.readOnlyRootFilesystem Set read only root file system pod's ## @param containerSecurityContext.privileged Set contraller container's Security Context privileged @@ -229,6 +230,7 @@ containerSecurityContext: enabled: true seLinuxOptions: null runAsUser: 1001 + runAsGroup: 0 runAsNonRoot: true privileged: false allowPrivilegeEscalation: false From 16c310ee3eda7ca98442e9ef1fed71fe2a4345e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Wed, 21 Feb 2024 10:08:34 +0100 Subject: [PATCH 025/129] [bitnami/mariadb-galera] chore: :recycle: Move all emptydirs to one (#23617) Signed-off-by: Javier Salmeron Garcia --- bitnami/mariadb-galera/Chart.yaml | 2 +- .../mariadb-galera/templates/statefulset.yaml | 23 +++++++++---------- 2 files changed, 12 insertions(+), 13 deletions(-) diff --git a/bitnami/mariadb-galera/Chart.yaml b/bitnami/mariadb-galera/Chart.yaml index 098e31ad7c6df9..7f902cb1aef7ee 100644 --- a/bitnami/mariadb-galera/Chart.yaml +++ b/bitnami/mariadb-galera/Chart.yaml @@ -33,4 +33,4 @@ maintainers: name: mariadb-galera sources: - https://github.com/bitnami/charts/tree/main/bitnami/mariadb-galera -version: 11.5.0 +version: 11.6.0 diff --git a/bitnami/mariadb-galera/templates/statefulset.yaml b/bitnami/mariadb-galera/templates/statefulset.yaml index 1d92394f409e85..598cd76bb5bfab 100644 --- a/bitnami/mariadb-galera/templates/statefulset.yaml +++ b/bitnami/mariadb-galera/templates/statefulset.yaml @@ -351,14 +351,18 @@ spec: - name: mariadb-galera-credentials mountPath: /opt/bitnami/mariadb/secrets/ {{- end }} - - name: tmp-dir + - name: empty-dir mountPath: /tmp - - name: app-conf-dir + subPath: tmp-dir + - name: empty-dir mountPath: /opt/bitnami/mariadb/conf - - name: app-tmp-dir + subPath: app-conf-dir + - name: empty-dir mountPath: /opt/bitnami/mariadb/tmp - - name: app-logs-dir + subPath: app-tmp-dir + - name: empty-dir mountPath: /opt/bitnami/mariadb/logs + subPath: app-logs-dir {{- if .Values.extraVolumeMounts }} {{- toYaml .Values.extraVolumeMounts | nindent 12 }} {{- end }} @@ -427,8 +431,9 @@ spec: - name: mariadb-galera-credentials mountPath: /opt/bitnami/mysqld-exporter/secrets/ {{- end }} - - name: tmp-dir + - name: empty-dir mountPath: /tmp + subPath: app-tmp-dir {{- end }} {{- if .Values.sidecars }} {{- include "common.tplvalues.render" (dict "value" .Values.sidecars "context" $) | nindent 8 }} @@ -464,13 +469,7 @@ spec: configMap: name: {{ template "mariadb-galera.initdbScriptsCM" . }} {{- end }} - - name: app-conf-dir - emptyDir: {} - - name: app-tmp-dir - emptyDir: {} - - name: app-logs-dir - emptyDir: {} - - name: tmp-dir + - name: empty-dir emptyDir: {} {{- if .Values.extraVolumes }} {{- toYaml .Values.extraVolumes | nindent 8 }} From 5ba71f3236d29f094de72be9ce22e20a71832eb6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Wed, 21 Feb 2024 10:26:52 +0100 Subject: [PATCH 026/129] [bitnami/sonarqube] feat: :sparkles: :lock: Add resource preset support (#23522) * [bitnami/sonarqube] feat: :sparkles: :lock: Add resource preset support Signed-off-by: Javier Salmeron Garcia * fix: :rotating_light: Remove unnecessary "else" in sharded Signed-off-by: Javier Salmeron Garcia * fix: :bug: Fix if/else statements Signed-off-by: Javier Salmeron Garcia --------- Signed-off-by: Javier Salmeron Garcia --- bitnami/sonarqube/Chart.lock | 6 +- bitnami/sonarqube/README.md | 303 ++++++++++---------- bitnami/sonarqube/templates/NOTES.txt | 1 + bitnami/sonarqube/templates/deployment.yaml | 30 +- bitnami/sonarqube/values.yaml | 154 ++++++---- 5 files changed, 289 insertions(+), 205 deletions(-) diff --git a/bitnami/sonarqube/Chart.lock b/bitnami/sonarqube/Chart.lock index 2b3385d605a32e..70094330179dd6 100644 --- a/bitnami/sonarqube/Chart.lock +++ b/bitnami/sonarqube/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 13.4.4 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.14.1 -digest: sha256:df7a91aeacacfd618cf1fd92a7d4b8b9db71abb89d1a67b026372cba2381d189 -generated: "2024-02-02T11:09:20.10581797Z" + version: 2.15.3 +digest: sha256:e08d67109d82e36a3e93290f950311e7761cee1565ff9cf4af06faf37b10fa31 +generated: "2024-02-14T16:06:34.477986778+01:00" diff --git a/bitnami/sonarqube/README.md b/bitnami/sonarqube/README.md index 535d233e0afdab..4cbd3dfa6ea4e0 100644 --- a/bitnami/sonarqube/README.md +++ b/bitnami/sonarqube/README.md @@ -134,68 +134,68 @@ The command removes all the Kubernetes components associated with the chart and ### SonarQube™ deployment parameters -| Name | Description | Value | -| --------------------------------------------------- | ---------------------------------------------------------------------------------------------- | ---------------- | -| `replicaCount` | Number of SonarQube™ replicas to deploy | `1` | -| `containerPorts.http` | SonarQube™ HTTP container port | `9000` | -| `containerPorts.elastic` | SonarQube™ Elasticsearch container port | `9001` | -| `livenessProbe.enabled` | Enable livenessProbe on SonarQube™ containers | `true` | -| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `100` | -| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | -| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | -| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | -| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | -| `readinessProbe.enabled` | Enable readinessProbe on SonarQube™ containers | `true` | -| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `100` | -| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | -| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | -| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | -| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | -| `startupProbe.enabled` | Enable startupProbe on SonarQube™ containers | `false` | -| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | -| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | -| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | -| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | -| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | -| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | -| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | -| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | -| `resources.limits` | The resources limits for the SonarQube™ containers | `{}` | -| `resources.requests` | The requested resources for the SonarQube™ containers | `{}` | -| `podSecurityContext.enabled` | Enabled SonarQube™ pods' Security Context | `true` | -| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | -| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | -| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | -| `podSecurityContext.fsGroup` | Set SonarQube™ pod's Security Context fsGroup | `1001` | -| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | -| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | -| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | -| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | -| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | -| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | -| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | -| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | -| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | -| `hostAliases` | SonarQube™ pods host aliases | `[]` | -| `podLabels` | Extra labels for SonarQube™ pods | `{}` | -| `podAnnotations` | Annotations for SonarQube™ pods | `{}` | -| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | -| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | -| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | -| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | -| `affinity` | Affinity for SonarQube™ pods assignment | `{}` | -| `nodeSelector` | Node labels for SonarQube™ pods assignment | `{}` | -| `tolerations` | Tolerations for SonarQube™ pods assignment | `[]` | -| `updateStrategy.type` | SonarQube™ deployment strategy type | `RollingUpdate` | -| `priorityClassName` | SonarQube™ pods' priorityClassName | `""` | -| `schedulerName` | Name of the k8s scheduler (other than default) for SonarQube™ pods | `""` | -| `lifecycleHooks` | for the SonarQube™ container(s) to automate configuration before or after startup | `{}` | -| `extraVolumes` | Optionally specify extra list of additional volumes for the SonarQube™ pod(s) | `[]` | -| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the SonarQube™ container(s) | `[]` | -| `sidecars` | Add additional sidecar containers to the SonarQube™ pod(s) | `[]` | -| `initContainers` | Add additional init containers to the SonarQube™ pod(s) | `[]` | +| Name | Description | Value | +| --------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- | +| `replicaCount` | Number of SonarQube™ replicas to deploy | `1` | +| `containerPorts.http` | SonarQube™ HTTP container port | `9000` | +| `containerPorts.elastic` | SonarQube™ Elasticsearch container port | `9001` | +| `livenessProbe.enabled` | Enable livenessProbe on SonarQube™ containers | `true` | +| `livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `100` | +| `livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` | +| `livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` | +| `livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `readinessProbe.enabled` | Enable readinessProbe on SonarQube™ containers | `true` | +| `readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `100` | +| `readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` | +| `readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` | +| `readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `startupProbe.enabled` | Enable startupProbe on SonarQube™ containers | `false` | +| `startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` | +| `startupProbe.periodSeconds` | Period seconds for startupProbe | `10` | +| `startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `1` | +| `startupProbe.failureThreshold` | Failure threshold for startupProbe | `15` | +| `startupProbe.successThreshold` | Success threshold for startupProbe | `1` | +| `customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` | +| `customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` | +| `customStartupProbe` | Custom startupProbe that overrides the default one | `{}` | +| `resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). | `none` | +| `resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `podSecurityContext.enabled` | Enabled SonarQube™ pods' Security Context | `true` | +| `podSecurityContext.fsGroupChangePolicy` | Set filesystem group change policy | `Always` | +| `podSecurityContext.sysctls` | Set kernel settings using the sysctl interface | `[]` | +| `podSecurityContext.supplementalGroups` | Set filesystem extra groups | `[]` | +| `podSecurityContext.fsGroup` | Set SonarQube™ pod's Security Context fsGroup | `1001` | +| `containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | +| `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | +| `containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | +| `containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | +| `containerSecurityContext.allowPrivilegeEscalation` | Set container's Security Context allowPrivilegeEscalation | `false` | +| `containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` | +| `containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` | +| `automountServiceAccountToken` | Mount Service Account token in pod | `false` | +| `hostAliases` | SonarQube™ pods host aliases | `[]` | +| `podLabels` | Extra labels for SonarQube™ pods | `{}` | +| `podAnnotations` | Annotations for SonarQube™ pods | `{}` | +| `podAffinityPreset` | Pod affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `podAntiAffinityPreset` | Pod anti-affinity preset. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `soft` | +| `nodeAffinityPreset.type` | Node affinity preset type. Ignored if `affinity` is set. Allowed values: `soft` or `hard` | `""` | +| `nodeAffinityPreset.key` | Node label key to match. Ignored if `affinity` is set | `""` | +| `nodeAffinityPreset.values` | Node label values to match. Ignored if `affinity` is set | `[]` | +| `affinity` | Affinity for SonarQube™ pods assignment | `{}` | +| `nodeSelector` | Node labels for SonarQube™ pods assignment | `{}` | +| `tolerations` | Tolerations for SonarQube™ pods assignment | `[]` | +| `updateStrategy.type` | SonarQube™ deployment strategy type | `RollingUpdate` | +| `priorityClassName` | SonarQube™ pods' priorityClassName | `""` | +| `schedulerName` | Name of the k8s scheduler (other than default) for SonarQube™ pods | `""` | +| `lifecycleHooks` | for the SonarQube™ container(s) to automate configuration before or after startup | `{}` | +| `extraVolumes` | Optionally specify extra list of additional volumes for the SonarQube™ pod(s) | `[]` | +| `extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the SonarQube™ container(s) | `[]` | +| `sidecars` | Add additional sidecar containers to the SonarQube™ pod(s) | `[]` | +| `initContainers` | Add additional init containers to the SonarQube™ pod(s) | `[]` | ### Traffic Exposure Parameters @@ -239,71 +239,76 @@ The command removes all the Kubernetes components associated with the chart and ### SonarQube caCerts provisioning parameters -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | -------------------------- | -| `caCerts.enabled` | Enable the use of caCerts | `false` | -| `caCerts.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | -| `caCerts.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | -| `caCerts.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `caCerts.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | -| `caCerts.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | -| `caCerts.secret` | Name of the secret containing the certificates | `ca-certs-secret` | -| `caCerts.resources.limits` | The resources limits for the init container | `{}` | -| `caCerts.resources.requests` | The requested resources for the init container | `{}` | -| `caCerts.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `caCerts.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | +| Name | Description | Value | +| ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `caCerts.enabled` | Enable the use of caCerts | `false` | +| `caCerts.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | +| `caCerts.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | +| `caCerts.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `caCerts.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | +| `caCerts.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | +| `caCerts.secret` | Name of the secret containing the certificates | `ca-certs-secret` | +| `caCerts.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if caCerts.resources is set (caCerts.resources is recommended for production). | `none` | +| `caCerts.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `caCerts.containerSecurityContext.enabled` | Enable container security context | `true` | +| `caCerts.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `caCerts.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | ### SonarQube plugin provisioning parameters -| Name | Description | Value | -| ------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | -------------------------- | -| `plugins.install` | List of plugin URLS to download and install | `[]` | -| `plugins.netrcCreds` | .netrc secret file with a key "netrc" to use basic auth while downloading plugins | `""` | -| `plugins.noCheckCertificate` | Set to true to not validate the server's certificate to download plugin | `true` | -| `plugins.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | -| `plugins.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | -| `plugins.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `plugins.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | -| `plugins.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | -| `plugins.resources.limits` | The resources limits for the init container | `{}` | -| `plugins.resources.requests` | The requested resources for the init container | `{}` | -| `plugins.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `plugins.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | +| Name | Description | Value | +| ------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `plugins.install` | List of plugin URLS to download and install | `[]` | +| `plugins.netrcCreds` | .netrc secret file with a key "netrc" to use basic auth while downloading plugins | `""` | +| `plugins.noCheckCertificate` | Set to true to not validate the server's certificate to download plugin | `true` | +| `plugins.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | +| `plugins.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | +| `plugins.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `plugins.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | +| `plugins.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | +| `plugins.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if plugins.resources is set (plugins.resources is recommended for production). | `none` | +| `plugins.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `plugins.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `plugins.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | ### Persistence Parameters -| Name | Description | Value | -| ----------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------ | -------------------------- | -| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `false` | -| `persistence.storageClass` | Persistent Volume storage class | `""` | -| `persistence.accessModes` | Persistent Volume access modes | `[]` | -| `persistence.size` | Persistent Volume size | `10Gi` | -| `persistence.dataSource` | Custom PVC data source | `{}` | -| `persistence.existingClaim` | The name of an existing PVC to use for persistence | `""` | -| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | -| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | -| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | -| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | -| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | -| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | -| `volumePermissions.resources.limits` | The resources limits for the init container | `{}` | -| `volumePermissions.resources.requests` | The requested resources for the init container | `{}` | -| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | +| Name | Description | Value | +| ----------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------- | +| `persistence.enabled` | Enable persistence using Persistent Volume Claims | `false` | +| `persistence.storageClass` | Persistent Volume storage class | `""` | +| `persistence.accessModes` | Persistent Volume access modes | `[]` | +| `persistence.size` | Persistent Volume size | `10Gi` | +| `persistence.dataSource` | Custom PVC data source | `{}` | +| `persistence.existingClaim` | The name of an existing PVC to use for persistence | `""` | +| `persistence.annotations` | Persistent Volume Claim annotations | `{}` | +| `volumePermissions.enabled` | Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup` | `false` | +| `volumePermissions.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | +| `volumePermissions.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | +| `volumePermissions.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `volumePermissions.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | +| `volumePermissions.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | +| `volumePermissions.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). | `none` | +| `volumePermissions.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `volumePermissions.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `volumePermissions.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | ### Sysctl Image parameters -| Name | Description | Value | -| --------------------------- | ------------------------------------------------------------------------------------------------------------------ | -------------------------- | -| `sysctl.enabled` | Enable kernel settings modifier image | `true` | -| `sysctl.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | -| `sysctl.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | -| `sysctl.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `sysctl.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | -| `sysctl.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | -| `sysctl.resources.limits` | The resources limits for the init container | `{}` | -| `sysctl.resources.requests` | The requested resources for the init container | `{}` | +| Name | Description | Value | +| ------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | -------------------------- | +| `sysctl.enabled` | Enable kernel settings modifier image | `true` | +| `sysctl.image.registry` | OS Shell + Utility image registry | `REGISTRY_NAME` | +| `sysctl.image.repository` | OS Shell + Utility image repository | `REPOSITORY_NAME/os-shell` | +| `sysctl.image.digest` | OS Shell + Utility image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `sysctl.image.pullPolicy` | OS Shell + Utility image pull policy | `IfNotPresent` | +| `sysctl.image.pullSecrets` | OS Shell + Utility image pull secrets | `[]` | +| `sysctl.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production). | `none` | +| `sysctl.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `sysctl.containerSecurityContext.enabled` | Enable container security context | `true` | +| `sysctl.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `sysctl.containerSecurityContext.runAsUser` | Set init container's Security Context runAsUser | `0` | +| `sysctl.containerSecurityContext.privileged` | Set init container's Security Context privileged | `true` | ### Other Parameters @@ -322,34 +327,34 @@ The command removes all the Kubernetes components associated with the chart and ### Metrics parameters -| Name | Description | Value | -| ----------------------------------------------------- | ------------------------------------------------------------------------------------------------------------ | ------------------------------ | -| `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` | -| `metrics.jmx.image.registry` | JMX exporter image registry | `REGISTRY_NAME` | -| `metrics.jmx.image.repository` | JMX exporter image repository | `REPOSITORY_NAME/jmx-exporter` | -| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | -| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | -| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | -| `metrics.jmx.containerPorts.metrics` | JMX Exporter metrics container port | `10445` | -| `metrics.jmx.resources.limits` | The resources limits for the init container | `{}` | -| `metrics.jmx.resources.requests` | The requested resources for the init container | `{}` | -| `metrics.jmx.containerSecurityContext.enabled` | Enabled JMX Exporter containers' Security Context | `true` | -| `metrics.jmx.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | -| `metrics.jmx.containerSecurityContext.runAsUser` | Set JMX Exporter containers' Security Context runAsUser | `1001` | -| `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set JMX Exporter containers' Security Context runAsNonRoot | `true` | -| `metrics.jmx.whitelistObjectNames` | Allows setting which JMX objects you want to expose to via JMX stats to JMX Exporter | `[]` | -| `metrics.jmx.configuration` | Configuration file for JMX exporter | `""` | -| `metrics.jmx.service.ports.metrics` | JMX Exporter Prometheus port | `10443` | -| `metrics.jmx.service.annotations` | Annotations for the JMX Exporter Prometheus metrics service | `{}` | -| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.jmx.enabled` to be `true`) | `false` | -| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | -| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | -| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | -| `metrics.serviceMonitor.interval` | How frequently to scrape metrics | `""` | -| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | -| `metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | -| `metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | -| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | +| Name | Description | Value | +| ----------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------ | +| `metrics.jmx.enabled` | Whether or not to expose JMX metrics to Prometheus | `false` | +| `metrics.jmx.image.registry` | JMX exporter image registry | `REGISTRY_NAME` | +| `metrics.jmx.image.repository` | JMX exporter image repository | `REPOSITORY_NAME/jmx-exporter` | +| `metrics.jmx.image.digest` | JMX exporter image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` | +| `metrics.jmx.image.pullPolicy` | JMX exporter image pull policy | `IfNotPresent` | +| `metrics.jmx.image.pullSecrets` | Specify docker-registry secret names as an array | `[]` | +| `metrics.jmx.containerPorts.metrics` | JMX Exporter metrics container port | `10445` | +| `metrics.jmx.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.jmx.resources is set (metrics.jmx.resources is recommended for production). | `none` | +| `metrics.jmx.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` | +| `metrics.jmx.containerSecurityContext.enabled` | Enabled JMX Exporter containers' Security Context | `true` | +| `metrics.jmx.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | +| `metrics.jmx.containerSecurityContext.runAsUser` | Set JMX Exporter containers' Security Context runAsUser | `1001` | +| `metrics.jmx.containerSecurityContext.runAsNonRoot` | Set JMX Exporter containers' Security Context runAsNonRoot | `true` | +| `metrics.jmx.whitelistObjectNames` | Allows setting which JMX objects you want to expose to via JMX stats to JMX Exporter | `[]` | +| `metrics.jmx.configuration` | Configuration file for JMX exporter | `""` | +| `metrics.jmx.service.ports.metrics` | JMX Exporter Prometheus port | `10443` | +| `metrics.jmx.service.annotations` | Annotations for the JMX Exporter Prometheus metrics service | `{}` | +| `metrics.serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor (requires `metrics.jmx.enabled` to be `true`) | `false` | +| `metrics.serviceMonitor.namespace` | Namespace in which Prometheus is running | `""` | +| `metrics.serviceMonitor.labels` | Extra labels for the ServiceMonitor | `{}` | +| `metrics.serviceMonitor.jobLabel` | The name of the label on the target service to use as the job name in Prometheus | `""` | +| `metrics.serviceMonitor.interval` | How frequently to scrape metrics | `""` | +| `metrics.serviceMonitor.scrapeTimeout` | Timeout after which the scrape is ended | `""` | +| `metrics.serviceMonitor.metricRelabelings` | Specify additional relabeling of metrics | `[]` | +| `metrics.serviceMonitor.relabelings` | Specify general relabeling | `[]` | +| `metrics.serviceMonitor.selector` | Prometheus instance selector labels | `{}` | ### PostgreSQL subchart settings @@ -408,6 +413,12 @@ helm install my-release -f values.yaml oci://REGISTRY_NAME/REPOSITORY_NAME/sonar ## Configuration and installation details +### Resource requests and limits + +Bitnami charts allow setting resource requests and limits for all containers inside the chart deployment. These are inside the `resources` value (check parameter table). Setting requests is essential for production workloads and these should be adapted to your specific use case. + +To make this process easier, the chart contains the `resourcesPreset` values, which automatically sets the `resources` section according to different presets. Check these presets in [the bitnami/common chart](https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15). However, in production workloads using `resourcePreset` is discouraged as it may not fully adapt to your specific needs. Find more information on container resource management in the [official Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/). + ### [Rolling VS Immutable tags](https://docs.bitnami.com/tutorials/understand-rolling-tags-containers) It is strongly recommended to use immutable tags in a production environment. This ensures your deployment does not change automatically if the same tag is updated with a different image. diff --git a/bitnami/sonarqube/templates/NOTES.txt b/bitnami/sonarqube/templates/NOTES.txt index 952170ded9b9a9..0fadcb575ca645 100644 --- a/bitnami/sonarqube/templates/NOTES.txt +++ b/bitnami/sonarqube/templates/NOTES.txt @@ -95,3 +95,4 @@ You can access the JMX Prometheus metrics following the steps below: {{- $passwordValidationErrors = append $passwordValidationErrors $requiredSonarQubePasswordError -}} {{- end }} {{- include "common.errors.upgrade.passwords.empty" (dict "validationErrors" $passwordValidationErrors "context" $) -}} +{{- include "common.warnings.resources" (dict "sections" (list "caCerts" "metrics.jmx" "plugins" "" "sysctl" "volumePermissions") "context" $) }} diff --git a/bitnami/sonarqube/templates/deployment.yaml b/bitnami/sonarqube/templates/deployment.yaml index c32a60df92302c..a16852dc900eca 100644 --- a/bitnami/sonarqube/templates/deployment.yaml +++ b/bitnami/sonarqube/templates/deployment.yaml @@ -78,8 +78,14 @@ spec: - name: provisioning mountPath: {{ .Values.provisioningFolder }}/extensions/plugins/ subPath: extensions/plugins + {{- if .Values.plugins.resources }} resources: {{- toYaml .Values.plugins.resources | nindent 12 }} - securityContext: {{- .Values.plugins.containerSecurityContext | toYaml | nindent 12 }} + {{- else if ne .Values.plugins.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.plugins.resourcesPreset) | nindent 12 }} + {{- end }} + {{- if .Values.plugins.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.plugins.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} {{- end }} {{- if .Values.caCerts.enabled }} - name: {{ printf "%s-ca-certs-initcontainer" (include "common.names.fullname" .) }} @@ -93,8 +99,14 @@ spec: subPath: certs - mountPath: /tmp/secrets/ca-certs name: ca-certs + {{- if .Values.caCerts.resources }} resources: {{- toYaml .Values.caCerts.resources | nindent 12 }} - securityContext: {{- .Values.caCerts.containerSecurityContext | toYaml | nindent 12 }} + {{- else if ne .Values.caCerts.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.caCerts.resourcesPreset) | nindent 12 }} + {{- end }} + {{- if .Values.caCerts.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.caCerts.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} {{- end }} {{- if .Values.sysctl.enabled }} ## Image that performs the sysctl operation to modify Kernel settings (needed sometimes to avoid boot errors) @@ -107,11 +119,13 @@ spec: - | {{- include "sonarqube.sysctl.ifLess" (dict "key" "vm.max_map_count" "value" "262144") | nindent 14 }} {{- include "sonarqube.sysctl.ifLess" (dict "key" "fs.file-max" "value" "65536") | nindent 14 }} - securityContext: - privileged: true - runAsUser: 0 + {{- if .Values.sysctl.containerSecurityContext.enabled }} + securityContext: {{- omit .Values.sysctl.containerSecurityContext "enabled" | toYaml | nindent 12 }} + {{- end }} {{- if .Values.sysctl.resources }} resources: {{- toYaml .Values.sysctl.resources | nindent 12 }} + {{- else if ne .Values.sysctl.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.sysctl.resourcesPreset) | nindent 12 }} {{- end }} {{- end }} {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} @@ -129,6 +143,8 @@ spec: {{- end }} {{- if .Values.volumePermissions.resources }} resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} + {{- else if ne .Values.volumePermissions.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: sonarqube @@ -314,6 +330,8 @@ spec: {{- end }} {{- if .Values.resources }} resources: {{- toYaml .Values.resources | nindent 12 }} + {{- else if ne .Values.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.resourcesPreset) | nindent 12 }} {{- end }} ports: - name: http @@ -383,6 +401,8 @@ spec: containerPort: {{ .Values.metrics.jmx.containerPorts.metrics }} {{- if .Values.metrics.jmx.resources }} resources: {{- toYaml .Values.metrics.jmx.resources | nindent 12 }} + {{- else if ne .Values.metrics.jmx.resourcesPreset "none" }} + resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.jmx.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - name: jmx-config diff --git a/bitnami/sonarqube/values.yaml b/bitnami/sonarqube/values.yaml index a73a56425f2dca..b796869248e7e8 100644 --- a/bitnami/sonarqube/values.yaml +++ b/bitnami/sonarqube/values.yaml @@ -19,7 +19,6 @@ global: ## imagePullSecrets: [] storageClass: "" - ## @section Common parameters ## @@ -44,7 +43,6 @@ clusterDomain: cluster.local ## @param extraDeploy Array of extra objects to deploy with the release ## extraDeploy: [] - ## Enable diagnostic mode in the deployment ## diagnosticMode: @@ -59,7 +57,6 @@ diagnosticMode: ## args: - infinity - ## @section SonarQube™ Image parameters ## @@ -94,7 +91,6 @@ image: ## Enable debug mode ## debug: false - ## @section SonarQube™ Configuration parameters ## SonarQube™ settings based on environment variables ## ref: https://github.com/bitnami/containers/tree/main/bitnami/sonarqube#environment-variables @@ -234,7 +230,6 @@ extraEnvVarsCM: "" ## @param extraEnvVarsSecret Name of existing Secret containing extra env vars for SonarQube™ nodes ## extraEnvVarsSecret: "" - ## @section SonarQube™ deployment parameters ## @@ -303,14 +298,21 @@ customReadinessProbe: {} customStartupProbe: {} ## SonarQube™ resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ -## @param resources.limits The resources limits for the SonarQube™ containers -## @param resources.requests [object] The requested resources for the SonarQube™ containers -## -resources: - limits: {} - requests: - cpu: 100m - memory: 2048Mi +## @param resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if resources is set (resources is recommended for production). +## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 +## +resourcesPreset: "none" +## @param resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) +## Example: +## resources: +## requests: +## cpu: 2 +## memory: 512Mi +## limits: +## cpu: 3 +## memory: 1024Mi +## +resources: {} ## Configure Pods Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param podSecurityContext.enabled Enabled SonarQube™ pods' Security Context @@ -447,7 +449,6 @@ sidecars: [] ## command: ['sh', '-c', 'echo "hello world"'] ## initContainers: [] - ## @section Traffic Exposure Parameters ## @@ -508,7 +509,6 @@ service: ## timeoutSeconds: 300 ## sessionAffinityConfig: {} - ## Network Policies ## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/ ## @@ -674,7 +674,6 @@ ingress: ## name: http ## extraRules: [] - ## @section SonarQube caCerts provisioning parameters ## ## Provide a secret containing one or more certificate files in the keys that will be added to cacerts @@ -711,14 +710,24 @@ caCerts: secret: ca-certs-secret ## Init container's resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param caCerts.resources.limits The resources limits for the init container - ## @param caCerts.resources.requests The requested resources for the init container - ## - resources: - limits: {} - requests: {} + ## @param caCerts.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if caCerts.resources is set (caCerts.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param caCerts.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Init container Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container + ## @param caCerts.containerSecurityContext.enabled Enable container security context ## @param caCerts.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param caCerts.containerSecurityContext.runAsUser Set init container's Security Context runAsUser ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the @@ -726,9 +735,9 @@ caCerts: ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) ## containerSecurityContext: + enabled: true seLinuxOptions: null runAsUser: 0 - ## @section SonarQube plugin provisioning parameters ## plugins: @@ -771,12 +780,21 @@ plugins: pullSecrets: [] ## Init container's resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param plugins.resources.limits The resources limits for the init container - ## @param plugins.resources.requests The requested resources for the init container - ## - resources: - limits: {} - requests: {} + ## @param plugins.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if plugins.resources is set (plugins.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param plugins.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Init container Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param plugins.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container @@ -788,7 +806,6 @@ plugins: containerSecurityContext: seLinuxOptions: null runAsUser: 0 - ## @section Persistence Parameters ## @@ -854,12 +871,21 @@ volumePermissions: pullSecrets: [] ## Init container's resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param volumePermissions.resources.limits The resources limits for the init container - ## @param volumePermissions.resources.requests The requested resources for the init container - ## - resources: - limits: {} - requests: {} + ## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Init container Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container ## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container @@ -871,7 +897,6 @@ volumePermissions: containerSecurityContext: seLinuxOptions: null runAsUser: 0 - ## @section Sysctl Image parameters ## @@ -906,13 +931,34 @@ sysctl: pullSecrets: [] ## Init container's resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param sysctl.resources.limits The resources limits for the init container - ## @param sysctl.resources.requests The requested resources for the init container + ## @param sysctl.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if sysctl.resources is set (sysctl.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 + ## + resourcesPreset: "none" + ## @param sysctl.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} + ## @param sysctl.containerSecurityContext.enabled Enable container security context + ## @param sysctl.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container + ## @param sysctl.containerSecurityContext.runAsUser Set init container's Security Context runAsUser + ## @param sysctl.containerSecurityContext.privileged Set init container's Security Context privileged + ## NOTE: when runAsUser is set to special value "auto", init container will try to chown the + ## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2` + ## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed) ## - resources: - limits: {} - requests: {} - + containerSecurityContext: + enabled: true + privileged: true + runAsUser: 0 + seLinuxOptions: null ## @section Other Parameters ## @@ -948,7 +994,6 @@ autoscaling: maxReplicas: 11 targetCPU: 50 targetMemory: 50 - ## @section Metrics parameters ## @@ -990,12 +1035,21 @@ metrics: metrics: 10445 ## Prometheus JMX Exporter' resource requests and limits ## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/ - ## @param metrics.jmx.resources.limits The resources limits for the init container - ## @param metrics.jmx.resources.requests The requested resources for the init container + ## @param metrics.jmx.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if metrics.jmx.resources is set (metrics.jmx.resources is recommended for production). + ## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15 ## - resources: - limits: {} - requests: {} + resourcesPreset: "none" + ## @param metrics.jmx.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads) + ## Example: + ## resources: + ## requests: + ## cpu: 2 + ## memory: 512Mi + ## limits: + ## cpu: 3 + ## memory: 1024Mi + ## + resources: {} ## Configure Container Security Context ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod ## @param metrics.jmx.containerSecurityContext.enabled Enabled JMX Exporter containers' Security Context @@ -1087,7 +1141,6 @@ metrics: ## ref: https://github.com/bitnami/charts/tree/main/bitnami/prometheus-operator#prometheus-configuration ## selector: {} - ## @section PostgreSQL subchart settings ## @@ -1148,7 +1201,6 @@ postgresql: ## @param postgresql.primary.persistence.size PVC Storage Request for PostgreSQL volume ## size: 8Gi - ## @section External Database settings ## From d96a96f3e29d7df6b8fdbc54be853161299b8734 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Wed, 21 Feb 2024 10:27:01 +0100 Subject: [PATCH 027/129] [bitnami/postgresql] feat: :sparkles: :lock: Add readOnlyRootFilesystem support (#23565) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [bitnami/postgresql] feat: :sparkles: :lock: Add readOnlyRootFilesystem support Signed-off-by: Javier Salmeron Garcia * fix: :bug: Set proper volume names Signed-off-by: Javier Salmeron Garcia * chore: :wrench: Change image tag Signed-off-by: Javier Salmeron Garcia * test: :white_check_mark: Update goss test to match new ownership Signed-off-by: Javier Salmeron Garcia * fix: :bug: Apply same change in secondary node Signed-off-by: Javier Salmeron Garcia * chore: :recycle: Move all emptydirs to one Signed-off-by: Javier Salmeron Garcia --------- Signed-off-by: Javier Salmeron Garcia Signed-off-by: Javier J. Salmerón-García --- .vib/postgresql/goss/goss.yaml | 3 +-- bitnami/postgresql/README.md | 4 +++ .../postgresql/templates/backup/cronjob.yaml | 5 ++++ .../templates/primary/statefulset.yaml | 25 +++++++++++++++++-- .../templates/read/statefulset.yaml | 25 +++++++++++++++++-- bitnami/postgresql/values.yaml | 8 ++++++ 6 files changed, 64 insertions(+), 6 deletions(-) diff --git a/.vib/postgresql/goss/goss.yaml b/.vib/postgresql/goss/goss.yaml index ee89c7e834d9b2..8396a6c219c366 100644 --- a/.vib/postgresql/goss/goss.yaml +++ b/.vib/postgresql/goss/goss.yaml @@ -46,8 +46,7 @@ file: /opt/bitnami/postgresql/conf/postgresql.conf: exists: true filetype: file - mode: "0664" - group: root + mode: "0644" contents: - /shared_preload_libraries.*{{ .Vars.postgresqlSharedPreloadLibraries }}/ - /port.*{{ $port }}/ diff --git a/bitnami/postgresql/README.md b/bitnami/postgresql/README.md index 1996c36ebb1de5..75aa3c2ebd90cc 100644 --- a/bitnami/postgresql/README.md +++ b/bitnami/postgresql/README.md @@ -214,6 +214,7 @@ kubectl delete pvc -l release=my-release | `primary.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | | `primary.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `primary.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `primary.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | | `primary.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `primary.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | | `primary.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | @@ -325,6 +326,7 @@ kubectl delete pvc -l release=my-release | `readReplicas.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | | `readReplicas.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `readReplicas.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `readReplicas.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | | `readReplicas.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `readReplicas.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | | `readReplicas.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | @@ -413,6 +415,7 @@ kubectl delete pvc -l release=my-release | `backup.cronjob.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | | `backup.cronjob.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `backup.cronjob.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `backup.cronjob.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | | `backup.cronjob.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `backup.cronjob.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | | `backup.cronjob.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | @@ -480,6 +483,7 @@ kubectl delete pvc -l release=my-release | `metrics.containerSecurityContext.enabled` | Enabled containers' Security Context | `true` | | `metrics.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `metrics.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` | +| `metrics.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `0` | | `metrics.containerSecurityContext.runAsNonRoot` | Set container's Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.privileged` | Set container's Security Context privileged | `false` | | `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context readOnlyRootFilesystem | `false` | diff --git a/bitnami/postgresql/templates/backup/cronjob.yaml b/bitnami/postgresql/templates/backup/cronjob.yaml index cdf87f7433561e..47ca11be9f6dba 100644 --- a/bitnami/postgresql/templates/backup/cronjob.yaml +++ b/bitnami/postgresql/templates/backup/cronjob.yaml @@ -89,6 +89,9 @@ spec: - name: datadir mountPath: {{ .Values.backup.cronjob.storage.mountPath }} subPath: {{ .Values.backup.cronjob.storage.subPath }} + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- if .Values.backup.cronjob.containerSecurityContext.enabled }} securityContext: {{- omit .Values.backup.cronjob.containerSecurityContext "enabled" | toYaml | nindent 14 }} {{- end }} @@ -111,4 +114,6 @@ spec: persistentVolumeClaim: claimName: {{ include "postgresql.v1.primary.fullname" . }}-pgdumpall {{- end }} + - name: empty-dir + emptyDir: {} {{- end }} diff --git a/bitnami/postgresql/templates/primary/statefulset.yaml b/bitnami/postgresql/templates/primary/statefulset.yaml index 184e32e62eca5a..0b09526c230d71 100644 --- a/bitnami/postgresql/templates/primary/statefulset.yaml +++ b/bitnami/postgresql/templates/primary/statefulset.yaml @@ -106,6 +106,9 @@ spec: cp /tmp/certs/* /opt/bitnami/postgresql/certs/ chmod 600 {{ include "postgresql.v1.tlsCertKey" . }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir - name: raw-certificates mountPath: /tmp/certs - name: postgresql-certificates @@ -156,13 +159,14 @@ spec: securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} {{- end }} volumeMounts: - {{- if .Values.primary.persistence.enabled }} + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir - name: data mountPath: {{ .Values.primary.persistence.mountPath }} {{- if .Values.primary.persistence.subPath }} subPath: {{ .Values.primary.persistence.subPath }} {{- end }} - {{- end }} {{- if .Values.shmVolume.enabled }} - name: dshm mountPath: /dev/shm @@ -453,6 +457,18 @@ spec: lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.primary.lifecycleHooks "context" $) | nindent 12 }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/conf + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/tmp + subPath: app-tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/logs + subPath: app-logs-dir {{- if or .Values.primary.initdb.scriptsConfigMap .Values.primary.initdb.scripts }} - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d/ @@ -561,6 +577,9 @@ spec: {{- end }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- if .Values.auth.usePasswordFiles }} - name: postgresql-password mountPath: /opt/bitnami/postgresql/secrets/ @@ -580,6 +599,8 @@ spec: {{- include "common.tplvalues.render" ( dict "value" .Values.primary.sidecars "context" $ ) | nindent 8 }} {{- end }} volumes: + - name: empty-dir + emptyDir: {} {{- if or .Values.primary.configuration .Values.primary.pgHbaConfiguration .Values.primary.existingConfigmap }} - name: postgresql-config configMap: diff --git a/bitnami/postgresql/templates/read/statefulset.yaml b/bitnami/postgresql/templates/read/statefulset.yaml index 86666d6a623957..95242b481d7168 100644 --- a/bitnami/postgresql/templates/read/statefulset.yaml +++ b/bitnami/postgresql/templates/read/statefulset.yaml @@ -104,6 +104,9 @@ spec: cp /tmp/certs/* /opt/bitnami/postgresql/certs/ chmod 600 {{ include "postgresql.v1.tlsCertKey" . }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir - name: raw-certificates mountPath: /tmp/certs - name: postgresql-certificates @@ -154,13 +157,14 @@ spec: securityContext: {{- .Values.volumePermissions.containerSecurityContext | toYaml | nindent 12 }} {{- end }} volumeMounts: - {{ if .Values.readReplicas.persistence.enabled }} + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir - name: data mountPath: {{ .Values.readReplicas.persistence.mountPath }} {{- if .Values.readReplicas.persistence.subPath }} subPath: {{ .Values.readReplicas.persistence.subPath }} {{- end }} - {{- end }} {{- if .Values.shmVolume.enabled }} - name: dshm mountPath: /dev/shm @@ -380,6 +384,18 @@ spec: lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.readReplicas.lifecycleHooks "context" $) | nindent 12 }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/conf + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/tmp + subPath: app-tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/postgresql/logs + subPath: app-logs-dir {{- if .Values.auth.usePasswordFiles }} - name: postgresql-password mountPath: /opt/bitnami/postgresql/secrets/ @@ -468,6 +484,9 @@ spec: {{- end }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- if .Values.auth.usePasswordFiles }} - name: postgresql-password mountPath: /opt/bitnami/postgresql/secrets/ @@ -517,6 +536,8 @@ spec: sizeLimit: {{ .Values.shmVolume.sizeLimit }} {{- end }} {{- end }} + - name: empty-dir + emptyDir: {} {{- if .Values.readReplicas.extraVolumes }} {{- include "common.tplvalues.render" ( dict "value" .Values.readReplicas.extraVolumes "context" $ ) | nindent 8 }} {{- end }} diff --git a/bitnami/postgresql/values.yaml b/bitnami/postgresql/values.yaml index 2b673dc2e4bbde..72add789f10151 100644 --- a/bitnami/postgresql/values.yaml +++ b/bitnami/postgresql/values.yaml @@ -470,6 +470,7 @@ primary: ## @param primary.containerSecurityContext.enabled Enabled containers' Security Context ## @param primary.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param primary.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param primary.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param primary.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param primary.containerSecurityContext.privileged Set container's Security Context privileged ## @param primary.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem @@ -481,6 +482,7 @@ primary: enabled: true seLinuxOptions: null runAsUser: 1001 + runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false @@ -905,6 +907,7 @@ readReplicas: ## @param readReplicas.containerSecurityContext.enabled Enabled containers' Security Context ## @param readReplicas.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param readReplicas.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param readReplicas.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param readReplicas.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param readReplicas.containerSecurityContext.privileged Set container's Security Context privileged ## @param readReplicas.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem @@ -916,6 +919,7 @@ readReplicas: enabled: true seLinuxOptions: null runAsUser: 1001 + runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false @@ -1257,6 +1261,7 @@ backup: ## @param backup.cronjob.containerSecurityContext.enabled Enabled containers' Security Context ## @param backup.cronjob.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param backup.cronjob.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param backup.cronjob.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param backup.cronjob.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param backup.cronjob.containerSecurityContext.privileged Set container's Security Context privileged ## @param backup.cronjob.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem @@ -1267,6 +1272,7 @@ backup: enabled: true seLinuxOptions: null runAsUser: 1001 + runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false @@ -1501,6 +1507,7 @@ metrics: ## @param metrics.containerSecurityContext.enabled Enabled containers' Security Context ## @param metrics.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param metrics.containerSecurityContext.runAsUser Set containers' Security Context runAsUser + ## @param metrics.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup ## @param metrics.containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot ## @param metrics.containerSecurityContext.privileged Set container's Security Context privileged ## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem @@ -1512,6 +1519,7 @@ metrics: enabled: true seLinuxOptions: null runAsUser: 1001 + runAsGroup: 0 runAsNonRoot: true privileged: false readOnlyRootFilesystem: false From be2533f8f4ca2336800e89e3822bc4d643bee64e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Wed, 21 Feb 2024 10:43:47 +0100 Subject: [PATCH 028/129] [bitnami/cassandra] feat: :sparkles: :lock: Add readOnlyRootFilesystem support (#23594) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [bitnami/cassandra] feat: :sparkles: :lock: Add readOnlyRootFilesystem support Signed-off-by: Javier Salmeron Garcia * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers * test: :white_check_mark: Change owner of cassandra.yaml file Signed-off-by: Javier Salmeron Garcia * chore: :wrench: Bump chart version Signed-off-by: Javier Salmeron Garcia * chore: :recycle: Move all emptydirs to one Signed-off-by: Javier Salmeron Garcia * Apply suggestions from code review Co-authored-by: Fran Mulero Signed-off-by: Javier J. Salmerón-García --------- Signed-off-by: Javier Salmeron Garcia Signed-off-by: Bitnami Containers Signed-off-by: Javier J. Salmerón-García Co-authored-by: Bitnami Containers Co-authored-by: Fran Mulero --- .vib/cassandra/goss/goss.yaml | 1 - bitnami/cassandra/README.md | 1 + bitnami/cassandra/templates/statefulset.yaml | 31 +++++++++++++++++--- bitnami/cassandra/values.yaml | 4 ++- 4 files changed, 31 insertions(+), 6 deletions(-) diff --git a/.vib/cassandra/goss/goss.yaml b/.vib/cassandra/goss/goss.yaml index 1fec7aeafbf046..7f9e150fe3dffc 100644 --- a/.vib/cassandra/goss/goss.yaml +++ b/.vib/cassandra/goss/goss.yaml @@ -11,7 +11,6 @@ file: exists: true filetype: file mode: "0644" - group: root contents: - /num_tokens.*{{ .Vars.cluster.numTokens }}/ command: diff --git a/bitnami/cassandra/README.md b/bitnami/cassandra/README.md index b6c35d2b15e283..cd480a66dc33bf 100644 --- a/bitnami/cassandra/README.md +++ b/bitnami/cassandra/README.md @@ -142,6 +142,7 @@ The command removes all the Kubernetes components associated with the chart and | `containerSecurityContext.enabled` | Enabled Cassandra containers' Security Context | `true` | | `containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `nil` | | `containerSecurityContext.runAsUser` | Set Cassandra containers' Security Context runAsUser | `1001` | +| `containerSecurityContext.runAsGroup` | Set Cassandra containers' Security Context runAsGroup | `0` | | `containerSecurityContext.allowPrivilegeEscalation` | Set Cassandra containers' Security Context allowPrivilegeEscalation | `false` | | `containerSecurityContext.capabilities.drop` | Set Cassandra containers' Security Context capabilities to be dropped | `["ALL"]` | | `containerSecurityContext.readOnlyRootFilesystem` | Set Cassandra containers' Security Context readOnlyRootFilesystem | `false` | diff --git a/bitnami/cassandra/templates/statefulset.yaml b/bitnami/cassandra/templates/statefulset.yaml index b3b7a4759cd9e9..5f05d2f992a26d 100644 --- a/bitnami/cassandra/templates/statefulset.yaml +++ b/bitnami/cassandra/templates/statefulset.yaml @@ -130,6 +130,9 @@ spec: volumeMounts: - name: data mountPath: {{ .Values.persistence.mountPath }} + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- if .Values.persistence.commitLogMountPath }} - name: commitlog mountPath: {{ .Values.persistence.commitLogMountPath }} @@ -202,10 +205,13 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.tls.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: - - name: certs - mountPath: /certs - - name: certs-shared - mountPath: /opt/bitnami/cassandra/certs + - name: certs + mountPath: /certs + - name: certs-shared + mountPath: /opt/bitnami/cassandra/certs + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- end }} {{- if .Values.initContainers }} {{- include "common.tplvalues.render" (dict "value" .Values.initContainers "context" $) | nindent 8 }} @@ -464,6 +470,18 @@ spec: - name: configurations mountPath: {{ .Values.persistence.mountPath }}/conf {{- end }} + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/cassandra/conf + subPath: app-conf-dir + - name: empty-dir + mountPath: /opt/bitnami/cassandra/tmp + subPath: app-tmp-dir + - name: empty-dir + mountPath: /opt/bitnami/cassandra/logs + subPath: app-logs-dir {{- if .Values.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} @@ -514,6 +532,9 @@ spec: - name: metrics-conf mountPath: /opt/bitnami/cassandra-exporter/config.yml subPath: config.yml + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- if .Values.metrics.extraVolumeMounts }} {{- include "common.tplvalues.render" (dict "value" .Values.metrics.extraVolumeMounts "context" $) | nindent 12 }} {{- end }} @@ -539,6 +560,8 @@ spec: configMap: name: {{ tpl .Values.existingConfiguration $ }} {{- end }} + - name: empty-dir + emptyDir: {} {{- if .Values.initDBConfigMap }} - name: init-db-cm configMap: diff --git a/bitnami/cassandra/values.yaml b/bitnami/cassandra/values.yaml index 7a011f7a2d3eb6..328c2e6c6f072d 100644 --- a/bitnami/cassandra/values.yaml +++ b/bitnami/cassandra/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/cassandra - tag: 4.1.4-debian-11-r0 + tag: 4.1.4-debian-11-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -291,6 +291,7 @@ podSecurityContext: ## @param containerSecurityContext.enabled Enabled Cassandra containers' Security Context ## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container ## @param containerSecurityContext.runAsUser Set Cassandra containers' Security Context runAsUser +## @param containerSecurityContext.runAsGroup Set Cassandra containers' Security Context runAsGroup ## @param containerSecurityContext.allowPrivilegeEscalation Set Cassandra containers' Security Context allowPrivilegeEscalation ## @param containerSecurityContext.capabilities.drop Set Cassandra containers' Security Context capabilities to be dropped ## @param containerSecurityContext.readOnlyRootFilesystem Set Cassandra containers' Security Context readOnlyRootFilesystem @@ -302,6 +303,7 @@ containerSecurityContext: enabled: true seLinuxOptions: null runAsUser: 1001 + runAsGroup: 0 runAsNonRoot: true privileged: false allowPrivilegeEscalation: false From d2e8689147536e574b1e0645292661fa0889ad0b Mon Sep 17 00:00:00 2001 From: Thatcher Date: Wed, 21 Feb 2024 10:57:25 +0100 Subject: [PATCH 029/129] [bitnami/mlflow] fix: allowed minAvailable to be percentage, updated schema (#23555) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Thatcher Peskens Signed-off-by: Carlos Rodríguez Hernández Co-authored-by: Carlos Rodríguez Hernández --- bitnami/mlflow/Chart.yaml | 2 +- bitnami/mlflow/values.schema.json | 276 ++++++++++++++++++------------ bitnami/mlflow/values.yaml | 3 +- 3 files changed, 168 insertions(+), 113 deletions(-) diff --git a/bitnami/mlflow/Chart.yaml b/bitnami/mlflow/Chart.yaml index b3e441fbdc753e..44f9e7d9807077 100644 --- a/bitnami/mlflow/Chart.yaml +++ b/bitnami/mlflow/Chart.yaml @@ -43,4 +43,4 @@ name: mlflow sources: - https://github.com/bitnami/containers/tree/main/bitnami/mlflow - https://github.com/mlflow/mlflow -version: 0.10.0 +version: 0.10.1 diff --git a/bitnami/mlflow/values.schema.json b/bitnami/mlflow/values.schema.json index f146b0165fe113..dec39142672d73 100644 --- a/bitnami/mlflow/values.schema.json +++ b/bitnami/mlflow/values.schema.json @@ -100,17 +100,12 @@ "registry": { "type": "string", "description": "mlflow image registry", - "default": "docker.io" + "default": "REGISTRY_NAME" }, "repository": { "type": "string", "description": "mlflow image repository", - "default": "bitnami/mlflow" - }, - "tag": { - "type": "string", - "description": "mlflow image tag (immutable tags are recommended)", - "default": "2.7.1-debian-11-r0" + "default": "REPOSITORY_NAME/mlflow" }, "digest": { "type": "string", @@ -141,17 +136,12 @@ "registry": { "type": "string", "description": "Git image registry", - "default": "docker.io" + "default": "REGISTRY_NAME" }, "repository": { "type": "string", "description": "Git image repository", - "default": "bitnami/git" - }, - "tag": { - "type": "string", - "description": "Git image tag (immutable tags are recommended)", - "default": "2.42.0-debian-11-r20" + "default": "REPOSITORY_NAME/git" }, "digest": { "type": "string", @@ -337,20 +327,27 @@ "description": "Enabled mlflow pods' Security Context", "default": true }, + "fsGroupChangePolicy": { + "type": "string", + "description": "Set filesystem group change policy", + "default": "Always" + }, + "sysctls": { + "type": "array", + "description": "Set kernel settings using the sysctl interface", + "default": [], + "items": {} + }, + "supplementalGroups": { + "type": "array", + "description": "Set filesystem extra groups", + "default": [], + "items": {} + }, "fsGroup": { "type": "number", "description": "Set mlflow pod's Security Context fsGroup", "default": 1001 - }, - "seccompProfile": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Set container's Security Context seccomp profile", - "default": "RuntimeDefault" - } - } } } }, @@ -372,6 +369,11 @@ "description": "Set containers' Security Context runAsGroup", "default": 1001 }, + "privileged": { + "type": "boolean", + "description": "Set containers' Security Context privileged", + "default": false + }, "runAsNonRoot": { "type": "boolean", "description": "Set containers' Security Context runAsNonRoot", @@ -401,6 +403,16 @@ } } } + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Set container's Security Context seccomp profile", + "default": "RuntimeDefault" + } + } } } }, @@ -507,6 +519,11 @@ "description": "Add an init container to run mlflow db upgrade", "default": false }, + "automountServiceAccountToken": { + "type": "boolean", + "description": "Mount Service Account token in pod", + "default": false + }, "hostAliases": { "type": "array", "description": "mlflow pods host aliases", @@ -542,9 +559,9 @@ "default": false }, "minAvailable": { - "type": "number", + "type": "string", "description": "Minimum number/percentage of pods that should remain scheduled", - "default": 1 + "default": "1" }, "maxUnavailable": { "type": "string", @@ -847,11 +864,6 @@ "description": "Ingress path type", "default": "ImplementationSpecific" }, - "apiVersion": { - "type": "string", - "description": "Force Ingress API version (automatically detected if not set)", - "default": "" - }, "hostname": { "type": "string", "description": "Default host for the ingress record", @@ -920,24 +932,33 @@ "enabled": { "type": "boolean", "description": "Enable creation of NetworkPolicy resources", - "default": false + "default": true }, "allowExternal": { "type": "boolean", "description": "The Policy model to apply", "default": true }, + "allowExternalEgress": { + "type": "boolean", + "description": "Allow the pod to access any range of port and all destinations.", + "default": true + }, "extraIngress": { "type": "array", "description": "Add extra ingress rules to the NetworkPolicy", - "default": [], - "items": {} + "default": "[]", + "items": { + "type": "string" + } }, "extraEgress": { "type": "array", "description": "Add extra ingress rules to the NetworkPolicy", - "default": [], - "items": {} + "default": "[]", + "items": { + "type": "string" + } } } }, @@ -1039,26 +1060,6 @@ "description": "Enable the export of Prometheus metrics", "default": false }, - "annotations": { - "type": "object", - "properties": { - "prometheus": { - "type": "object", - "properties": { - "io/scrape": { - "type": "string", - "description": "", - "default": "true" - }, - "io/port": { - "type": "string", - "description": "", - "default": "{{ .Values.tracking.service.ports.http }}" - } - } - } - } - }, "serviceMonitor": { "type": "object", "properties": { @@ -1329,20 +1330,27 @@ "description": "Enabled Run pods' Security Context", "default": true }, + "fsGroupChangePolicy": { + "type": "string", + "description": "Set filesystem group change policy", + "default": "Always" + }, + "sysctls": { + "type": "array", + "description": "Set kernel settings using the sysctl interface", + "default": [], + "items": {} + }, + "supplementalGroups": { + "type": "array", + "description": "Set filesystem extra groups", + "default": [], + "items": {} + }, "fsGroup": { "type": "number", "description": "Set Run pod's Security Context fsGroup", "default": 1001 - }, - "seccompProfile": { - "type": "object", - "properties": { - "type": { - "type": "string", - "description": "Set Run container's Security Context seccomp profile", - "default": "RuntimeDefault" - } - } } } }, @@ -1369,6 +1377,11 @@ "description": "Set Run containers' Security Context runAsNonRoot", "default": true }, + "privileged": { + "type": "boolean", + "description": "Set Run containers' Security Context privileged", + "default": false + }, "readOnlyRootFilesystem": { "type": "boolean", "description": "Set Run containers' Security Context runAsNonRoot", @@ -1393,6 +1406,16 @@ } } } + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Set Run container's Security Context seccomp profile", + "default": "RuntimeDefault" + } + } } } }, @@ -1406,6 +1429,11 @@ "description": "Name of the runtime class to be used by pod(s)", "default": "" }, + "automountServiceAccountToken": { + "type": "boolean", + "description": "Mount Service Account token in pod", + "default": false + }, "hostAliases": { "type": "array", "description": "run pods host aliases", @@ -1534,6 +1562,42 @@ "default": [], "items": {} }, + "networkPolicy": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Enable creation of NetworkPolicy resources", + "default": true + }, + "allowExternal": { + "type": "boolean", + "description": "The Policy model to apply", + "default": true + }, + "allowExternalEgress": { + "type": "boolean", + "description": "Allow the pod to access any range of port and all destinations.", + "default": true + }, + "extraIngress": { + "type": "array", + "description": "Add extra ingress rules to the NetworkPolicy", + "default": "[]", + "items": { + "type": "string" + } + }, + "extraEgress": { + "type": "array", + "description": "Add extra ingress rules to the NetworkPolicy", + "default": "[]", + "items": { + "type": "string" + } + } + } + }, "source": { "type": "object", "properties": { @@ -1586,7 +1650,7 @@ "create": { "type": "boolean", "description": "Enable creation of ServiceAccount for Run pods", - "default": false + "default": true }, "name": { "type": "string", @@ -1686,17 +1750,12 @@ "registry": { "type": "string", "description": "OS Shell + Utility image registry", - "default": "docker.io" + "default": "REGISTRY_NAME" }, "repository": { "type": "string", "description": "OS Shell + Utility image repository", - "default": "bitnami/os-shell" - }, - "tag": { - "type": "string", - "description": "OS Shell + Utility image tag (immutable tags are recommended)", - "default": "11-debian-11-r81" + "default": "REPOSITORY_NAME/os-shell" }, "pullPolicy": { "type": "string", @@ -1752,17 +1811,12 @@ "registry": { "type": "string", "description": "Init container wait-container image registry", - "default": "docker.io" + "default": "REGISTRY_NAME" }, "repository": { "type": "string", "description": "Init container wait-container image name", - "default": "bitnami/os-shell" - }, - "tag": { - "type": "string", - "description": "Init container wait-container image tag", - "default": "11-debian-11-r83" + "default": "REPOSITORY_NAME/os-shell" }, "digest": { "type": "string", @@ -1777,8 +1831,10 @@ "pullSecrets": { "type": "array", "description": "Specify docker-registry secret names as an array", - "default": [], - "items": {} + "default": "[]", + "items": { + "type": "string" + } } } }, @@ -1787,27 +1843,32 @@ "properties": { "enabled": { "type": "boolean", - "description": "Enabled APISIX containers' Security Context", + "description": "Enabled containers' Security Context", "default": true }, "runAsUser": { "type": "number", - "description": "Set APISIX containers' Security Context runAsUser", + "description": "Set containers' Security Context runAsUser", "default": 1001 }, "runAsNonRoot": { "type": "boolean", - "description": "Set APISIX containers' Security Context runAsNonRoot", + "description": "Set containers' Security Context runAsNonRoot", "default": true }, + "privileged": { + "type": "boolean", + "description": "Set containers' Security Context privileged", + "default": false + }, "readOnlyRootFilesystem": { "type": "boolean", - "description": "Set APISIX containers' Security Context runAsNonRoot", + "description": "Set containers' Security Context runAsNonRoot", "default": true }, "allowPrivilegeEscalation": { "type": "boolean", - "description": "Set APISIX container's privilege escalation", + "description": "Set container's privilege escalation", "default": false }, "capabilities": { @@ -1815,7 +1876,7 @@ "properties": { "drop": { "type": "array", - "description": "Set APISIX container's Security Context runAsNonRoot", + "description": "Set container's Security Context runAsNonRoot", "default": [ "ALL" ], @@ -1824,6 +1885,16 @@ } } } + }, + "seccompProfile": { + "type": "object", + "properties": { + "type": { + "type": "string", + "description": "Set container's Security Context seccomp profile", + "default": "RuntimeDefault" + } + } } } } @@ -1884,26 +1955,6 @@ } } } - }, - "initdb": { - "type": "object", - "properties": { - "scripts": { - "type": "object", - "properties": { - "create_auth_db": { - "type": "object", - "properties": { - "sh": { - "type": "string", - "description": "", - "default": "#!/bin/bash\nPGPASSWORD=$POSTGRES_POSTGRES_PASSWORD psql -U postgres <<< \"CREATE DATABASE {{ include \"mlflow.v0.database-auth.name\" . }}\"\nPGPASSWORD=$POSTGRES_POSTGRES_PASSWORD psql -U postgres <<< \"GRANT ALL PRIVILEGES ON DATABASE {{ include \"mlflow.v0.database-auth.name\" . }} to {{ .Values.auth.username }}\"\nPGPASSWORD=$POSTGRES_POSTGRES_PASSWORD psql -U postgres <<< \"ALTER DATABASE {{ include \"mlflow.v0.database-auth.name\" . }} OWNER TO {{ .Values.auth.username }}\"\n" - } - } - } - } - } - } } } } @@ -2096,8 +2147,13 @@ "type": "string", "description": "External S3 bucket", "default": "mlflow" + }, + "serveArtifacts": { + "type": "boolean", + "description": "Whether artifact serving is enabled", + "default": true } } } } -} +} \ No newline at end of file diff --git a/bitnami/mlflow/values.yaml b/bitnami/mlflow/values.yaml index dc1c96d1c7f474..aed485dc7e3404 100644 --- a/bitnami/mlflow/values.yaml +++ b/bitnami/mlflow/values.yaml @@ -320,12 +320,11 @@ tracking: ## ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb ## @param tracking.pdb.create Enable/disable a Pod Disruption Budget creation ## @param tracking.pdb.minAvailable Minimum number/percentage of pods that should remain scheduled - ## @param tracking.pdb.maxUnavailable Maximum number/percentage of pods that may be made unavailable ## pdb: create: false - minAvailable: 1 + minAvailable: "1" maxUnavailable: "" ## Autoscaling configuration ## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/ From 96b397b3a6c35fe915a79156faa8bc95d76d2224 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 12:49:12 +0100 Subject: [PATCH 030/129] [bitnami/apache] Release 10.6.1 updating components versions (#23625) Signed-off-by: Bitnami Containers --- bitnami/apache/Chart.lock | 6 +++--- bitnami/apache/Chart.yaml | 10 +++++----- bitnami/apache/values.yaml | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/bitnami/apache/Chart.lock b/bitnami/apache/Chart.lock index d9dd1b5adce907..febcbabcb4eb59 100644 --- a/bitnami/apache/Chart.lock +++ b/bitnami/apache/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T14:31:21.348826139+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T11:33:29.030057303Z" diff --git a/bitnami/apache/Chart.yaml b/bitnami/apache/Chart.yaml index 8c9848ae8bc204..9ab491f0898f81 100644 --- a/bitnami/apache/Chart.yaml +++ b/bitnami/apache/Chart.yaml @@ -5,12 +5,12 @@ annotations: category: Infrastructure licenses: Apache-2.0 images: | - - name: apache-exporter - image: docker.io/bitnami/apache-exporter:1.0.6-debian-11-r1 - name: apache - image: docker.io/bitnami/apache:2.4.58-debian-11-r10 + image: docker.io/bitnami/apache:2.4.58-debian-12-r16 + - name: apache-exporter + image: docker.io/bitnami/apache-exporter:1.0.6-debian-12-r6 - name: git - image: docker.io/bitnami/git:2.43.0-debian-11-r9 + image: docker.io/bitnami/git:2.43.2-debian-12-r1 apiVersion: v2 appVersion: 2.4.58 dependencies: @@ -35,4 +35,4 @@ maintainers: name: apache sources: - https://github.com/bitnami/charts/tree/main/bitnami/apache -version: 10.6.0 +version: 10.6.1 diff --git a/bitnami/apache/values.yaml b/bitnami/apache/values.yaml index 45d29e50736f3e..4b4ddd86344f84 100644 --- a/bitnami/apache/values.yaml +++ b/bitnami/apache/values.yaml @@ -53,7 +53,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/apache - tag: 2.4.58-debian-11-r10 + tag: 2.4.58-debian-12-r16 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -83,7 +83,7 @@ image: git: registry: docker.io repository: bitnami/git - tag: 2.43.0-debian-11-r9 + tag: 2.43.2-debian-12-r1 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -617,7 +617,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 1.0.6-debian-11-r1 + tag: 1.0.6-debian-12-r6 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From dfcebf424874bace43f4f367ce0feeacaee35466 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:09:08 +0100 Subject: [PATCH 031/129] [bitnami/aspnet-core] Release 5.6.1 updating components versions (#23626) Signed-off-by: Bitnami Containers --- bitnami/aspnet-core/Chart.lock | 6 +++--- bitnami/aspnet-core/Chart.yaml | 8 ++++---- bitnami/aspnet-core/values.yaml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/aspnet-core/Chart.lock b/bitnami/aspnet-core/Chart.lock index 737ae1eefdd367..942d301b1ee10f 100644 --- a/bitnami/aspnet-core/Chart.lock +++ b/bitnami/aspnet-core/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T14:37:16.610438218+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T11:44:08.121250117Z" diff --git a/bitnami/aspnet-core/Chart.yaml b/bitnami/aspnet-core/Chart.yaml index 2970b00d9e2e92..924932fc503c45 100644 --- a/bitnami/aspnet-core/Chart.yaml +++ b/bitnami/aspnet-core/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: aspnet-core - image: docker.io/bitnami/aspnet-core:8.0.2-debian-11-r0 + image: docker.io/bitnami/aspnet-core:8.0.2-debian-12-r1 - name: dotnet-sdk - image: docker.io/bitnami/dotnet-sdk:8.0.200-debian-11-r0 + image: docker.io/bitnami/dotnet-sdk:8.0.200-debian-12-r1 - name: git - image: docker.io/bitnami/git:2.43.1-debian-11-r9 + image: docker.io/bitnami/git:2.43.2-debian-12-r1 apiVersion: v2 appVersion: 8.0.2 dependencies: @@ -31,4 +31,4 @@ maintainers: name: aspnet-core sources: - https://github.com/bitnami/charts/tree/main/bitnami/aspnet-core -version: 5.6.0 +version: 5.6.1 diff --git a/bitnami/aspnet-core/values.yaml b/bitnami/aspnet-core/values.yaml index c208434f2f9581..e7572962ced917 100644 --- a/bitnami/aspnet-core/values.yaml +++ b/bitnami/aspnet-core/values.yaml @@ -62,7 +62,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/aspnet-core - tag: 8.0.2-debian-11-r0 + tag: 8.0.2-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -390,7 +390,7 @@ appFromExternalRepo: image: registry: docker.io repository: bitnami/git - tag: 2.43.1-debian-11-r9 + tag: 2.43.2-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -432,7 +432,7 @@ appFromExternalRepo: image: registry: docker.io repository: bitnami/dotnet-sdk - tag: 8.0.200-debian-11-r0 + tag: 8.0.200-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From a5a7f2f3f0c7621f1d443661896b8e1f8980b02b Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:15:40 +0100 Subject: [PATCH 032/129] [bitnami/apisix] Release 2.8.1 updating components versions (#23628) Signed-off-by: Bitnami Containers --- bitnami/apisix/Chart.lock | 8 ++++---- bitnami/apisix/Chart.yaml | 12 ++++++------ bitnami/apisix/values.yaml | 8 ++++---- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/bitnami/apisix/Chart.lock b/bitnami/apisix/Chart.lock index 7da071a3147238..9eec4741e22b06 100644 --- a/bitnami/apisix/Chart.lock +++ b/bitnami/apisix/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: etcd repository: oci://registry-1.docker.io/bitnamicharts - version: 9.10.5 + version: 9.14.0 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:88936084f8fd70807a54fb8b14c7c36ae4f2205f003240d7207a6cbb71caf57e -generated: "2024-02-14T14:32:09.332342711+01:00" + version: 2.16.1 +digest: sha256:88caa7184a97599ebae7a2121b2eb33373eb9f4684c8484a6d88dacde493944f +generated: "2024-02-21T11:47:48.228222334Z" diff --git a/bitnami/apisix/Chart.yaml b/bitnami/apisix/Chart.yaml index d257e18c5e0b44..db45afa0febfaf 100644 --- a/bitnami/apisix/Chart.yaml +++ b/bitnami/apisix/Chart.yaml @@ -5,14 +5,14 @@ annotations: category: Infrastructure licenses: Apache-2.0 images: | + - name: apisix + image: docker.io/bitnami/apisix:3.8.0-debian-12-r6 - name: apisix-dashboard - image: docker.io/bitnami/apisix-dashboard:3.0.1-debian-11-r146 + image: docker.io/bitnami/apisix-dashboard:3.0.1-debian-12-r21 - name: apisix-ingress-controller - image: docker.io/bitnami/apisix-ingress-controller:1.8.0-debian-11-r6 - - name: apisix - image: docker.io/bitnami/apisix:3.8.0-debian-11-r3 + image: docker.io/bitnami/apisix-ingress-controller:1.8.0-debian-12-r10 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 3.8.0 dependencies: @@ -45,4 +45,4 @@ sources: - https://github.com/bitnami/charts/tree/main/bitnami/apisix - https://github.com/bitnami/charts/tree/main/bitnami/apisix-dashboard - https://github.com/bitnami/charts/tree/main/bitnami/apisix-ingress-controller -version: 2.8.0 +version: 2.8.1 diff --git a/bitnami/apisix/values.yaml b/bitnami/apisix/values.yaml index 0122ec8e36bcc8..1ed447ec9b0a97 100644 --- a/bitnami/apisix/values.yaml +++ b/bitnami/apisix/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/apisix - tag: 3.8.0-debian-11-r3 + tag: 3.8.0-debian-12-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1648,7 +1648,7 @@ dashboard: image: registry: docker.io repository: bitnami/apisix-dashboard - tag: 3.0.1-debian-11-r146 + tag: 3.0.1-debian-12-r21 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2383,7 +2383,7 @@ ingressController: image: registry: docker.io repository: bitnami/apisix-ingress-controller - tag: 1.8.0-debian-11-r6 + tag: 1.8.0-debian-12-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -3085,7 +3085,7 @@ waitContainer: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" ## @param waitContainer.image.pullPolicy Init container wait-container image pull policy ## From f2a4fc7c9c3cc88999ea7804e3d0adb9757bc795 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:18:02 +0100 Subject: [PATCH 033/129] [bitnami/airflow] Release 16.8.1 updating components versions (#23627) Signed-off-by: Bitnami Containers --- bitnami/airflow/Chart.lock | 10 +++++----- bitnami/airflow/Chart.yaml | 16 ++++++++-------- bitnami/airflow/values.yaml | 12 ++++++------ 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/bitnami/airflow/Chart.lock b/bitnami/airflow/Chart.lock index f316b2b775dbef..e5baa0b36f2600 100644 --- a/bitnami/airflow/Chart.lock +++ b/bitnami/airflow/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 18.13.0 + version: 18.14.2 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.4 + version: 13.4.6 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:dd4296369ab03a8c9f1940b4fc34ba57020a63afa6f761220f4f1249ab9e9e08 -generated: "2024-02-14T12:34:36.945245545+01:00" + version: 2.16.1 +digest: sha256:8fa5661b5643114e8fe43da43e12c3511772b1b4fdde1d74d4ec7aff12008b5c +generated: "2024-02-21T11:45:50.841577627Z" diff --git a/bitnami/airflow/Chart.yaml b/bitnami/airflow/Chart.yaml index df2da52f784c17..fcb52bd5ba28a8 100644 --- a/bitnami/airflow/Chart.yaml +++ b/bitnami/airflow/Chart.yaml @@ -5,18 +5,18 @@ annotations: category: WorkFlow licenses: Apache-2.0 images: | + - name: airflow + image: docker.io/bitnami/airflow:2.8.1-debian-12-r10 - name: airflow-exporter - image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-11-r448 + image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-12-r23 - name: airflow-scheduler - image: docker.io/bitnami/airflow-scheduler:2.8.1-debian-11-r4 + image: docker.io/bitnami/airflow-scheduler:2.8.1-debian-12-r9 - name: airflow-worker - image: docker.io/bitnami/airflow-worker:2.8.1-debian-11-r4 - - name: airflow - image: docker.io/bitnami/airflow:2.8.1-debian-11-r4 + image: docker.io/bitnami/airflow-worker:2.8.1-debian-12-r9 - name: git - image: docker.io/bitnami/git:2.43.0-debian-11-r9 + image: docker.io/bitnami/git:2.43.2-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 2.8.1 dependencies: @@ -47,4 +47,4 @@ maintainers: name: airflow sources: - https://github.com/bitnami/charts/tree/main/bitnami/airflow -version: 16.8.0 +version: 16.8.1 diff --git a/bitnami/airflow/values.yaml b/bitnami/airflow/values.yaml index 6f624b4049d419..beff8d1fac7eda 100644 --- a/bitnami/airflow/values.yaml +++ b/bitnami/airflow/values.yaml @@ -119,7 +119,7 @@ dags: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -184,7 +184,7 @@ web: image: registry: docker.io repository: bitnami/airflow - tag: 2.8.1-debian-11-r4 + tag: 2.8.1-debian-12-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -525,7 +525,7 @@ scheduler: image: registry: docker.io repository: bitnami/airflow-scheduler - tag: 2.8.1-debian-11-r4 + tag: 2.8.1-debian-12-r9 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -842,7 +842,7 @@ worker: image: registry: docker.io repository: bitnami/airflow-worker - tag: 2.8.1-debian-11-r4 + tag: 2.8.1-debian-12-r9 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1199,7 +1199,7 @@ git: image: registry: docker.io repository: bitnami/git - tag: 2.43.0-debian-11-r9 + tag: 2.43.2-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1579,7 +1579,7 @@ metrics: image: registry: docker.io repository: bitnami/airflow-exporter - tag: 0.20220314.0-debian-11-r448 + tag: 0.20220314.0-debian-12-r23 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From ff5ed8c27f56ebc10651690c50bb1551cbc55fe3 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:18:58 +0100 Subject: [PATCH 034/129] [bitnami/kafka] Release 26.11.1 updating components versions (#23629) Signed-off-by: Bitnami Containers --- bitnami/kafka/Chart.lock | 8 ++++---- bitnami/kafka/Chart.yaml | 14 +++++++------- bitnami/kafka/values.yaml | 10 +++++----- 3 files changed, 16 insertions(+), 16 deletions(-) diff --git a/bitnami/kafka/Chart.lock b/bitnami/kafka/Chart.lock index 40316820149740..00ca23f5575170 100644 --- a/bitnami/kafka/Chart.lock +++ b/bitnami/kafka/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: zookeeper repository: oci://registry-1.docker.io/bitnamicharts - version: 12.8.1 + version: 12.9.0 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:cccdc01ead6a556674360977d9ace475423c17f7c3875ed7e7df58edf727befa -generated: "2024-02-14T15:09:53.93192995+01:00" + version: 2.16.1 +digest: sha256:b3683d34b21beb8a442eba300f8a571eae2ed16e85155f46d0a5a7f023d7c0d1 +generated: "2024-02-21T11:48:11.294830887Z" diff --git a/bitnami/kafka/Chart.yaml b/bitnami/kafka/Chart.yaml index dacf56466b425e..150920163052b3 100644 --- a/bitnami/kafka/Chart.yaml +++ b/bitnami/kafka/Chart.yaml @@ -6,15 +6,15 @@ annotations: licenses: Apache-2.0 images: | - name: jmx-exporter - image: docker.io/bitnami/jmx-exporter:0.20.0-debian-11-r6 - - name: kafka-exporter - image: docker.io/bitnami/kafka-exporter:1.7.0-debian-11-r140 + image: docker.io/bitnami/jmx-exporter:0.20.0-debian-12-r10 - name: kafka - image: docker.io/bitnami/kafka:3.6.1-debian-11-r6 + image: docker.io/bitnami/kafka:3.6.1-debian-12-r11 + - name: kafka-exporter + image: docker.io/bitnami/kafka-exporter:1.7.0-debian-12-r18 - name: kubectl - image: docker.io/bitnami/kubectl:1.29.1-debian-11-r3 + image: docker.io/bitnami/kubectl:1.29.2-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 3.6.1 dependencies: @@ -42,4 +42,4 @@ maintainers: name: kafka sources: - https://github.com/bitnami/charts/tree/main/bitnami/kafka -version: 26.11.0 +version: 26.11.1 diff --git a/bitnami/kafka/values.yaml b/bitnami/kafka/values.yaml index 9c557a13709f4b..3a8a8f158eea61 100644 --- a/bitnami/kafka/values.yaml +++ b/bitnami/kafka/values.yaml @@ -78,7 +78,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/kafka - tag: 3.6.1-debian-11-r6 + tag: 3.6.1-debian-12-r11 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1385,7 +1385,7 @@ externalAccess: image: registry: docker.io repository: bitnami/kubectl - tag: 1.29.1-debian-11-r3 + tag: 1.29.2-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1679,7 +1679,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1770,7 +1770,7 @@ metrics: image: registry: docker.io repository: bitnami/kafka-exporter - tag: 1.7.0-debian-11-r140 + tag: 1.7.0-debian-12-r18 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2097,7 +2097,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.20.0-debian-11-r6 + tag: 0.20.0-debian-12-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From a296afddd8fc721925c192ec1bde0ccbc8268958 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:22:34 +0100 Subject: [PATCH 035/129] [bitnami/solr] Release 8.9.1 updating components versions (#23630) Signed-off-by: Bitnami Containers --- bitnami/solr/Chart.lock | 8 ++++---- bitnami/solr/Chart.yaml | 8 ++++---- bitnami/solr/values.yaml | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/solr/Chart.lock b/bitnami/solr/Chart.lock index 72928ffab41a64..0aaac5b05d82b3 100644 --- a/bitnami/solr/Chart.lock +++ b/bitnami/solr/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: zookeeper repository: oci://registry-1.docker.io/bitnamicharts - version: 12.8.1 + version: 12.9.0 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:cccdc01ead6a556674360977d9ace475423c17f7c3875ed7e7df58edf727befa -generated: "2024-02-14T16:04:41.136446216+01:00" + version: 2.16.1 +digest: sha256:b3683d34b21beb8a442eba300f8a571eae2ed16e85155f46d0a5a7f023d7c0d1 +generated: "2024-02-21T11:50:52.731278258Z" diff --git a/bitnami/solr/Chart.yaml b/bitnami/solr/Chart.yaml index 58b7c4bac01a6d..2daf06dc265572 100644 --- a/bitnami/solr/Chart.yaml +++ b/bitnami/solr/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: solr - image: docker.io/bitnami/solr:9.4.1-debian-11-r3 + image: docker.io/bitnami/solr:9.5.0-debian-12-r2 apiVersion: v2 -appVersion: 9.4.1 +appVersion: 9.5.0 dependencies: - condition: zookeeper.enabled name: zookeeper @@ -34,4 +34,4 @@ maintainers: name: solr sources: - https://github.com/bitnami/charts/tree/main/bitnami/solr -version: 8.9.0 +version: 8.9.1 diff --git a/bitnami/solr/values.yaml b/bitnami/solr/values.yaml index 9b10df028c639e..7030bea3ea7de2 100644 --- a/bitnami/solr/values.yaml +++ b/bitnami/solr/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/solr - tag: 9.4.1-debian-11-r3 + tag: 9.5.0-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -684,7 +684,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From d29cdd5304e59d104876f4546aea8204aea39b36 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:24:08 +0100 Subject: [PATCH 036/129] [bitnami/tomcat] Release 10.16.1 updating components versions (#23632) Signed-off-by: Bitnami Containers --- bitnami/tomcat/Chart.lock | 6 +++--- bitnami/tomcat/Chart.yaml | 8 ++++---- bitnami/tomcat/values.yaml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/tomcat/Chart.lock b/bitnami/tomcat/Chart.lock index 061f93bf6d7c49..b74001c4add7f2 100644 --- a/bitnami/tomcat/Chart.lock +++ b/bitnami/tomcat/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T16:14:22.980667142+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T11:53:54.023501109Z" diff --git a/bitnami/tomcat/Chart.yaml b/bitnami/tomcat/Chart.yaml index dc4498e2f85ddb..8328ac14088891 100644 --- a/bitnami/tomcat/Chart.yaml +++ b/bitnami/tomcat/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: jmx-exporter - image: docker.io/bitnami/jmx-exporter:0.20.0-debian-11-r6 + image: docker.io/bitnami/jmx-exporter:0.20.0-debian-12-r10 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: tomcat - image: docker.io/bitnami/tomcat:10.1.18-debian-11-r4 + image: docker.io/bitnami/tomcat:10.1.18-debian-12-r8 apiVersion: v2 appVersion: 10.1.18 dependencies: @@ -35,4 +35,4 @@ maintainers: name: tomcat sources: - https://github.com/bitnami/charts/tree/main/bitnami/tomcat -version: 10.16.0 +version: 10.16.1 diff --git a/bitnami/tomcat/values.yaml b/bitnami/tomcat/values.yaml index d8653d6e882077..fe4719c040bf6a 100644 --- a/bitnami/tomcat/values.yaml +++ b/bitnami/tomcat/values.yaml @@ -59,7 +59,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/tomcat - tag: 10.1.18-debian-11-r4 + tag: 10.1.18-debian-12-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -627,7 +627,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -685,7 +685,7 @@ metrics: image: registry: docker.io repository: bitnami/jmx-exporter - tag: 0.20.0-debian-11-r6 + tag: 0.20.0-debian-12-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 0f76174f6323e4f32f3b7dcd8ea7df05d2dc8e60 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:24:22 +0100 Subject: [PATCH 037/129] [bitnami/zookeeper] Release 12.10.1 updating components versions (#23633) Signed-off-by: Bitnami Containers --- bitnami/zookeeper/Chart.lock | 6 +++--- bitnami/zookeeper/Chart.yaml | 6 +++--- bitnami/zookeeper/values.yaml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bitnami/zookeeper/Chart.lock b/bitnami/zookeeper/Chart.lock index 5bb07db3ebe241..7bac6e407a4eb2 100644 --- a/bitnami/zookeeper/Chart.lock +++ b/bitnami/zookeeper/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T16:17:28.095153805+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T11:56:37.618424604Z" diff --git a/bitnami/zookeeper/Chart.yaml b/bitnami/zookeeper/Chart.yaml index a27ce034bcc125..85908af4d86ab9 100644 --- a/bitnami/zookeeper/Chart.yaml +++ b/bitnami/zookeeper/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: zookeeper - image: docker.io/bitnami/zookeeper:3.9.1-debian-11-r8 + image: docker.io/bitnami/zookeeper:3.9.1-debian-12-r13 apiVersion: v2 appVersion: 3.9.1 dependencies: @@ -28,4 +28,4 @@ maintainers: name: zookeeper sources: - https://github.com/bitnami/charts/tree/main/bitnami/zookeeper -version: 12.10.0 +version: 12.10.1 diff --git a/bitnami/zookeeper/values.yaml b/bitnami/zookeeper/values.yaml index 7e394fc86aca5d..c576daff4a59c0 100644 --- a/bitnami/zookeeper/values.yaml +++ b/bitnami/zookeeper/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/zookeeper - tag: 3.9.1-debian-11-r8 + tag: 3.9.1-debian-12-r13 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -749,7 +749,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From c12ac6d787b2ef0031d62aed5f7e715595bdf174 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:33:16 +0100 Subject: [PATCH 038/129] [bitnami/cassandra] Release 10.11.1 updating components versions (#23631) Signed-off-by: Bitnami Containers --- bitnami/cassandra/Chart.lock | 6 +++--- bitnami/cassandra/Chart.yaml | 10 +++++----- bitnami/cassandra/values.yaml | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/bitnami/cassandra/Chart.lock b/bitnami/cassandra/Chart.lock index c65fe201009bf0..b7e5e03651a7de 100644 --- a/bitnami/cassandra/Chart.lock +++ b/bitnami/cassandra/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T14:38:18.303780391+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T11:52:57.728834108Z" diff --git a/bitnami/cassandra/Chart.yaml b/bitnami/cassandra/Chart.yaml index d0b17cb78bc4c3..478295b472da29 100644 --- a/bitnami/cassandra/Chart.yaml +++ b/bitnami/cassandra/Chart.yaml @@ -5,12 +5,12 @@ annotations: category: Database licenses: Apache-2.0 images: | - - name: cassandra-exporter - image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-11-r448 - name: cassandra - image: docker.io/bitnami/cassandra:4.1.4-debian-11-r0 + image: docker.io/bitnami/cassandra:4.1.4-debian-12-r2 + - name: cassandra-exporter + image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-12-r16 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r107 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 4.1.4 dependencies: @@ -32,4 +32,4 @@ maintainers: name: cassandra sources: - https://github.com/bitnami/charts/tree/main/bitnami/cassandra -version: 10.11.0 +version: 10.11.1 diff --git a/bitnami/cassandra/values.yaml b/bitnami/cassandra/values.yaml index 328c2e6c6f072d..de318eaaa2a967 100644 --- a/bitnami/cassandra/values.yaml +++ b/bitnami/cassandra/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/cassandra - tag: 4.1.4-debian-11-r7 + tag: 4.1.4-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -669,7 +669,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r107 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -737,7 +737,7 @@ metrics: image: registry: docker.io repository: bitnami/cassandra-exporter - tag: 2.3.8-debian-11-r448 + tag: 2.3.8-debian-12-r16 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 23a649387194cbc681602d5538f3d26961f8e163 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:34:10 +0100 Subject: [PATCH 039/129] [bitnami/concourse] Release 3.5.1 updating components versions (#23638) Signed-off-by: Bitnami Containers --- bitnami/concourse/Chart.lock | 8 ++++---- bitnami/concourse/Chart.yaml | 6 +++--- bitnami/concourse/values.yaml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bitnami/concourse/Chart.lock b/bitnami/concourse/Chart.lock index edaa757ee78299..6f36ef47d9c00e 100644 --- a/bitnami/concourse/Chart.lock +++ b/bitnami/concourse/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.4 + version: 13.4.6 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:ec94925c6be1fa56ae67a77bdaf0f840232c91970af47a758adfc6aa9643a980 -generated: "2024-02-14T14:41:34.744181277+01:00" + version: 2.16.1 +digest: sha256:de057c4c51c604d9a1f4357bd79af2569b414d4dea12ab0dc35e6a11ea019781 +generated: "2024-02-21T12:15:40.096840522Z" diff --git a/bitnami/concourse/Chart.yaml b/bitnami/concourse/Chart.yaml index 1281450d8c7047..190a33290926a4 100644 --- a/bitnami/concourse/Chart.yaml +++ b/bitnami/concourse/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: concourse - image: docker.io/bitnami/concourse:7.11.2-debian-11-r0 + image: docker.io/bitnami/concourse:7.11.2-debian-12-r4 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 7.11.2 dependencies: @@ -37,4 +37,4 @@ maintainers: name: concourse sources: - https://github.com/bitnami/charts/tree/main/bitnami/concourse -version: 3.5.0 +version: 3.5.1 diff --git a/bitnami/concourse/values.yaml b/bitnami/concourse/values.yaml index 4a0b31374f427b..e910238bd9bfe3 100644 --- a/bitnami/concourse/values.yaml +++ b/bitnami/concourse/values.yaml @@ -68,7 +68,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/concourse - tag: 7.11.2-debian-11-r0 + tag: 7.11.2-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1363,7 +1363,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 6dd17d6896b45fc7cef9f84f88879f9ca5569669 Mon Sep 17 00:00:00 2001 From: David Gomez Date: Wed, 21 Feb 2024 13:35:17 +0100 Subject: [PATCH 040/129] [bitnami/template] Update distro in template (#23658) Signed-off-by: David Gomez --- template/CHART_NAME/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/template/CHART_NAME/values.yaml b/template/CHART_NAME/values.yaml index e2362665651146..6dd2f01512fe14 100644 --- a/template/CHART_NAME/values.yaml +++ b/template/CHART_NAME/values.yaml @@ -607,7 +607,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r%%IMAGE_REVISION%% + tag: 11-debian-12-r%%IMAGE_REVISION%% pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From dfbfb77903fa0f7d73d22aa381c6df9e8e244b2c Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:42:51 +0100 Subject: [PATCH 041/129] [bitnami/argo-cd] Release 5.8.1 updating components versions (#23635) Signed-off-by: Bitnami Containers --- bitnami/argo-cd/Chart.lock | 8 ++++---- bitnami/argo-cd/Chart.yaml | 10 +++++----- bitnami/argo-cd/values.yaml | 8 ++++---- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/bitnami/argo-cd/Chart.lock b/bitnami/argo-cd/Chart.lock index b7173aa6827d1e..0ac09750faddfa 100644 --- a/bitnami/argo-cd/Chart.lock +++ b/bitnami/argo-cd/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 18.13.0 + version: 18.14.2 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:ef15fdb7c834d0d363330ffc2e2893ae2d4064425cdbf1a7a9ebd39c041aefdb -generated: "2024-02-14T14:34:38.06761528+01:00" + version: 2.16.1 +digest: sha256:50cc7bb4c7c1df61b318908c9fe0eb375ea81ea4303766e887dfe865fd8923d7 +generated: "2024-02-21T12:07:01.861758912Z" diff --git a/bitnami/argo-cd/Chart.yaml b/bitnami/argo-cd/Chart.yaml index de4b6ba1cd70f7..3ea652b6b68e3a 100644 --- a/bitnami/argo-cd/Chart.yaml +++ b/bitnami/argo-cd/Chart.yaml @@ -6,13 +6,13 @@ annotations: licenses: Apache-2.0 images: | - name: argo-cd - image: docker.io/bitnami/argo-cd:2.10.0-debian-11-r2 + image: docker.io/bitnami/argo-cd:2.10.0-debian-12-r5 - name: dex - image: docker.io/bitnami/dex:2.38.0-debian-11-r2 + image: docker.io/bitnami/dex:2.38.0-debian-12-r6 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: redis - image: docker.io/bitnami/redis:7.2.4-debian-11-r5 + image: docker.io/bitnami/redis:7.2.4-debian-12-r8 apiVersion: v2 appVersion: 2.10.0 dependencies: @@ -39,4 +39,4 @@ maintainers: name: argo-cd sources: - https://github.com/bitnami/charts/tree/main/bitnami/argo-cd -version: 5.8.0 +version: 5.8.1 diff --git a/bitnami/argo-cd/values.yaml b/bitnami/argo-cd/values.yaml index 5bfd1b3cc2c0f9..a9d5babf40e951 100644 --- a/bitnami/argo-cd/values.yaml +++ b/bitnami/argo-cd/values.yaml @@ -56,7 +56,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/argo-cd - tag: 2.10.0-debian-11-r2 + tag: 2.10.0-debian-12-r5 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -3216,7 +3216,7 @@ dex: image: registry: docker.io repository: bitnami/dex - tag: 2.38.0-debian-11-r2 + tag: 2.38.0-debian-12-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -3900,7 +3900,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -3962,7 +3962,7 @@ redis: image: registry: docker.io repository: bitnami/redis - tag: 7.2.4-debian-11-r5 + tag: 7.2.4-debian-12-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 33cb0d399abe7792c5ad42beabbaf7a199aad666 Mon Sep 17 00:00:00 2001 From: poliphilson <115699709+poliphilson@users.noreply.github.com> Date: Wed, 21 Feb 2024 21:44:04 +0900 Subject: [PATCH 042/129] [bitnami/influxdb] Fix a bug when backup.enabled is true (#23598) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fix when backup.enabled=true Signed-off-by: Kyuwan Kim * version up Signed-off-by: Kyuwan Kim --------- Signed-off-by: Kyuwan Kim Signed-off-by: Carlos Rodríguez Hernández Co-authored-by: Carlos Rodríguez Hernández --- bitnami/influxdb/Chart.yaml | 2 +- bitnami/influxdb/templates/cronjob-backup.yaml | 5 +---- 2 files changed, 2 insertions(+), 5 deletions(-) diff --git a/bitnami/influxdb/Chart.yaml b/bitnami/influxdb/Chart.yaml index e830dc7b5e6ef1..87e3efff0bfcd1 100644 --- a/bitnami/influxdb/Chart.yaml +++ b/bitnami/influxdb/Chart.yaml @@ -37,4 +37,4 @@ maintainers: name: influxdb sources: - https://github.com/bitnami/charts/tree/main/bitnami/influxdb -version: 5.16.0 +version: 5.16.1 diff --git a/bitnami/influxdb/templates/cronjob-backup.yaml b/bitnami/influxdb/templates/cronjob-backup.yaml index 795bf3bea1351c..d0e0b474014b22 100644 --- a/bitnami/influxdb/templates/cronjob-backup.yaml +++ b/bitnami/influxdb/templates/cronjob-backup.yaml @@ -27,10 +27,7 @@ spec: annotations: {{- include "common.tplvalues.render" (dict "value" .Values.backup.cronjob.podAnnotations "context" $) | nindent 12 }} {{- end }} spec: - {{- if .Values.backup.cronjob.securityContext.enabled }} - # Deprecated, use backup.cronjob.podSecurityContext - securityContext: {{- omit .Values.backup.cronjob.securityContext "enabled" | toYaml | nindent 12 }} - {{- else if .Values.backup.cronjob.podSecurityContext.enabled }} + {{- if .Values.backup.cronjob.podSecurityContext.enabled }} securityContext: {{- omit .Values.backup.cronjob.podSecurityContext "enabled" | toYaml | nindent 12 }} {{- end }} restartPolicy: OnFailure From 1dbb31811a89b258eca6ac0f7f62284fcb272981 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:44:09 +0100 Subject: [PATCH 043/129] [bitnami/grafana-operator] Release 3.10.1 updating components versions (#23653) Signed-off-by: Bitnami Containers --- bitnami/grafana-operator/Chart.lock | 6 +++--- bitnami/grafana-operator/Chart.yaml | 8 ++++---- bitnami/grafana-operator/values.yaml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bitnami/grafana-operator/Chart.lock b/bitnami/grafana-operator/Chart.lock index 643fc5ef539b17..e9afecab2e2072 100644 --- a/bitnami/grafana-operator/Chart.lock +++ b/bitnami/grafana-operator/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:00:31.636957672+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T12:29:11.601094371Z" diff --git a/bitnami/grafana-operator/Chart.yaml b/bitnami/grafana-operator/Chart.yaml index a252c7333bd703..202932c1c39b03 100644 --- a/bitnami/grafana-operator/Chart.yaml +++ b/bitnami/grafana-operator/Chart.yaml @@ -5,10 +5,10 @@ annotations: category: Analytics licenses: Apache-2.0 images: | - - name: grafana-operator - image: docker.io/bitnami/grafana-operator:5.6.3-debian-11-r0 - name: grafana - image: docker.io/bitnami/grafana:10.3.1-debian-11-r6 + image: docker.io/bitnami/grafana:10.3.3-debian-12-r2 + - name: grafana-operator + image: docker.io/bitnami/grafana-operator:5.6.3-debian-12-r2 apiVersion: v2 appVersion: 5.6.3 dependencies: @@ -30,4 +30,4 @@ maintainers: name: grafana-operator sources: - https://github.com/bitnami/charts/tree/main/bitnami/grafana-operator -version: 3.10.0 +version: 3.10.1 diff --git a/bitnami/grafana-operator/values.yaml b/bitnami/grafana-operator/values.yaml index 48bc93415ec303..c7333e756146e0 100644 --- a/bitnami/grafana-operator/values.yaml +++ b/bitnami/grafana-operator/values.yaml @@ -149,7 +149,7 @@ operator: image: registry: docker.io repository: bitnami/grafana-operator - tag: 5.6.3-debian-11-r0 + tag: 5.6.3-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -495,7 +495,7 @@ grafana: image: registry: docker.io repository: bitnami/grafana - tag: 10.3.1-debian-11-r6 + tag: 10.3.3-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 9b5a9d08475b7222e4b95e31c359a4864f2ced54 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:48:47 +0100 Subject: [PATCH 044/129] [bitnami/argo-workflows] Release 6.6.2 updating components versions (#23636) Signed-off-by: Bitnami Containers --- bitnami/argo-workflows/Chart.lock | 10 +++++----- bitnami/argo-workflows/Chart.yaml | 10 +++++----- bitnami/argo-workflows/values.yaml | 6 +++--- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/bitnami/argo-workflows/Chart.lock b/bitnami/argo-workflows/Chart.lock index 75969ba5a5c5cc..83d3e656dc6ff5 100644 --- a/bitnami/argo-workflows/Chart.lock +++ b/bitnami/argo-workflows/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.4 + version: 13.4.6 - name: mysql repository: oci://registry-1.docker.io/bitnamicharts - version: 9.19.1 + version: 9.20.1 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:0ad24297f3405771c9d0999adc4b0f54e0cb0e2a8fb728bf415fd103787483cb -generated: "2024-02-14T14:35:45.795704974+01:00" + version: 2.16.1 +digest: sha256:f8d061b09d46a864048112961aaea9c3891346ffe843abcf760f3113f5010e96 +generated: "2024-02-21T12:07:09.197888056Z" diff --git a/bitnami/argo-workflows/Chart.yaml b/bitnami/argo-workflows/Chart.yaml index d34949dc1920d3..613cd90b3a7fda 100644 --- a/bitnami/argo-workflows/Chart.yaml +++ b/bitnami/argo-workflows/Chart.yaml @@ -5,12 +5,12 @@ annotations: category: Infrastructure licenses: Apache-2.0 images: | + - name: argo-workflow-cli + image: docker.io/bitnami/argo-workflow-cli:3.5.4-debian-12-r6 - name: argo-workflow-controller - image: docker.io/bitnami/argo-workflow-controller:3.5.4-debian-11-r3 + image: docker.io/bitnami/argo-workflow-controller:3.5.4-debian-12-r6 - name: argo-workflow-exec - image: docker.io/bitnami/argo-workflow-exec:3.5.4-debian-11-r10 - - name: argo-workflow-cli - image: docker.io/bitnami/argo-workflow-cli:3.5.4-debian-11-r3 + image: docker.io/bitnami/argo-workflow-exec:3.5.4-debian-12-r9 apiVersion: v2 appVersion: 3.5.4 dependencies: @@ -42,4 +42,4 @@ maintainers: name: argo-workflows sources: - https://github.com/bitnami/charts/tree/main/bitnami/argo-workflows -version: 6.6.1 +version: 6.6.2 diff --git a/bitnami/argo-workflows/values.yaml b/bitnami/argo-workflows/values.yaml index c988045307122d..7169a0f4c954c1 100644 --- a/bitnami/argo-workflows/values.yaml +++ b/bitnami/argo-workflows/values.yaml @@ -66,7 +66,7 @@ server: image: registry: docker.io repository: bitnami/argo-workflow-cli - tag: 3.5.4-debian-11-r3 + tag: 3.5.4-debian-12-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -552,7 +552,7 @@ controller: image: registry: docker.io repository: bitnami/argo-workflow-controller - tag: 3.5.4-debian-11-r3 + tag: 3.5.4-debian-12-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1104,7 +1104,7 @@ executor: image: registry: docker.io repository: bitnami/argo-workflow-exec - tag: 3.5.4-debian-11-r10 + tag: 3.5.4-debian-12-r9 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From c8a96d220e5b3a79f422409587692926a6ae5771 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:50:01 +0100 Subject: [PATCH 045/129] [bitnami/clickhouse] Release 5.2.1 updating components versions (#23637) Signed-off-by: Bitnami Containers --- bitnami/clickhouse/Chart.lock | 8 ++++---- bitnami/clickhouse/Chart.yaml | 8 ++++---- bitnami/clickhouse/values.yaml | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/bitnami/clickhouse/Chart.lock b/bitnami/clickhouse/Chart.lock index 7e3d3261d5678a..d7e44124796218 100644 --- a/bitnami/clickhouse/Chart.lock +++ b/bitnami/clickhouse/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: zookeeper repository: oci://registry-1.docker.io/bitnamicharts - version: 12.8.1 + version: 12.9.0 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:cccdc01ead6a556674360977d9ace475423c17f7c3875ed7e7df58edf727befa -generated: "2024-02-14T14:40:10.89088491+01:00" + version: 2.16.1 +digest: sha256:b3683d34b21beb8a442eba300f8a571eae2ed16e85155f46d0a5a7f023d7c0d1 +generated: "2024-02-21T12:07:26.204659357Z" diff --git a/bitnami/clickhouse/Chart.yaml b/bitnami/clickhouse/Chart.yaml index b92e0ae8923d67..8eb90b11c05c3e 100644 --- a/bitnami/clickhouse/Chart.yaml +++ b/bitnami/clickhouse/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: clickhouse - image: docker.io/bitnami/clickhouse:24.1.5-debian-11-r0 + image: docker.io/bitnami/clickhouse:24.1.5-debian-12-r2 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r107 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: zookeeper - image: docker.io/bitnami/zookeeper:3.8.3-debian-11-r17 + image: docker.io/bitnami/zookeeper:3.8.3-debian-12-r13 apiVersion: v2 appVersion: 24.1.5 dependencies: @@ -35,4 +35,4 @@ maintainers: name: clickhouse sources: - https://github.com/bitnami/charts/tree/main/bitnami/clickhouse -version: 5.2.0 +version: 5.2.1 diff --git a/bitnami/clickhouse/values.yaml b/bitnami/clickhouse/values.yaml index 2d2a01de32202c..bc40305e247239 100644 --- a/bitnami/clickhouse/values.yaml +++ b/bitnami/clickhouse/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/clickhouse - tag: 24.1.5-debian-11-r6 + tag: 24.1.5-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -969,7 +969,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r107 + tag: 12-debian-12-r15 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -1128,7 +1128,7 @@ zookeeper: image: registry: docker.io repository: bitnami/zookeeper - tag: 3.8.3-debian-11-r17 + tag: 3.8.3-debian-12-r13 pullPolicy: IfNotPresent replicaCount: 3 service: From c9ca2305242ca151a9f69fbb3260a6cbf229ae82 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:52:43 +0100 Subject: [PATCH 046/129] [bitnami/grafana] Release 9.10.1 updating components versions (#23655) Signed-off-by: Bitnami Containers --- bitnami/grafana/Chart.lock | 6 +++--- bitnami/grafana/Chart.yaml | 8 ++++---- bitnami/grafana/values.yaml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bitnami/grafana/Chart.lock b/bitnami/grafana/Chart.lock index c13f78973285a5..44af3a4d72a8a1 100644 --- a/bitnami/grafana/Chart.lock +++ b/bitnami/grafana/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T14:57:00.929525352+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T12:30:14.283907679Z" diff --git a/bitnami/grafana/Chart.yaml b/bitnami/grafana/Chart.yaml index fccca15b5acc7b..c47ebe33e4dfeb 100644 --- a/bitnami/grafana/Chart.yaml +++ b/bitnami/grafana/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: grafana - image: docker.io/bitnami/grafana:10.3.1-debian-11-r4 + image: docker.io/bitnami/grafana:10.3.3-debian-12-r2 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 -appVersion: 10.3.1 +appVersion: 10.3.3 dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts @@ -31,4 +31,4 @@ maintainers: name: grafana sources: - https://github.com/bitnami/charts/tree/main/bitnami/grafana -version: 9.10.0 +version: 9.10.1 diff --git a/bitnami/grafana/values.yaml b/bitnami/grafana/values.yaml index 2466fac385fe8e..843f4539d6e70f 100644 --- a/bitnami/grafana/values.yaml +++ b/bitnami/grafana/values.yaml @@ -55,7 +55,7 @@ commonAnnotations: {} image: registry: docker.io repository: bitnami/grafana - tag: 10.3.1-debian-11-r4 + tag: 10.3.3-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -872,7 +872,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 093408f263e7763bf0ced11a6f3bc93e68fa5ab9 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:53:39 +0100 Subject: [PATCH 047/129] [bitnami/contour] Release 15.5.1 (#23639) * [bitnami/contour] Release 15.5.1 updating components versions Signed-off-by: Bitnami Containers * Update CRDs automatically Signed-off-by: Bitnami Containers --------- Signed-off-by: Bitnami Containers --- bitnami/contour/Chart.lock | 6 +++--- bitnami/contour/Chart.yaml | 10 +++++----- bitnami/contour/templates/crds/contour-crds.yaml | 2 +- bitnami/contour/values.yaml | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/bitnami/contour/Chart.lock b/bitnami/contour/Chart.lock index 37cb3e4bbbdd8d..298ffc55627596 100644 --- a/bitnami/contour/Chart.lock +++ b/bitnami/contour/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T14:43:29.097717224+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T12:15:42.325363695Z" diff --git a/bitnami/contour/Chart.yaml b/bitnami/contour/Chart.yaml index 6dca62728ae06f..a384fc0ca09ff8 100644 --- a/bitnami/contour/Chart.yaml +++ b/bitnami/contour/Chart.yaml @@ -6,13 +6,13 @@ annotations: licenses: Apache-2.0 images: | - name: contour - image: docker.io/bitnami/contour:1.27.0-debian-11-r9 + image: docker.io/bitnami/contour:1.27.1-debian-12-r2 - name: envoy - image: docker.io/bitnami/envoy:1.27.2-debian-11-r8 + image: docker.io/bitnami/envoy:1.27.3-debian-12-r3 - name: nginx - image: docker.io/bitnami/nginx:1.25.3-debian-11-r7 + image: docker.io/bitnami/nginx:1.25.4-debian-12-r1 apiVersion: v2 -appVersion: 1.27.0 +appVersion: 1.27.1 dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts @@ -32,4 +32,4 @@ maintainers: name: contour sources: - https://github.com/bitnami/charts/tree/main/bitnami/contour -version: 15.5.0 +version: 15.5.1 diff --git a/bitnami/contour/templates/crds/contour-crds.yaml b/bitnami/contour/templates/crds/contour-crds.yaml index 6b20ba0ed26b07..632617a8ee64df 100644 --- a/bitnami/contour/templates/crds/contour-crds.yaml +++ b/bitnami/contour/templates/crds/contour-crds.yaml @@ -1,5 +1,5 @@ # Source: https://raw.githubusercontent.com/projectcontour/contour/v{version}/examples/contour/01-crds.yaml -# Version: 1.27.0 +# Version: 1.27.1 # Conditional: .Values.contour.manageCRDs {{- if .Values.contour.manageCRDs }} --- diff --git a/bitnami/contour/values.yaml b/bitnami/contour/values.yaml index 3045e8cd850543..c46340285656d6 100644 --- a/bitnami/contour/values.yaml +++ b/bitnami/contour/values.yaml @@ -92,7 +92,7 @@ contour: image: registry: docker.io repository: bitnami/contour - tag: 1.27.0-debian-11-r9 + tag: 1.27.1-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -638,7 +638,7 @@ envoy: image: registry: docker.io repository: bitnami/envoy - tag: 1.27.2-debian-11-r8 + tag: 1.27.3-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1237,7 +1237,7 @@ defaultBackend: image: registry: docker.io repository: bitnami/nginx - tag: 1.25.3-debian-11-r7 + tag: 1.25.4-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 0f63fcc280f6dbb556e188dc6eaa9d763964fd1b Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:55:15 +0100 Subject: [PATCH 048/129] [bitnami/grafana-tempo] Release 2.10.1 updating components versions (#23654) Signed-off-by: Bitnami Containers --- bitnami/grafana-tempo/Chart.lock | 8 ++++---- bitnami/grafana-tempo/Chart.yaml | 12 ++++++------ bitnami/grafana-tempo/values.yaml | 8 ++++---- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/bitnami/grafana-tempo/Chart.lock b/bitnami/grafana-tempo/Chart.lock index 54332de00316bd..bae15737a5907d 100644 --- a/bitnami/grafana-tempo/Chart.lock +++ b/bitnami/grafana-tempo/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.10.1 + version: 6.11.5 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:7fe52d23c3b0f9e32061a27f1f437c6c6e32b7b84ee3b5c7dca88e327f55ddb8 -generated: "2024-02-14T15:01:02.371987037+01:00" + version: 2.16.1 +digest: sha256:76700970ccde7bd82363cdd870df8422273a7cb9ff0574bc310ef02fd3ce8c81 +generated: "2024-02-21T12:29:52.407679709Z" diff --git a/bitnami/grafana-tempo/Chart.yaml b/bitnami/grafana-tempo/Chart.yaml index 1919f64dbae5d2..5268088e75a636 100644 --- a/bitnami/grafana-tempo/Chart.yaml +++ b/bitnami/grafana-tempo/Chart.yaml @@ -5,14 +5,14 @@ annotations: category: Infrastructure licenses: Apache-2.0 images: | + - name: grafana-tempo + image: docker.io/bitnami/grafana-tempo:2.3.1-debian-12-r13 - name: grafana-tempo-query - image: docker.io/bitnami/grafana-tempo-query:2.3.1-debian-11-r9 + image: docker.io/bitnami/grafana-tempo-query:2.3.1-debian-12-r13 - name: grafana-tempo-vulture - image: docker.io/bitnami/grafana-tempo-vulture:2.3.1-debian-11-r9 - - name: grafana-tempo - image: docker.io/bitnami/grafana-tempo:2.3.1-debian-11-r9 + image: docker.io/bitnami/grafana-tempo-vulture:2.3.1-debian-12-r13 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 2.3.1 dependencies: @@ -39,4 +39,4 @@ maintainers: name: grafana-tempo sources: - https://github.com/bitnami/charts/tree/main/bitnami/grafana-tempo -version: 2.10.0 +version: 2.10.1 diff --git a/bitnami/grafana-tempo/values.yaml b/bitnami/grafana-tempo/values.yaml index fad249dac88bd1..8fe07aea692350 100644 --- a/bitnami/grafana-tempo/values.yaml +++ b/bitnami/grafana-tempo/values.yaml @@ -72,7 +72,7 @@ tempo: image: registry: docker.io repository: bitnami/grafana-tempo - tag: 2.3.1-debian-11-r9 + tag: 2.3.1-debian-12-r13 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2273,7 +2273,7 @@ queryFrontend: image: registry: docker.io repository: bitnami/grafana-tempo-query - tag: 2.3.1-debian-11-r9 + tag: 2.3.1-debian-12-r13 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2559,7 +2559,7 @@ vulture: image: registry: docker.io repository: bitnami/grafana-tempo-vulture - tag: 2.3.1-debian-11-r9 + tag: 2.3.1-debian-12-r13 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2942,7 +2942,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From c7376a41f8425542795f7286344be1356fce8e21 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:55:56 +0100 Subject: [PATCH 049/129] [bitnami/appsmith] Release 2.7.1 updating components versions (#23634) Signed-off-by: Bitnami Containers --- bitnami/appsmith/Chart.lock | 10 +++++----- bitnami/appsmith/Chart.yaml | 8 ++++---- bitnami/appsmith/values.yaml | 4 ++-- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/bitnami/appsmith/Chart.lock b/bitnami/appsmith/Chart.lock index b3777ec3cdb1d8..925f0310dcdd50 100644 --- a/bitnami/appsmith/Chart.lock +++ b/bitnami/appsmith/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 18.13.0 + version: 18.14.2 - name: mongodb repository: oci://registry-1.docker.io/bitnamicharts - version: 14.8.2 + version: 14.9.4 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d9b9878213287c14427bae72b04d51426a7bfedd72a5094436cb2edd70ccacd6 -generated: "2024-02-14T14:33:44.991589108+01:00" + version: 2.16.1 +digest: sha256:e30ed7b6376df5e0d564f1dc83ed685b54814f80f151b3f8071e66889d0b25fd +generated: "2024-02-21T12:04:11.378201456Z" diff --git a/bitnami/appsmith/Chart.yaml b/bitnami/appsmith/Chart.yaml index 66aa341ea68ed9..da690d8779eba3 100644 --- a/bitnami/appsmith/Chart.yaml +++ b/bitnami/appsmith/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: appsmith - image: docker.io/bitnami/appsmith:1.12.0-debian-11-r0 + image: docker.io/bitnami/appsmith:1.13.0-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r109 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 -appVersion: 1.12.0 +appVersion: 1.13.0 dependencies: - condition: redis.enabled name: redis @@ -37,4 +37,4 @@ maintainers: name: appsmith sources: - https://github.com/bitnami/charts/tree/main/bitnami/appsmith -version: 2.7.0 +version: 2.7.1 diff --git a/bitnami/appsmith/values.yaml b/bitnami/appsmith/values.yaml index 29eee5e1a5b34f..07d6927d0aafeb 100644 --- a/bitnami/appsmith/values.yaml +++ b/bitnami/appsmith/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/appsmith - tag: 1.12.0-debian-11-r0 + tag: 1.13.0-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1350,7 +1350,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r109 + tag: 12-debian-12-r15 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 5753cd466c4f08d8c83e802289199fac3136ba46 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:56:37 +0100 Subject: [PATCH 050/129] [bitnami/harbor] Release 19.8.1 updating components versions (#23657) Signed-off-by: Bitnami Containers --- bitnami/harbor/Chart.lock | 10 +++++----- bitnami/harbor/Chart.yaml | 24 ++++++++++++------------ bitnami/harbor/values.yaml | 20 ++++++++++---------- 3 files changed, 27 insertions(+), 27 deletions(-) diff --git a/bitnami/harbor/Chart.lock b/bitnami/harbor/Chart.lock index a0b9dd4035f530..c346b5549508d3 100644 --- a/bitnami/harbor/Chart.lock +++ b/bitnami/harbor/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 18.13.0 + version: 18.14.2 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.4 + version: 13.4.6 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:dd4296369ab03a8c9f1940b4fc34ba57020a63afa6f761220f4f1249ab9e9e08 -generated: "2024-02-14T15:02:24.927377185+01:00" + version: 2.16.1 +digest: sha256:8fa5661b5643114e8fe43da43e12c3511772b1b4fdde1d74d4ec7aff12008b5c +generated: "2024-02-21T12:31:44.430987651Z" diff --git a/bitnami/harbor/Chart.yaml b/bitnami/harbor/Chart.yaml index 353ebf46fcf197..1ffb98adb8b366 100644 --- a/bitnami/harbor/Chart.yaml +++ b/bitnami/harbor/Chart.yaml @@ -6,25 +6,25 @@ annotations: licenses: Apache-2.0 images: | - name: harbor-adapter-trivy - image: docker.io/bitnami/harbor-adapter-trivy:2.10.0-debian-11-r8 + image: docker.io/bitnami/harbor-adapter-trivy:2.10.0-debian-12-r12 - name: harbor-core - image: docker.io/bitnami/harbor-core:2.10.0-debian-11-r5 + image: docker.io/bitnami/harbor-core:2.10.0-debian-12-r9 - name: harbor-exporter - image: docker.io/bitnami/harbor-exporter:2.10.0-debian-11-r5 + image: docker.io/bitnami/harbor-exporter:2.10.0-debian-12-r9 - name: harbor-jobservice - image: docker.io/bitnami/harbor-jobservice:2.10.0-debian-11-r6 + image: docker.io/bitnami/harbor-jobservice:2.10.0-debian-12-r10 + - name: harbor-portal + image: docker.io/bitnami/harbor-portal:2.10.0-debian-12-r7 - name: harbor-registry - image: docker.io/bitnami/harbor-registry:2.10.0-debian-11-r6 + image: docker.io/bitnami/harbor-registry:2.10.0-debian-12-r10 - name: harbor-registryctl - image: docker.io/bitnami/harbor-registryctl:2.10.0-debian-11-r5 - - name: harbor-portal - image: docker.io/bitnami/harbor-portal:2.10.0-debian-11-r4 + image: docker.io/bitnami/harbor-registryctl:2.10.0-debian-12-r9 - name: nginx - image: docker.io/bitnami/nginx:1.25.3-debian-11-r7 + image: docker.io/bitnami/nginx:1.25.4-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: postgresql - image: docker.io/bitnami/postgresql:13.13.0-debian-11-r29 + image: docker.io/bitnami/postgresql:13.14.0-debian-12-r4 apiVersion: v2 appVersion: 2.10.0 dependencies: @@ -55,4 +55,4 @@ maintainers: name: harbor sources: - https://github.com/bitnami/charts/tree/main/bitnami/harbor -version: 19.8.0 +version: 19.8.1 diff --git a/bitnami/harbor/values.yaml b/bitnami/harbor/values.yaml index a615346a006665..304aba29c8385a 100644 --- a/bitnami/harbor/values.yaml +++ b/bitnami/harbor/values.yaml @@ -588,7 +588,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -643,7 +643,7 @@ nginx: image: registry: docker.io repository: bitnami/nginx - tag: 1.25.3-debian-11-r7 + tag: 1.25.4-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -994,7 +994,7 @@ portal: image: registry: docker.io repository: bitnami/harbor-portal - tag: 2.10.0-debian-11-r4 + tag: 2.10.0-debian-12-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1339,7 +1339,7 @@ core: image: registry: docker.io repository: bitnami/harbor-core - tag: 2.10.0-debian-11-r5 + tag: 2.10.0-debian-12-r9 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1744,7 +1744,7 @@ jobservice: image: registry: docker.io repository: bitnami/harbor-jobservice - tag: 2.10.0-debian-11-r6 + tag: 2.10.0-debian-12-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2349,7 +2349,7 @@ registry: image: registry: docker.io repository: bitnami/harbor-registry - tag: 2.10.0-debian-11-r6 + tag: 2.10.0-debian-12-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2519,7 +2519,7 @@ registry: image: registry: docker.io repository: bitnami/harbor-registryctl - tag: 2.10.0-debian-11-r5 + tag: 2.10.0-debian-12-r9 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2683,7 +2683,7 @@ trivy: image: registry: docker.io repository: bitnami/harbor-adapter-trivy - tag: 2.10.0-debian-11-r8 + tag: 2.10.0-debian-12-r12 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -3072,7 +3072,7 @@ exporter: image: registry: docker.io repository: bitnami/harbor-exporter - tag: 2.10.0-debian-11-r5 + tag: 2.10.0-debian-12-r9 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -3404,7 +3404,7 @@ postgresql: image: registry: docker.io repository: bitnami/postgresql - tag: 13.13.0-debian-11-r29 + tag: 13.14.0-debian-12-r4 digest: "" auth: enablePostgresUser: true From 2005b56cdd2b06ed94ff36772f6a3e52b7f31ebf Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 13:59:34 +0100 Subject: [PATCH 051/129] [bitnami/deepspeed] Release 1.7.1 updating components versions (#23642) Signed-off-by: Bitnami Containers --- bitnami/deepspeed/Chart.lock | 6 +++--- bitnami/deepspeed/Chart.yaml | 8 ++++---- bitnami/deepspeed/values.yaml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/deepspeed/Chart.lock b/bitnami/deepspeed/Chart.lock index f3834f7b0e5d70..0f54c490e2a4a5 100644 --- a/bitnami/deepspeed/Chart.lock +++ b/bitnami/deepspeed/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-16T16:58:48.692071291Z" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T12:20:17.849394326Z" diff --git a/bitnami/deepspeed/Chart.yaml b/bitnami/deepspeed/Chart.yaml index 2dc36d208f20e8..b21bc8f0693f27 100644 --- a/bitnami/deepspeed/Chart.yaml +++ b/bitnami/deepspeed/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: deepspeed - image: docker.io/bitnami/deepspeed:0.13.2-debian-11-r11 + image: docker.io/bitnami/deepspeed:0.13.2-debian-12-r2 - name: git - image: docker.io/bitnami/git:2.43.2-debian-11-r5 + image: docker.io/bitnami/git:2.43.2-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r112 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 0.13.2 dependencies: @@ -35,4 +35,4 @@ name: deepspeed sources: - https://github.com/bitnami/charts/tree/main/bitnami/deepspeed - https://github.com/bitnami/charts/tree/main/bitnami/pytorch -version: 1.7.0 +version: 1.7.1 diff --git a/bitnami/deepspeed/values.yaml b/bitnami/deepspeed/values.yaml index 7f967b317130c1..3bf4e1c95677e7 100644 --- a/bitnami/deepspeed/values.yaml +++ b/bitnami/deepspeed/values.yaml @@ -71,7 +71,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/deepspeed - tag: 0.13.2-debian-11-r11 + tag: 0.13.2-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1006,7 +1006,7 @@ worker: gitImage: registry: docker.io repository: bitnami/git - tag: 2.43.2-debian-11-r5 + tag: 2.43.2-debian-12-r1 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1033,7 +1033,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r112 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From b838f7f781e2d0859a3e24215abdba5a2bef8aa1 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 14:01:31 +0100 Subject: [PATCH 052/129] [bitnami/external-dns] Release 6.34.1 updating components versions (#23646) Signed-off-by: Bitnami Containers --- bitnami/external-dns/Chart.lock | 6 +++--- bitnami/external-dns/Chart.yaml | 4 ++-- bitnami/external-dns/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/external-dns/Chart.lock b/bitnami/external-dns/Chart.lock index 2ea7963532c883..fc290fecdd7d3f 100644 --- a/bitnami/external-dns/Chart.lock +++ b/bitnami/external-dns/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T14:49:34.066406246+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T12:25:48.318185751Z" diff --git a/bitnami/external-dns/Chart.yaml b/bitnami/external-dns/Chart.yaml index c57a56ae5d2e56..c5dc61c48fae70 100644 --- a/bitnami/external-dns/Chart.yaml +++ b/bitnami/external-dns/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: external-dns - image: docker.io/bitnami/external-dns:0.14.0-debian-11-r9 + image: docker.io/bitnami/external-dns:0.14.0-debian-12-r14 apiVersion: v2 appVersion: 0.14.0 dependencies: @@ -28,4 +28,4 @@ maintainers: name: external-dns sources: - https://github.com/bitnami/charts/tree/main/bitnami/external-dns -version: 6.34.0 +version: 6.34.1 diff --git a/bitnami/external-dns/values.yaml b/bitnami/external-dns/values.yaml index 29d076f2117c01..740ffbf8be3eb7 100644 --- a/bitnami/external-dns/values.yaml +++ b/bitnami/external-dns/values.yaml @@ -64,7 +64,7 @@ useDaemonset: false image: registry: docker.io repository: bitnami/external-dns - tag: 0.14.0-debian-11-r9 + tag: 0.14.0-debian-12-r14 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From a116e8f77e8d26d8ac8d2f08b7e4a36af7e75df9 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 14:01:34 +0100 Subject: [PATCH 053/129] [bitnami/elasticsearch] Release 19.19.1 updating components versions (#23645) Signed-off-by: Bitnami Containers --- bitnami/elasticsearch/Chart.lock | 8 ++++---- bitnami/elasticsearch/Chart.yaml | 10 +++++----- bitnami/elasticsearch/values.yaml | 8 ++++---- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/bitnami/elasticsearch/Chart.lock b/bitnami/elasticsearch/Chart.lock index 48a760da403059..50fc0644059339 100644 --- a/bitnami/elasticsearch/Chart.lock +++ b/bitnami/elasticsearch/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: kibana repository: oci://registry-1.docker.io/bitnamicharts - version: 10.9.0 + version: 10.10.4 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:6932d55cb650da7bf34b315468dc941b1467007c4997f2d55866e400678dcafd -generated: "2024-02-14T14:48:42.754392379+01:00" + version: 2.16.1 +digest: sha256:e2fffae55b733658d9ccaf6066a735bf25b3bed228533bf8ad6d3f603a38d52e +generated: "2024-02-21T12:24:18.008237403Z" diff --git a/bitnami/elasticsearch/Chart.yaml b/bitnami/elasticsearch/Chart.yaml index 3cc2469e03c689..5c283859100712 100644 --- a/bitnami/elasticsearch/Chart.yaml +++ b/bitnami/elasticsearch/Chart.yaml @@ -5,12 +5,12 @@ annotations: category: Analytics licenses: Apache-2.0 images: | - - name: elasticsearch-exporter - image: docker.io/bitnami/elasticsearch-exporter:1.7.0-debian-11-r6 - name: elasticsearch - image: docker.io/bitnami/elasticsearch:8.12.1-debian-11-r2 + image: docker.io/bitnami/elasticsearch:8.12.1-debian-12-r5 + - name: elasticsearch-exporter + image: docker.io/bitnami/elasticsearch-exporter:1.7.0-debian-12-r10 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 8.12.1 dependencies: @@ -34,4 +34,4 @@ maintainers: name: elasticsearch sources: - https://github.com/bitnami/charts/tree/main/bitnami/elasticsearch -version: 19.19.0 +version: 19.19.1 diff --git a/bitnami/elasticsearch/values.yaml b/bitnami/elasticsearch/values.yaml index 9ca96b4bb3dbbe..ff22d90c32cd5e 100644 --- a/bitnami/elasticsearch/values.yaml +++ b/bitnami/elasticsearch/values.yaml @@ -185,7 +185,7 @@ useIstioLabels: true image: registry: docker.io repository: bitnami/elasticsearch - tag: 8.12.1-debian-11-r2 + tag: 8.12.1-debian-12-r5 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2107,7 +2107,7 @@ metrics: image: registry: docker.io repository: bitnami/elasticsearch-exporter - tag: 1.7.0-debian-11-r6 + tag: 1.7.0-debian-12-r10 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -2526,7 +2526,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -2573,7 +2573,7 @@ sysctlImage: ## registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 900e4ac4d1298a1e5df853328772023ca1748df8 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 14:02:22 +0100 Subject: [PATCH 054/129] [bitnami/haproxy] Release 0.16.1 updating components versions (#23656) Signed-off-by: Bitnami Containers --- bitnami/haproxy/Chart.lock | 6 +++--- bitnami/haproxy/Chart.yaml | 4 ++-- bitnami/haproxy/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/haproxy/Chart.lock b/bitnami/haproxy/Chart.lock index 4fcfcd0cbf3440..5c8fc9b9de30ed 100644 --- a/bitnami/haproxy/Chart.lock +++ b/bitnami/haproxy/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-15T11:50:40.694392256Z" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T12:30:55.735741226Z" diff --git a/bitnami/haproxy/Chart.yaml b/bitnami/haproxy/Chart.yaml index cd7aeb4b2d92d4..f58fd630162322 100644 --- a/bitnami/haproxy/Chart.yaml +++ b/bitnami/haproxy/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: haproxy - image: docker.io/bitnami/haproxy:2.9.5-debian-11-r0 + image: docker.io/bitnami/haproxy:2.9.5-debian-12-r1 apiVersion: v2 appVersion: 2.9.5 dependencies: @@ -28,4 +28,4 @@ maintainers: name: haproxy sources: - https://github.com/bitnami/charts/tree/main/bitnami/haproxy -version: 0.16.0 +version: 0.16.1 diff --git a/bitnami/haproxy/values.yaml b/bitnami/haproxy/values.yaml index 6a64d710302775..7ff9db7fcc5c32 100644 --- a/bitnami/haproxy/values.yaml +++ b/bitnami/haproxy/values.yaml @@ -291,7 +291,7 @@ terminationGracePeriodSeconds: "" image: registry: docker.io repository: bitnami/haproxy - tag: 2.9.5-debian-11-r0 + tag: 2.9.5-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From c920e6fc4d3a6e4f193e53d715b1bd9821502fbc Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 14:03:13 +0100 Subject: [PATCH 055/129] [bitnami/dokuwiki] Release 14.7.1 updating components versions (#23641) Signed-off-by: Bitnami Containers --- bitnami/dokuwiki/Chart.lock | 6 +++--- bitnami/dokuwiki/Chart.yaml | 8 ++++---- bitnami/dokuwiki/values.yaml | 8 ++++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/bitnami/dokuwiki/Chart.lock b/bitnami/dokuwiki/Chart.lock index 35827d5e9f7cef..d3845818701bba 100644 --- a/bitnami/dokuwiki/Chart.lock +++ b/bitnami/dokuwiki/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T14:46:08.208549898+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T12:19:09.88994827Z" diff --git a/bitnami/dokuwiki/Chart.yaml b/bitnami/dokuwiki/Chart.yaml index 448f1803b68c13..946de13c3a9059 100644 --- a/bitnami/dokuwiki/Chart.yaml +++ b/bitnami/dokuwiki/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: apache-exporter - image: docker.io/bitnami/apache-exporter:1.0.6-debian-11-r2 + image: docker.io/bitnami/apache-exporter:1.0.6-debian-12-r6 - name: dokuwiki - image: docker.io/bitnami/dokuwiki:20230404.1.0-debian-11-r111 + image: docker.io/bitnami/dokuwiki:20230404.1.0-debian-12-r22 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 20230404.1.0 dependencies: @@ -35,4 +35,4 @@ maintainers: name: dokuwiki sources: - https://github.com/bitnami/charts/tree/main/bitnami/dokuwiki -version: 14.7.0 +version: 14.7.1 diff --git a/bitnami/dokuwiki/values.yaml b/bitnami/dokuwiki/values.yaml index ce3f7903f9ac62..9d45221699ddb3 100644 --- a/bitnami/dokuwiki/values.yaml +++ b/bitnami/dokuwiki/values.yaml @@ -59,7 +59,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/dokuwiki - tag: 20230404.1.0-debian-11-r111 + tag: 20230404.1.0-debian-12-r22 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -565,7 +565,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -614,7 +614,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 1.0.6-debian-11-r2 + tag: 1.0.6-debian-12-r6 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -698,7 +698,7 @@ certificates: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 040714aa6b29bd0faf4a0704ab91d86c8afe3f99 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 14:03:41 +0100 Subject: [PATCH 056/129] [bitnami/drupal] Release 17.5.1 updating components versions (#23643) Signed-off-by: Bitnami Containers --- bitnami/drupal/Chart.lock | 8 ++++---- bitnami/drupal/Chart.yaml | 8 ++++---- bitnami/drupal/values.yaml | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/bitnami/drupal/Chart.lock b/bitnami/drupal/Chart.lock index 08fcf8294ca5c8..e9ac01a7cb4b7c 100644 --- a/bitnami/drupal/Chart.lock +++ b/bitnami/drupal/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: mariadb repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.2 + version: 15.2.3 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:02e9fc30c23cb9cdab4426cd29f465bcdedb599cc3ca71b93a050af21de75a9a -generated: "2024-02-14T14:47:09.136640148+01:00" + version: 2.16.1 +digest: sha256:aa458dbf23d5ef02fcef95f38e53da0a1891b5aa4ca1564c8c057c30a147865a +generated: "2024-02-21T12:20:54.431752065Z" diff --git a/bitnami/drupal/Chart.yaml b/bitnami/drupal/Chart.yaml index bbd13fa9c70325..94770cc4a0022f 100644 --- a/bitnami/drupal/Chart.yaml +++ b/bitnami/drupal/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: apache-exporter - image: docker.io/bitnami/apache-exporter:1.0.6-debian-11-r2 + image: docker.io/bitnami/apache-exporter:1.0.6-debian-12-r6 - name: drupal - image: docker.io/bitnami/drupal:10.2.3-debian-11-r0 + image: docker.io/bitnami/drupal:10.2.3-debian-12-r4 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 10.2.3 dependencies: @@ -40,4 +40,4 @@ maintainers: name: drupal sources: - https://github.com/bitnami/charts/tree/main/bitnami/drupal -version: 17.5.0 +version: 17.5.1 diff --git a/bitnami/drupal/values.yaml b/bitnami/drupal/values.yaml index 05118f41af6d16..4a5a8d4e1cad93 100644 --- a/bitnami/drupal/values.yaml +++ b/bitnami/drupal/values.yaml @@ -56,7 +56,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/drupal - tag: 10.2.3-debian-11-r0 + tag: 10.2.3-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -668,7 +668,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -718,7 +718,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 1.0.6-debian-11-r2 + tag: 1.0.6-debian-12-r6 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -885,7 +885,7 @@ certificates: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 9e9d449cf1a7088905489cf34c7ae9f10fd39064 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 14:05:25 +0100 Subject: [PATCH 057/129] [bitnami/gitea] Release 1.5.1 updating components versions (#23650) Signed-off-by: Bitnami Containers --- bitnami/gitea/Chart.lock | 8 ++++---- bitnami/gitea/Chart.yaml | 6 +++--- bitnami/gitea/values.yaml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bitnami/gitea/Chart.lock b/bitnami/gitea/Chart.lock index 5fb15b4758e8ce..5b9e73ef0fafd4 100644 --- a/bitnami/gitea/Chart.lock +++ b/bitnami/gitea/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.4 + version: 13.4.6 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:e08d67109d82e36a3e93290f950311e7761cee1565ff9cf4af06faf37b10fa31 -generated: "2024-02-14T14:55:58.00036996+01:00" + version: 2.16.1 +digest: sha256:13493ce073076d218152b111a17dbcdd9a2173681ec0f2e51142c4819964c1da +generated: "2024-02-21T12:28:17.066423479Z" diff --git a/bitnami/gitea/Chart.yaml b/bitnami/gitea/Chart.yaml index a6d4cd213fabbf..601992781bdbd3 100644 --- a/bitnami/gitea/Chart.yaml +++ b/bitnami/gitea/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: gitea - image: docker.io/bitnami/gitea:1.21.5-debian-11-r3 + image: docker.io/bitnami/gitea:1.21.5-debian-12-r5 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 1.21.5 dependencies: @@ -37,4 +37,4 @@ maintainers: name: gitea sources: - https://github.com/bitnami/charts/tree/main/bitnami/gitea -version: 1.5.0 +version: 1.5.1 diff --git a/bitnami/gitea/values.yaml b/bitnami/gitea/values.yaml index 35e0d9943441f6..f34a07357547e3 100644 --- a/bitnami/gitea/values.yaml +++ b/bitnami/gitea/values.yaml @@ -59,7 +59,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/gitea - tag: 1.21.5-debian-11-r3 + tag: 1.21.5-debian-12-r5 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -657,7 +657,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From eb0e1681a23485453326b843e4645e7965e50207 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 14:07:36 +0100 Subject: [PATCH 058/129] [bitnami/grafana-loki] Release 2.17.1 updating components versions (#23651) Signed-off-by: Bitnami Containers --- bitnami/grafana-loki/Chart.lock | 14 +++++++------- bitnami/grafana-loki/Chart.yaml | 12 ++++++------ bitnami/grafana-loki/values.yaml | 16 ++++++++-------- 3 files changed, 21 insertions(+), 21 deletions(-) diff --git a/bitnami/grafana-loki/Chart.lock b/bitnami/grafana-loki/Chart.lock index e92b5d7ad07dbc..530d4bd04aac55 100644 --- a/bitnami/grafana-loki/Chart.lock +++ b/bitnami/grafana-loki/Chart.lock @@ -1,18 +1,18 @@ dependencies: - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.10.1 + version: 6.11.5 - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.10.1 + version: 6.11.5 - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.10.1 + version: 6.11.5 - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.10.1 + version: 6.11.5 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:7f3b9418b065d11dd005bf462d99189c73958be628bdc75d02020964b43f611a -generated: "2024-02-14T14:58:03.988308727+01:00" + version: 2.16.1 +digest: sha256:de11ac92e92d9c8c286d71e241be91136f6d275e7b4459f65f1c6a28a2d8bbde +generated: "2024-02-21T12:28:14.385044379Z" diff --git a/bitnami/grafana-loki/Chart.yaml b/bitnami/grafana-loki/Chart.yaml index 28b65937b4d91d..86a710499f03bf 100644 --- a/bitnami/grafana-loki/Chart.yaml +++ b/bitnami/grafana-loki/Chart.yaml @@ -6,15 +6,15 @@ annotations: licenses: Apache-2.0 images: | - name: grafana-loki - image: docker.io/bitnami/grafana-loki:2.9.4-debian-11-r6 + image: docker.io/bitnami/grafana-loki:2.9.4-debian-12-r8 - name: memcached - image: docker.io/bitnami/memcached:1.6.23-debian-11-r3 + image: docker.io/bitnami/memcached:1.6.23-debian-12-r6 - name: nginx - image: docker.io/bitnami/nginx:1.25.3-debian-11-r7 + image: docker.io/bitnami/nginx:1.25.4-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: promtail - image: docker.io/bitnami/promtail:2.9.4-debian-11-r3 + image: docker.io/bitnami/promtail:2.9.4-debian-12-r6 apiVersion: v2 appVersion: 2.9.4 dependencies: @@ -57,4 +57,4 @@ maintainers: name: grafana-loki sources: - https://github.com/bitnami/charts/tree/main/bitnami/grafana-loki -version: 2.17.0 +version: 2.17.1 diff --git a/bitnami/grafana-loki/values.yaml b/bitnami/grafana-loki/values.yaml index f35b964d921f83..18b057e8a9b69e 100644 --- a/bitnami/grafana-loki/values.yaml +++ b/bitnami/grafana-loki/values.yaml @@ -72,7 +72,7 @@ loki: image: registry: docker.io repository: bitnami/grafana-loki - tag: 2.9.4-debian-11-r6 + tag: 2.9.4-debian-12-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -671,7 +671,7 @@ gateway: image: registry: docker.io repository: bitnami/nginx - tag: 1.25.3-debian-11-r7 + tag: 1.25.4-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -4127,7 +4127,7 @@ promtail: image: registry: docker.io repository: bitnami/promtail - tag: 2.9.4-debian-11-r3 + tag: 2.9.4-debian-12-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -4627,7 +4627,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -4759,7 +4759,7 @@ memcachedchunks: image: registry: docker.io repository: bitnami/memcached - tag: 1.6.23-debian-11-r3 + tag: 1.6.23-debian-12-r6 digest: "" ## @param memcachedchunks.nameOverride override the subchart name ## @@ -4798,7 +4798,7 @@ memcachedfrontend: image: registry: docker.io repository: bitnami/memcached - tag: 1.6.23-debian-11-r3 + tag: 1.6.23-debian-12-r6 digest: "" ## @param memcachedfrontend.architecture Memcached architecture ## @@ -4837,7 +4837,7 @@ memcachedindexqueries: image: registry: docker.io repository: bitnami/memcached - tag: 1.6.23-debian-11-r3 + tag: 1.6.23-debian-12-r6 digest: "" ## @param memcachedindexqueries.architecture Memcached architecture ## @@ -4876,7 +4876,7 @@ memcachedindexwrites: image: registry: docker.io repository: bitnami/memcached - tag: 1.6.23-debian-11-r3 + tag: 1.6.23-debian-12-r6 digest: "" ## @param memcachedindexwrites.architecture Memcached architecture ## From af488ffb6e1bb0ac409eaa5309fba2e7e53330bc Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 14:07:51 +0100 Subject: [PATCH 059/129] [bitnami/grafana-mimir] Release 0.12.1 updating components versions (#23652) Signed-off-by: Bitnami Containers --- bitnami/grafana-mimir/Chart.lock | 14 +++++++------- bitnami/grafana-mimir/Chart.yaml | 10 +++++----- bitnami/grafana-mimir/values.yaml | 14 +++++++------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/bitnami/grafana-mimir/Chart.lock b/bitnami/grafana-mimir/Chart.lock index 4b0b4456f046b1..3bd0a0e495e317 100644 --- a/bitnami/grafana-mimir/Chart.lock +++ b/bitnami/grafana-mimir/Chart.lock @@ -4,18 +4,18 @@ dependencies: version: 12.13.2 - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.10.1 + version: 6.11.5 - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.10.1 + version: 6.11.5 - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.10.1 + version: 6.11.5 - name: memcached repository: oci://registry-1.docker.io/bitnamicharts - version: 6.10.1 + version: 6.11.5 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:4bbf51064b0954b2b72716879188c1a67e6e87580cf3770206419b9e81d3c9e7 -generated: "2024-02-14T14:59:14.294938138+01:00" + version: 2.16.1 +digest: sha256:c6d7fee511771ca23107b45dce24243e56ba3433a07fcd533ed9ad5b72010c46 +generated: "2024-02-21T12:28:33.664343823Z" diff --git a/bitnami/grafana-mimir/Chart.yaml b/bitnami/grafana-mimir/Chart.yaml index 99aff2071878e5..a5ecdc88ccfcca 100644 --- a/bitnami/grafana-mimir/Chart.yaml +++ b/bitnami/grafana-mimir/Chart.yaml @@ -6,13 +6,13 @@ annotations: licenses: Apache-2.0 images: | - name: grafana-mimir - image: docker.io/bitnami/grafana-mimir:2.11.0-debian-11-r9 + image: docker.io/bitnami/grafana-mimir:2.11.0-debian-12-r11 - name: memcached - image: docker.io/bitnami/memcached:1.6.23-debian-11-r3 + image: docker.io/bitnami/memcached:1.6.23-debian-12-r6 - name: nginx - image: docker.io/bitnami/nginx:1.25.3-debian-11-r7 + image: docker.io/bitnami/nginx:1.25.4-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 2.11.0 dependencies: @@ -59,4 +59,4 @@ maintainers: name: grafana-mimir sources: - https://github.com/bitnami/charts/tree/main/bitnami/grafana-mimir -version: 0.12.0 +version: 0.12.1 diff --git a/bitnami/grafana-mimir/values.yaml b/bitnami/grafana-mimir/values.yaml index e172c9eab01009..e99a01cfcec29a 100644 --- a/bitnami/grafana-mimir/values.yaml +++ b/bitnami/grafana-mimir/values.yaml @@ -75,7 +75,7 @@ mimir: image: registry: docker.io repository: bitnami/grafana-mimir - tag: 2.11.0-debian-11-r9 + tag: 2.11.0-debian-12-r11 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1556,7 +1556,7 @@ gateway: image: registry: docker.io repository: bitnami/nginx - tag: 1.25.3-debian-11-r7 + tag: 1.25.4-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -4816,7 +4816,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -5014,7 +5014,7 @@ memcachedchunks: image: registry: docker.io repository: bitnami/memcached - tag: 1.6.23-debian-11-r3 + tag: 1.6.23-debian-12-r6 digest: "" ## @param memcachedchunks.nameOverride override the subchart name ## @@ -5053,7 +5053,7 @@ memcachedfrontend: image: registry: docker.io repository: bitnami/memcached - tag: 1.6.23-debian-11-r3 + tag: 1.6.23-debian-12-r6 digest: "" ## @param memcachedfrontend.architecture Memcached architecture ## @@ -5092,7 +5092,7 @@ memcachedindex: image: registry: docker.io repository: bitnami/memcached - tag: 1.6.23-debian-11-r3 + tag: 1.6.23-debian-12-r6 digest: "" ## @param memcachedindex.architecture Memcached architecture ## @@ -5131,7 +5131,7 @@ memcachedmetadata: image: registry: docker.io repository: bitnami/memcached - tag: 1.6.23-debian-11-r3 + tag: 1.6.23-debian-12-r6 digest: "" ## @param memcachedmetadata.architecture Memcached architecture ## From 08af668f24c32a6cca52627899579e41be3af6da Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 14:09:45 +0100 Subject: [PATCH 060/129] [bitnami/ejbca] Release 11.4.1 updating components versions (#23644) Signed-off-by: Bitnami Containers --- bitnami/ejbca/Chart.lock | 8 ++++---- bitnami/ejbca/Chart.yaml | 4 ++-- bitnami/ejbca/values.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/bitnami/ejbca/Chart.lock b/bitnami/ejbca/Chart.lock index d4fbb0eddbca65..a9f09bcbe71164 100644 --- a/bitnami/ejbca/Chart.lock +++ b/bitnami/ejbca/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: mariadb repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.2 + version: 15.2.3 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:63da8e82c05ba1053852d8b96dec49737efeba45ce63aac6a3cf1e3bca788dc0 -generated: "2024-02-14T14:48:00.391768858+01:00" + version: 2.16.1 +digest: sha256:dd9205f256aeaf93e9cf92a9229bbe128feeaf4f67e28212d4a6c557aa5b085a +generated: "2024-02-21T12:24:04.652240623Z" diff --git a/bitnami/ejbca/Chart.yaml b/bitnami/ejbca/Chart.yaml index 455e11d52f7e01..72f79acf6199a6 100644 --- a/bitnami/ejbca/Chart.yaml +++ b/bitnami/ejbca/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: ejbca - image: docker.io/bitnami/ejbca:8.2.0-1-debian-11-r3 + image: docker.io/bitnami/ejbca:8.2.0-1-debian-12-r7 apiVersion: v2 appVersion: 8.2.0-1 dependencies: @@ -35,4 +35,4 @@ maintainers: name: ejbca sources: - https://github.com/bitnami/charts/tree/main/bitnami/ejbca -version: 11.4.0 +version: 11.4.1 diff --git a/bitnami/ejbca/values.yaml b/bitnami/ejbca/values.yaml index 20ba40bb7aeae2..4c72facce113eb 100644 --- a/bitnami/ejbca/values.yaml +++ b/bitnami/ejbca/values.yaml @@ -70,7 +70,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/ejbca - tag: 8.2.0-1-debian-11-r3 + tag: 8.2.0-1-debian-12-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 734d2660e971a426dc486c1c1f51bc202ea4f5f2 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 14:13:07 +0100 Subject: [PATCH 061/129] [bitnami/fluent-bit] Release 0.10.1 updating components versions (#23648) Signed-off-by: Bitnami Containers --- bitnami/fluent-bit/Chart.lock | 6 +++--- bitnami/fluent-bit/Chart.yaml | 4 ++-- bitnami/fluent-bit/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/fluent-bit/Chart.lock b/bitnami/fluent-bit/Chart.lock index f2bfe53e56a27b..3f7a9f13f49317 100644 --- a/bitnami/fluent-bit/Chart.lock +++ b/bitnami/fluent-bit/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T14:52:07.199095302+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T12:26:51.266339733Z" diff --git a/bitnami/fluent-bit/Chart.yaml b/bitnami/fluent-bit/Chart.yaml index 691f754f1f7e0a..1ca9e890de7b83 100644 --- a/bitnami/fluent-bit/Chart.yaml +++ b/bitnami/fluent-bit/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: fluent-bit - image: docker.io/bitnami/fluent-bit:2.2.2-debian-11-r4 + image: docker.io/bitnami/fluent-bit:2.2.2-debian-12-r6 apiVersion: v2 appVersion: 2.2.2 dependencies: @@ -28,4 +28,4 @@ maintainers: name: fluent-bit sources: - https://github.com/bitnami/charts/tree/main/bitnami/fluent-bit -version: 0.10.0 \ No newline at end of file +version: 0.10.1 diff --git a/bitnami/fluent-bit/values.yaml b/bitnami/fluent-bit/values.yaml index caed1f7837c319..3de7dbe346c097 100644 --- a/bitnami/fluent-bit/values.yaml +++ b/bitnami/fluent-bit/values.yaml @@ -67,7 +67,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/fluent-bit - tag: 2.2.2-debian-11-r4 + tag: 2.2.2-debian-12-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 223bc2309b2cf7b347b7dbc8e87203d4bea54ec1 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 14:19:18 +0100 Subject: [PATCH 062/129] [bitnami/ghost] Release 19.10.1 updating components versions (#23649) Signed-off-by: Bitnami Containers --- bitnami/ghost/Chart.lock | 8 ++++---- bitnami/ghost/Chart.yaml | 8 ++++---- bitnami/ghost/values.yaml | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/ghost/Chart.lock b/bitnami/ghost/Chart.lock index 8087f62216ee52..036b71c051ab51 100644 --- a/bitnami/ghost/Chart.lock +++ b/bitnami/ghost/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: mysql repository: oci://registry-1.docker.io/bitnamicharts - version: 9.19.1 + version: 9.20.1 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:866fd2c51071da35377833f2fa9a6fdccd2bb9f687094c24740f9fbfce5b9145 -generated: "2024-02-14T14:55:03.41415134+01:00" + version: 2.16.1 +digest: sha256:993cf782df6232f73ec4166964048870ff0b27c6bb1a8da14d9177ae35e6b35b +generated: "2024-02-21T12:27:33.652541795Z" diff --git a/bitnami/ghost/Chart.yaml b/bitnami/ghost/Chart.yaml index 5aecc4685860ae..17a95373636cea 100644 --- a/bitnami/ghost/Chart.yaml +++ b/bitnami/ghost/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: ghost - image: docker.io/bitnami/ghost:5.79.1-debian-11-r0 + image: docker.io/bitnami/ghost:5.79.4-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 -appVersion: 5.79.1 +appVersion: 5.79.4 dependencies: - condition: mysql.enabled name: mysql @@ -40,4 +40,4 @@ maintainers: name: ghost sources: - https://github.com/bitnami/charts/tree/main/bitnami/ghost -version: 19.10.0 +version: 19.10.1 diff --git a/bitnami/ghost/values.yaml b/bitnami/ghost/values.yaml index 40ab8f80f269be..0d38f8c6eeebc5 100644 --- a/bitnami/ghost/values.yaml +++ b/bitnami/ghost/values.yaml @@ -70,7 +70,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/ghost - tag: 5.79.1-debian-11-r0 + tag: 5.79.4-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -610,7 +610,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 5d3400fd5544e0f0ba6f6bb4a777dc296f617b4c Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 14:21:43 +0100 Subject: [PATCH 063/129] [bitnami/fluentd] Release 5.17.1 updating components versions (#23647) Signed-off-by: Bitnami Containers --- bitnami/fluentd/Chart.lock | 6 +++--- bitnami/fluentd/Chart.yaml | 4 ++-- bitnami/fluentd/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/fluentd/Chart.lock b/bitnami/fluentd/Chart.lock index 373345b1c768bd..c50aa7aba871c7 100644 --- a/bitnami/fluentd/Chart.lock +++ b/bitnami/fluentd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T14:53:08.883154257+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T12:25:54.237229873Z" diff --git a/bitnami/fluentd/Chart.yaml b/bitnami/fluentd/Chart.yaml index afda816be4d1a0..e98a2495f94039 100644 --- a/bitnami/fluentd/Chart.yaml +++ b/bitnami/fluentd/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: fluentd - image: docker.io/bitnami/fluentd:1.16.3-debian-11-r6 + image: docker.io/bitnami/fluentd:1.16.3-debian-12-r11 apiVersion: v2 appVersion: 1.16.3 dependencies: @@ -30,4 +30,4 @@ maintainers: name: fluentd sources: - https://github.com/bitnami/charts/tree/main/bitnami/fluentd -version: 5.17.0 +version: 5.17.1 diff --git a/bitnami/fluentd/values.yaml b/bitnami/fluentd/values.yaml index 6863f8731f324b..f734e794807ceb 100644 --- a/bitnami/fluentd/values.yaml +++ b/bitnami/fluentd/values.yaml @@ -69,7 +69,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/fluentd - tag: 1.16.3-debian-11-r6 + tag: 1.16.3-debian-12-r11 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images From 0c879eb805c75634d0dd41278264a0a34a724a5c Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 15:26:15 +0100 Subject: [PATCH 064/129] [bitnami/jenkins] Release 12.9.1 updating components versions (#23663) Signed-off-by: Bitnami Containers --- bitnami/jenkins/Chart.lock | 6 +++--- bitnami/jenkins/Chart.yaml | 10 +++++----- bitnami/jenkins/values.yaml | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/bitnami/jenkins/Chart.lock b/bitnami/jenkins/Chart.lock index 73e1346a2911e6..03713cc763f94e 100644 --- a/bitnami/jenkins/Chart.lock +++ b/bitnami/jenkins/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:06:03.736833125+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:02:16.121997912Z" diff --git a/bitnami/jenkins/Chart.yaml b/bitnami/jenkins/Chart.yaml index 431da19c82dbe6..fbcfb2b74e0bb5 100644 --- a/bitnami/jenkins/Chart.yaml +++ b/bitnami/jenkins/Chart.yaml @@ -5,12 +5,12 @@ annotations: category: Infrastructure licenses: Apache-2.0 images: | - - name: jenkins-agent - image: docker.io/bitnami/jenkins-agent:0.3206.0-debian-11-r5 - name: jenkins - image: docker.io/bitnami/jenkins:2.426.3-debian-11-r5 + image: docker.io/bitnami/jenkins:2.426.3-debian-12-r9 + - name: jenkins-agent + image: docker.io/bitnami/jenkins-agent:0.3206.0-debian-12-r8 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 2.426.3 dependencies: @@ -35,4 +35,4 @@ maintainers: name: jenkins sources: - https://github.com/bitnami/charts/tree/main/bitnami/jenkins -version: 12.9.0 +version: 12.9.1 diff --git a/bitnami/jenkins/values.yaml b/bitnami/jenkins/values.yaml index 183a93e7f0e701..719da86e804039 100644 --- a/bitnami/jenkins/values.yaml +++ b/bitnami/jenkins/values.yaml @@ -70,7 +70,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/jenkins - tag: 2.426.3-debian-11-r5 + tag: 2.426.3-debian-12-r9 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -348,7 +348,7 @@ agent: image: registry: docker.io repository: bitnami/jenkins-agent - tag: 0.3206.0-debian-11-r5 + tag: 0.3206.0-debian-12-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -992,7 +992,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 1e9420cf9ad2177ce844a51b490c246e2537b1a3 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 15:26:57 +0100 Subject: [PATCH 065/129] [bitnami/vault] Release 0.10.1 updating components versions (#23660) Signed-off-by: Bitnami Containers --- bitnami/vault/Chart.lock | 6 +++--- bitnami/vault/Chart.yaml | 12 ++++++------ bitnami/vault/values.yaml | 8 ++++---- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/bitnami/vault/Chart.lock b/bitnami/vault/Chart.lock index 2af27c51324b79..bf034c875e7527 100644 --- a/bitnami/vault/Chart.lock +++ b/bitnami/vault/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T16:15:33.605062291+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T13:57:15.674111723Z" diff --git a/bitnami/vault/Chart.yaml b/bitnami/vault/Chart.yaml index 2a63e9e6a3ba35..1171e18ef43c95 100644 --- a/bitnami/vault/Chart.yaml +++ b/bitnami/vault/Chart.yaml @@ -6,13 +6,13 @@ annotations: licenses: Apache-2.0 images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 + - name: vault + image: docker.io/bitnami/vault:1.15.5-debian-12-r5 - name: vault-csi-provider - image: docker.io/bitnami/vault-csi-provider:1.4.1-debian-11-r9 + image: docker.io/bitnami/vault-csi-provider:1.4.1-debian-12-r13 - name: vault-k8s - image: docker.io/bitnami/vault-k8s:1.3.1-debian-11-r9 - - name: vault - image: docker.io/bitnami/vault:1.15.5-debian-11-r2 + image: docker.io/bitnami/vault-k8s:1.3.1-debian-12-r13 apiVersion: v2 appVersion: 1.15.5 dependencies: @@ -35,4 +35,4 @@ maintainers: name: vault sources: - https://github.com/bitnami/charts/tree/main/bitnami/vault -version: 0.10.0 +version: 0.10.1 diff --git a/bitnami/vault/values.yaml b/bitnami/vault/values.yaml index 4b11b277c755a7..0778e3fc8a35e8 100644 --- a/bitnami/vault/values.yaml +++ b/bitnami/vault/values.yaml @@ -79,7 +79,7 @@ server: image: registry: docker.io repository: bitnami/vault - tag: 1.15.5-debian-11-r2 + tag: 1.15.5-debian-12-r5 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -793,7 +793,7 @@ csiProvider: image: registry: docker.io repository: bitnami/vault-csi-provider - tag: 1.4.1-debian-11-r9 + tag: 1.4.1-debian-12-r13 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1294,7 +1294,7 @@ injector: image: registry: docker.io repository: bitnami/vault-k8s - tag: 1.3.1-debian-11-r9 + tag: 1.3.1-debian-12-r13 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1744,7 +1744,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 2fe5ace21fe411cef5ab6d255f445faf28cabb56 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 15:29:50 +0100 Subject: [PATCH 066/129] [bitnami/influxdb] Release 5.16.2 updating components versions (#23661) Signed-off-by: Bitnami Containers --- bitnami/influxdb/Chart.lock | 6 +++--- bitnami/influxdb/Chart.yaml | 12 ++++++------ bitnami/influxdb/values.yaml | 10 +++++----- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/bitnami/influxdb/Chart.lock b/bitnami/influxdb/Chart.lock index 7ec2d16c86d122..9e7f2ba0cc5cbb 100644 --- a/bitnami/influxdb/Chart.lock +++ b/bitnami/influxdb/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:03:26.866059518+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:00:35.290092315Z" diff --git a/bitnami/influxdb/Chart.yaml b/bitnami/influxdb/Chart.yaml index 87e3efff0bfcd1..78796d4c331754 100644 --- a/bitnami/influxdb/Chart.yaml +++ b/bitnami/influxdb/Chart.yaml @@ -6,15 +6,15 @@ annotations: licenses: Apache-2.0 images: | - name: aws-cli - image: docker.io/bitnami/aws-cli:2.15.10-debian-11-r3 + image: docker.io/bitnami/aws-cli:2.15.20-debian-12-r1 - name: azure-cli - image: docker.io/bitnami/azure-cli:2.57.0-debian-11-r0 + image: docker.io/bitnami/azure-cli:2.57.0-debian-12-r4 - name: google-cloud-sdk - image: docker.io/bitnami/google-cloud-sdk:0.463.0-debian-11-r0 + image: docker.io/bitnami/google-cloud-sdk:0.464.0-debian-12-r2 - name: influxdb - image: docker.io/bitnami/influxdb:2.7.5-debian-11-r9 + image: docker.io/bitnami/influxdb:2.7.5-debian-12-r11 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 2.7.5 dependencies: @@ -37,4 +37,4 @@ maintainers: name: influxdb sources: - https://github.com/bitnami/charts/tree/main/bitnami/influxdb -version: 5.16.1 +version: 5.16.2 diff --git a/bitnami/influxdb/values.yaml b/bitnami/influxdb/values.yaml index e4b24bc9a1af0a..c411bb3cbd74df 100644 --- a/bitnami/influxdb/values.yaml +++ b/bitnami/influxdb/values.yaml @@ -70,7 +70,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/influxdb - tag: 2.7.5-debian-11-r9 + tag: 2.7.5-debian-12-r11 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -876,7 +876,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -1034,7 +1034,7 @@ backup: image: registry: docker.io repository: bitnami/google-cloud-sdk - tag: 0.463.0-debian-11-r0 + tag: 0.464.0-debian-12-r2 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -1073,7 +1073,7 @@ backup: image: registry: docker.io repository: bitnami/azure-cli - tag: 2.57.0-debian-11-r0 + tag: 2.57.0-debian-12-r4 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -1114,7 +1114,7 @@ backup: image: registry: docker.io repository: bitnami/aws-cli - tag: 2.15.10-debian-11-r3 + tag: 2.15.20-debian-12-r1 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images From 08be73dd3891358d615ff18b39b4a92eae2c8634 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 15:30:17 +0100 Subject: [PATCH 067/129] [bitnami/joomla] Release 18.4.1 updating components versions (#23664) Signed-off-by: Bitnami Containers --- bitnami/joomla/Chart.lock | 8 ++++---- bitnami/joomla/Chart.yaml | 8 ++++---- bitnami/joomla/README.md | 1 - bitnami/joomla/values.yaml | 4 ++-- 4 files changed, 10 insertions(+), 11 deletions(-) diff --git a/bitnami/joomla/Chart.lock b/bitnami/joomla/Chart.lock index 6516616726079a..8d24ed809214ba 100644 --- a/bitnami/joomla/Chart.lock +++ b/bitnami/joomla/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: mariadb repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.2 + version: 15.2.3 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:02e9fc30c23cb9cdab4426cd29f465bcdedb599cc3ca71b93a050af21de75a9a -generated: "2024-02-14T15:07:06.323695969+01:00" + version: 2.16.1 +digest: sha256:aa458dbf23d5ef02fcef95f38e53da0a1891b5aa4ca1564c8c057c30a147865a +generated: "2024-02-21T14:04:35.98279827Z" diff --git a/bitnami/joomla/Chart.yaml b/bitnami/joomla/Chart.yaml index 794d93a86e309d..c3b91f73d63019 100644 --- a/bitnami/joomla/Chart.yaml +++ b/bitnami/joomla/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: apache-exporter - image: docker.io/bitnami/apache-exporter:1.0.6-debian-11-r1 + image: docker.io/bitnami/apache-exporter:1.0.6-debian-12-r6 - name: joomla - image: docker.io/bitnami/joomla:5.0.2-debian-11-r3 + image: docker.io/bitnami/joomla:5.0.3-debian-12-r0 apiVersion: v2 -appVersion: 5.0.2 +appVersion: 5.0.3 dependencies: - condition: mariadb.enabled name: mariadb @@ -36,4 +36,4 @@ maintainers: name: joomla sources: - https://github.com/bitnami/charts/tree/main/bitnami/joomla -version: 18.4.0 +version: 18.4.1 diff --git a/bitnami/joomla/README.md b/bitnami/joomla/README.md index c8d1a41d28e1cb..3a443857b51a7f 100644 --- a/bitnami/joomla/README.md +++ b/bitnami/joomla/README.md @@ -1,6 +1,5 @@ - # Bitnami package for Joomla! Joomla! is an award winning open source CMS platform for building websites and applications. It includes page caching, page compression and Let's Encrypt auto-configuration support. diff --git a/bitnami/joomla/values.yaml b/bitnami/joomla/values.yaml index 11278b716d9ddb..001980e741ce50 100644 --- a/bitnami/joomla/values.yaml +++ b/bitnami/joomla/values.yaml @@ -59,7 +59,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/joomla - tag: 5.0.2-debian-11-r3 + tag: 5.0.3-debian-12-r0 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -658,7 +658,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 1.0.6-debian-11-r1 + tag: 1.0.6-debian-12-r6 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From fa8bbb6934d0ee45cd3a62c7caa1471df809d5d6 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 15:32:32 +0100 Subject: [PATCH 068/129] [bitnami/jaeger] Release 1.10.1 updating components versions (#23662) Signed-off-by: Bitnami Containers --- bitnami/jaeger/Chart.lock | 8 ++++---- bitnami/jaeger/Chart.yaml | 6 +++--- bitnami/jaeger/values.yaml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bitnami/jaeger/Chart.lock b/bitnami/jaeger/Chart.lock index d73624150565ea..10301ac32baf7d 100644 --- a/bitnami/jaeger/Chart.lock +++ b/bitnami/jaeger/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 + version: 2.16.1 - name: cassandra repository: oci://registry-1.docker.io/bitnamicharts - version: 10.9.0 -digest: sha256:094cd7fa0288992ebb1d71bdd576c493cc28f3e0c4fbeeb9649dc1548aeef1db -generated: "2024-02-14T15:04:17.888586767+01:00" + version: 10.11.1 +digest: sha256:ff8917360a6cb33189064b6c45095a3490d8cd212a8678b492509f58520e1f30 +generated: "2024-02-21T14:02:06.562241613Z" diff --git a/bitnami/jaeger/Chart.yaml b/bitnami/jaeger/Chart.yaml index 0e0bb4b35a4de8..8fa96800151383 100644 --- a/bitnami/jaeger/Chart.yaml +++ b/bitnami/jaeger/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: cassandra - image: docker.io/bitnami/cassandra:4.0.12-debian-11-r2 + image: docker.io/bitnami/cassandra:4.0.12-debian-12-r6 - name: jaeger - image: docker.io/bitnami/jaeger:1.54.0-debian-11-r2 + image: docker.io/bitnami/jaeger:1.54.0-debian-12-r4 apiVersion: v2 appVersion: 1.54.0 dependencies: @@ -34,4 +34,4 @@ maintainers: name: jaeger sources: - https://github.com/bitnami/charts/tree/main/bitnami/jaeger -version: 1.10.0 +version: 1.10.1 diff --git a/bitnami/jaeger/values.yaml b/bitnami/jaeger/values.yaml index 1e97b99e7325a8..338375aa02ac58 100644 --- a/bitnami/jaeger/values.yaml +++ b/bitnami/jaeger/values.yaml @@ -67,7 +67,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/jaeger - tag: 1.54.0-debian-11-r2 + tag: 1.54.0-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1444,7 +1444,7 @@ migration: cqlshImage: registry: docker.io repository: bitnami/cassandra - tag: 4.0.12-debian-11-r2 + tag: 4.0.12-debian-12-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From a459579fe0822c9575606717aeaea4177041b727 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 15:45:13 +0100 Subject: [PATCH 069/129] [bitnami/multus-cni] Release 1.7.1 updating components versions (#23670) Signed-off-by: Bitnami Containers --- bitnami/multus-cni/Chart.lock | 6 +++--- bitnami/multus-cni/Chart.yaml | 6 ++++-- bitnami/multus-cni/values.yaml | 2 +- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/bitnami/multus-cni/Chart.lock b/bitnami/multus-cni/Chart.lock index 2441f8075bc59c..b21f06478c7100 100644 --- a/bitnami/multus-cni/Chart.lock +++ b/bitnami/multus-cni/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:35:43.783970147+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:21:57.941000714Z" diff --git a/bitnami/multus-cni/Chart.yaml b/bitnami/multus-cni/Chart.yaml index 5ae16bd19c8455..e9dfe8ef36f350 100644 --- a/bitnami/multus-cni/Chart.yaml +++ b/bitnami/multus-cni/Chart.yaml @@ -4,7 +4,9 @@ annotations: category: Analytics licenses: Apache-2.0 - images: '' + images: | + - name: multus-cni + image: docker.io/bitnami/multus-cni:4.0.2-debian-12-r18 apiVersion: v2 appVersion: 4.0.2 dependencies: @@ -27,4 +29,4 @@ maintainers: name: multus-cni sources: - https://github.com/bitnami/charts/tree/main/bitnami/multus-cni -version: 1.7.0 +version: 1.7.1 diff --git a/bitnami/multus-cni/values.yaml b/bitnami/multus-cni/values.yaml index d164f96f625120..b6ff9725167c1b 100644 --- a/bitnami/multus-cni/values.yaml +++ b/bitnami/multus-cni/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/multus-cni - tag: 4.0.2-debian-11-r137 + tag: 4.0.2-debian-12-r18 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From b11d8ebb9c611fb4fc8d82e72b90fb3681224c3a Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 15:45:20 +0100 Subject: [PATCH 070/129] [bitnami/keycloak] Release 18.6.1 updating components versions (#23666) Signed-off-by: Bitnami Containers --- bitnami/keycloak/Chart.lock | 8 ++++---- bitnami/keycloak/Chart.yaml | 8 ++++---- bitnami/keycloak/values.yaml | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/keycloak/Chart.lock b/bitnami/keycloak/Chart.lock index 5d8dd5ac0f59fa..34466569803a5a 100644 --- a/bitnami/keycloak/Chart.lock +++ b/bitnami/keycloak/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.4 + version: 13.4.6 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:e08d67109d82e36a3e93290f950311e7761cee1565ff9cf4af06faf37b10fa31 -generated: "2024-02-14T15:10:58.346032159+01:00" + version: 2.16.1 +digest: sha256:13493ce073076d218152b111a17dbcdd9a2173681ec0f2e51142c4819964c1da +generated: "2024-02-21T14:18:41.575588627Z" diff --git a/bitnami/keycloak/Chart.yaml b/bitnami/keycloak/Chart.yaml index a730f6ff27114c..9a9027cea92d57 100644 --- a/bitnami/keycloak/Chart.yaml +++ b/bitnami/keycloak/Chart.yaml @@ -5,10 +5,10 @@ annotations: category: DeveloperTools licenses: Apache-2.0 images: | - - name: keycloak-config-cli - image: docker.io/bitnami/keycloak-config-cli:5.10.0-debian-11-r4 - name: keycloak - image: docker.io/bitnami/keycloak:23.0.6-debian-11-r0 + image: docker.io/bitnami/keycloak:23.0.6-debian-12-r3 + - name: keycloak-config-cli + image: docker.io/bitnami/keycloak-config-cli:5.10.0-debian-12-r8 apiVersion: v2 appVersion: 23.0.6 dependencies: @@ -33,4 +33,4 @@ maintainers: name: keycloak sources: - https://github.com/bitnami/charts/tree/main/bitnami/keycloak -version: 18.6.0 +version: 18.6.1 diff --git a/bitnami/keycloak/values.yaml b/bitnami/keycloak/values.yaml index 284086bb1f8895..97c756557bd56c 100644 --- a/bitnami/keycloak/values.yaml +++ b/bitnami/keycloak/values.yaml @@ -92,7 +92,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/keycloak - tag: 23.0.6-debian-11-r0 + tag: 23.0.6-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -920,7 +920,7 @@ keycloakConfigCli: image: registry: docker.io repository: bitnami/keycloak-config-cli - tag: 5.10.0-debian-11-r4 + tag: 5.10.0-debian-12-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 2882bdfe151754ce3e6674ca6911fa6576d351a1 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 15:45:25 +0100 Subject: [PATCH 071/129] [bitnami/kubeapps] Release 14.5.1 updating components versions (#23668) Signed-off-by: Bitnami Containers --- bitnami/kubeapps/Chart.lock | 10 +++++----- bitnami/kubeapps/Chart.yaml | 20 ++++++++++---------- bitnami/kubeapps/values.yaml | 16 ++++++++-------- 3 files changed, 23 insertions(+), 23 deletions(-) diff --git a/bitnami/kubeapps/Chart.lock b/bitnami/kubeapps/Chart.lock index 4d80e253673991..002c0b8813404b 100644 --- a/bitnami/kubeapps/Chart.lock +++ b/bitnami/kubeapps/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 18.13.0 + version: 18.14.2 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.4 + version: 13.4.6 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:61a39d7b32265650695e24f219e285e92063f1f074315dd05db99a2f381f0f74 -generated: "2024-02-14T15:18:16.239696889+01:00" + version: 2.16.1 +digest: sha256:4fd480130fa93298f29f35ecf3fed3496aa4469f2d528caea15314361b0b5956 +generated: "2024-02-21T14:20:34.086930317Z" diff --git a/bitnami/kubeapps/Chart.yaml b/bitnami/kubeapps/Chart.yaml index 21f88419d6287a..aba4e0799774b3 100644 --- a/bitnami/kubeapps/Chart.yaml +++ b/bitnami/kubeapps/Chart.yaml @@ -6,21 +6,21 @@ annotations: licenses: Apache-2.0 images: | - name: kubeapps-apis - image: docker.io/bitnami/kubeapps-apis:2.9.0-debian-11-r20 + image: docker.io/bitnami/kubeapps-apis:2.9.0-debian-12-r17 - name: kubeapps-apprepository-controller - image: docker.io/bitnami/kubeapps-apprepository-controller:2.9.0-debian-11-r19 + image: docker.io/bitnami/kubeapps-apprepository-controller:2.9.0-debian-12-r16 - name: kubeapps-asset-syncer - image: docker.io/bitnami/kubeapps-asset-syncer:2.9.0-debian-11-r20 + image: docker.io/bitnami/kubeapps-asset-syncer:2.9.0-debian-12-r17 + - name: kubeapps-dashboard + image: docker.io/bitnami/kubeapps-dashboard:2.9.0-debian-12-r17 - name: kubeapps-oci-catalog - image: docker.io/bitnami/kubeapps-oci-catalog:2.9.0-debian-11-r12 + image: docker.io/bitnami/kubeapps-oci-catalog:2.9.0-debian-12-r16 - name: kubeapps-pinniped-proxy - image: docker.io/bitnami/kubeapps-pinniped-proxy:2.9.0-debian-11-r16 - - name: kubeapps-dashboard - image: docker.io/bitnami/kubeapps-dashboard:2.9.0-debian-11-r22 + image: docker.io/bitnami/kubeapps-pinniped-proxy:2.9.0-debian-12-r16 - name: nginx - image: docker.io/bitnami/nginx:1.25.3-debian-11-r7 + image: docker.io/bitnami/nginx:1.25.4-debian-12-r1 - name: oauth2-proxy - image: docker.io/bitnami/oauth2-proxy:7.5.1-debian-11-r17 + image: docker.io/bitnami/oauth2-proxy:7.6.0-debian-12-r1 apiVersion: v2 appVersion: 2.9.0 dependencies: @@ -52,4 +52,4 @@ maintainers: name: kubeapps sources: - https://github.com/bitnami/charts/tree/main/bitnami/kubeapps -version: 14.5.0 +version: 14.5.1 diff --git a/bitnami/kubeapps/values.yaml b/bitnami/kubeapps/values.yaml index 7096f819a7ea04..d21e6d8619b865 100644 --- a/bitnami/kubeapps/values.yaml +++ b/bitnami/kubeapps/values.yaml @@ -202,7 +202,7 @@ frontend: image: registry: docker.io repository: bitnami/nginx - tag: 1.25.3-debian-11-r7 + tag: 1.25.4-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -547,7 +547,7 @@ dashboard: image: registry: docker.io repository: bitnami/kubeapps-dashboard - tag: 2.9.0-debian-11-r22 + tag: 2.9.0-debian-12-r17 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -880,7 +880,7 @@ apprepository: image: registry: docker.io repository: bitnami/kubeapps-apprepository-controller - tag: 2.9.0-debian-11-r19 + tag: 2.9.0-debian-12-r16 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -907,7 +907,7 @@ apprepository: syncImage: registry: docker.io repository: bitnami/kubeapps-asset-syncer - tag: 2.9.0-debian-11-r20 + tag: 2.9.0-debian-12-r17 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1217,7 +1217,7 @@ authProxy: image: registry: docker.io repository: bitnami/oauth2-proxy - tag: 7.5.1-debian-11-r17 + tag: 7.6.0-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1372,7 +1372,7 @@ pinnipedProxy: image: registry: docker.io repository: bitnami/kubeapps-pinniped-proxy - tag: 2.9.0-debian-11-r16 + tag: 2.9.0-debian-12-r16 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1685,7 +1685,7 @@ kubeappsapis: image: registry: docker.io repository: bitnami/kubeapps-apis - tag: 2.9.0-debian-11-r20 + tag: 2.9.0-debian-12-r17 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1996,7 +1996,7 @@ ociCatalog: image: registry: docker.io repository: bitnami/kubeapps-oci-catalog - tag: 2.9.0-debian-11-r12 + tag: 2.9.0-debian-12-r16 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 9f18b019c6ed198f88f915e42a06be2afe4c5c81 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 15:45:41 +0100 Subject: [PATCH 072/129] [bitnami/mysql] Release 9.21.1 updating components versions (#23672) Signed-off-by: Bitnami Containers --- bitnami/mysql/Chart.lock | 6 +++--- bitnami/mysql/Chart.yaml | 8 ++++---- bitnami/mysql/values.yaml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/mysql/Chart.lock b/bitnami/mysql/Chart.lock index 236f0334056913..ee0c9284a5d406 100644 --- a/bitnami/mysql/Chart.lock +++ b/bitnami/mysql/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:36:45.035639342+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:22:31.996818342Z" diff --git a/bitnami/mysql/Chart.yaml b/bitnami/mysql/Chart.yaml index ffa9bfe7447ee4..c0dfeba1c7d2df 100644 --- a/bitnami/mysql/Chart.yaml +++ b/bitnami/mysql/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: mysql - image: docker.io/bitnami/mysql:8.0.36-debian-11-r4 + image: docker.io/bitnami/mysql:8.0.36-debian-12-r7 - name: mysqld-exporter - image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-11-r5 + image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-12-r7 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 8.0.36 dependencies: @@ -34,4 +34,4 @@ maintainers: name: mysql sources: - https://github.com/bitnami/charts/tree/main/bitnami/mysql -version: 9.21.0 +version: 9.21.1 diff --git a/bitnami/mysql/values.yaml b/bitnami/mysql/values.yaml index f2d6538c687be6..8ca9a55467b256 100644 --- a/bitnami/mysql/values.yaml +++ b/bitnami/mysql/values.yaml @@ -81,7 +81,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mysql - tag: 8.0.36-debian-11-r4 + tag: 8.0.36-debian-12-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1112,7 +1112,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1157,7 +1157,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.15.1-debian-11-r5 + tag: 0.15.1-debian-12-r7 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From bd9e73bfb10540ef3c22ccbe315d333114b6e615 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 15:45:53 +0100 Subject: [PATCH 073/129] [bitnami/kiam] Release 1.9.1 updating components versions (#23705) Signed-off-by: Bitnami Containers --- bitnami/kiam/Chart.lock | 6 +++--- bitnami/kiam/Chart.yaml | 4 ++-- bitnami/kiam/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/kiam/Chart.lock b/bitnami/kiam/Chart.lock index e6b201b27e8b00..719b93484476e6 100644 --- a/bitnami/kiam/Chart.lock +++ b/bitnami/kiam/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:12:00.307347804+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:36:16.302602097Z" diff --git a/bitnami/kiam/Chart.yaml b/bitnami/kiam/Chart.yaml index 331d33c63e51c2..4794acfd940607 100644 --- a/bitnami/kiam/Chart.yaml +++ b/bitnami/kiam/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: kiam - image: docker.io/bitnami/kiam:4.2.0-debian-11-r431 + image: docker.io/bitnami/kiam:4.2.0-debian-12-r20 apiVersion: v2 appVersion: 4.2.0 dependencies: @@ -28,4 +28,4 @@ maintainers: name: kiam sources: - https://github.com/bitnami/charts/tree/main/bitnami/kiam -version: 1.9.0 +version: 1.9.1 diff --git a/bitnami/kiam/values.yaml b/bitnami/kiam/values.yaml index 1b3bd272359a0a..8cd0cfea8fe62a 100644 --- a/bitnami/kiam/values.yaml +++ b/bitnami/kiam/values.yaml @@ -64,7 +64,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/kiam - tag: 4.2.0-debian-11-r431 + tag: 4.2.0-debian-12-r20 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 8e29b56e8399a3352c4b59143d7baa5899cea1a1 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 15:49:02 +0100 Subject: [PATCH 074/129] [bitnami/nginx] Release 15.12.1 updating components versions (#23673) Signed-off-by: Bitnami Containers --- bitnami/nginx/Chart.lock | 6 +++--- bitnami/nginx/Chart.yaml | 10 +++++----- bitnami/nginx/values.yaml | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/bitnami/nginx/Chart.lock b/bitnami/nginx/Chart.lock index f091dc9b99c362..1031cb3b281ea6 100644 --- a/bitnami/nginx/Chart.lock +++ b/bitnami/nginx/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:39:26.665250951+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:23:11.578246321Z" diff --git a/bitnami/nginx/Chart.yaml b/bitnami/nginx/Chart.yaml index 9dd3994faec2a9..10cb8ab7dcdccc 100644 --- a/bitnami/nginx/Chart.yaml +++ b/bitnami/nginx/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: git - image: docker.io/bitnami/git:2.43.2-debian-11-r0 - - name: nginx-exporter - image: docker.io/bitnami/nginx-exporter:1.1.0-debian-11-r16 + image: docker.io/bitnami/git:2.43.2-debian-12-r1 - name: nginx - image: docker.io/bitnami/nginx:1.25.4-debian-11-r0 + image: docker.io/bitnami/nginx:1.25.4-debian-12-r1 + - name: nginx-exporter + image: docker.io/bitnami/nginx-exporter:1.1.0-debian-12-r6 apiVersion: v2 appVersion: 1.25.4 dependencies: @@ -34,4 +34,4 @@ maintainers: name: nginx sources: - https://github.com/bitnami/charts/tree/main/bitnami/nginx -version: 15.12.0 +version: 15.12.1 diff --git a/bitnami/nginx/values.yaml b/bitnami/nginx/values.yaml index 378c74c4489e17..e437819b2c50ed 100644 --- a/bitnami/nginx/values.yaml +++ b/bitnami/nginx/values.yaml @@ -71,7 +71,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/nginx - tag: 1.25.4-debian-11-r0 + tag: 1.25.4-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -443,7 +443,7 @@ cloneStaticSiteFromGit: image: registry: docker.io repository: bitnami/git - tag: 2.43.2-debian-11-r0 + tag: 2.43.2-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -873,7 +873,7 @@ metrics: image: registry: docker.io repository: bitnami/nginx-exporter - tag: 1.1.0-debian-11-r16 + tag: 1.1.0-debian-12-r6 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From ca97776958ce4653c4202d93cc75ddcc1040c9b9 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 15:53:39 +0100 Subject: [PATCH 075/129] [bitnami/moodle] Release 20.4.1 updating components versions (#23669) Signed-off-by: Bitnami Containers --- bitnami/moodle/Chart.lock | 8 ++++---- bitnami/moodle/Chart.yaml | 8 ++++---- bitnami/moodle/values.yaml | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/bitnami/moodle/Chart.lock b/bitnami/moodle/Chart.lock index bdf4a7397d3d55..aad875853a1b4d 100644 --- a/bitnami/moodle/Chart.lock +++ b/bitnami/moodle/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: mariadb repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.2 + version: 15.2.3 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:02e9fc30c23cb9cdab4426cd29f465bcdedb599cc3ca71b93a050af21de75a9a -generated: "2024-02-14T15:34:50.294247879+01:00" + version: 2.16.1 +digest: sha256:aa458dbf23d5ef02fcef95f38e53da0a1891b5aa4ca1564c8c057c30a147865a +generated: "2024-02-21T14:20:46.767407621Z" diff --git a/bitnami/moodle/Chart.yaml b/bitnami/moodle/Chart.yaml index 97f7b09304f687..9d2fbe1ec321ce 100644 --- a/bitnami/moodle/Chart.yaml +++ b/bitnami/moodle/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: apache-exporter - image: docker.io/bitnami/apache-exporter:1.0.6-debian-11-r6 + image: docker.io/bitnami/apache-exporter:1.0.6-debian-12-r6 - name: moodle - image: docker.io/bitnami/moodle:4.3.3-debian-11-r0 + image: docker.io/bitnami/moodle:4.3.3-debian-12-r2 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r100 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 4.3.3 dependencies: @@ -36,4 +36,4 @@ maintainers: name: moodle sources: - https://github.com/bitnami/charts/tree/main/bitnami/moodle -version: 20.4.0 +version: 20.4.1 diff --git a/bitnami/moodle/values.yaml b/bitnami/moodle/values.yaml index f9f7b107be21ed..72ca8caaaa4ecf 100644 --- a/bitnami/moodle/values.yaml +++ b/bitnami/moodle/values.yaml @@ -53,7 +53,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/moodle - tag: 4.3.3-debian-11-r0 + tag: 4.3.3-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -691,7 +691,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r100 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -736,7 +736,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 1.0.6-debian-11-r6 + tag: 1.0.6-debian-12-r6 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -864,7 +864,7 @@ certificates: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r100 + tag: 12-debian-12-r15 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 5fd77a8607ddc9ff1ad17a5387d626ea63f37b5c Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 15:58:51 +0100 Subject: [PATCH 076/129] [bitnami/prometheus] Release 0.11.1 updating components versions (#23685) Signed-off-by: Bitnami Containers --- bitnami/prometheus/Chart.lock | 6 +++--- bitnami/prometheus/Chart.yaml | 10 +++++----- bitnami/prometheus/values.yaml | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/bitnami/prometheus/Chart.lock b/bitnami/prometheus/Chart.lock index 01bfc96275d796..181c0a8cdbcc57 100644 --- a/bitnami/prometheus/Chart.lock +++ b/bitnami/prometheus/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:56:31.022066953+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:27:38.046438167Z" diff --git a/bitnami/prometheus/Chart.yaml b/bitnami/prometheus/Chart.yaml index d4b3dd8d1fc023..a3e060be3c576b 100644 --- a/bitnami/prometheus/Chart.yaml +++ b/bitnami/prometheus/Chart.yaml @@ -6,13 +6,13 @@ annotations: licenses: Apache-2.0 images: | - name: alertmanager - image: docker.io/bitnami/alertmanager:0.26.0-debian-11-r54 + image: docker.io/bitnami/alertmanager:0.26.0-debian-12-r25 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: prometheus - image: docker.io/bitnami/prometheus:2.49.1-debian-11-r6 + image: docker.io/bitnami/prometheus:2.49.1-debian-12-r8 - name: thanos - image: docker.io/bitnami/thanos:0.34.0-debian-11-r3 + image: docker.io/bitnami/thanos:0.34.0-debian-12-r4 apiVersion: v2 appVersion: 2.49.1 dependencies: @@ -35,4 +35,4 @@ sources: - https://github.com/bitnami/containers/tree/main/bitnami/prometheus - https://github.com/prometheus/prometheus - https://github.com/prometheus-community/helm-charts -version: 0.11.0 +version: 0.11.1 diff --git a/bitnami/prometheus/values.yaml b/bitnami/prometheus/values.yaml index 482a5920a40c27..45ef5a2701976a 100644 --- a/bitnami/prometheus/values.yaml +++ b/bitnami/prometheus/values.yaml @@ -81,7 +81,7 @@ alertmanager: image: registry: docker.io repository: bitnami/alertmanager - tag: 0.26.0-debian-11-r54 + tag: 0.26.0-debian-12-r25 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -655,7 +655,7 @@ server: image: registry: docker.io repository: bitnami/prometheus - tag: 2.49.1-debian-11-r6 + tag: 2.49.1-debian-12-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1047,7 +1047,7 @@ server: image: registry: docker.io repository: bitnami/thanos - tag: 0.34.0-debian-11-r3 + tag: 0.34.0-debian-12-r4 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -1644,7 +1644,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From 60d8d729982d4db88b6e0cc8955b6f7381c0623e Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 15:59:07 +0100 Subject: [PATCH 077/129] [bitnami/postgresql] Release 14.2.1 updating components versions (#23682) Signed-off-by: Bitnami Containers --- bitnami/postgresql/Chart.lock | 6 +++--- bitnami/postgresql/Chart.yaml | 8 ++++---- bitnami/postgresql/values.yaml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/postgresql/Chart.lock b/bitnami/postgresql/Chart.lock index 0f3b2c87df4337..08fa0ae1e7bee2 100644 --- a/bitnami/postgresql/Chart.lock +++ b/bitnami/postgresql/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:52:42.25759233+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:25:43.74084307Z" diff --git a/bitnami/postgresql/Chart.yaml b/bitnami/postgresql/Chart.yaml index 499a7a88b62c92..1940c1369b3c1b 100644 --- a/bitnami/postgresql/Chart.yaml +++ b/bitnami/postgresql/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r112 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: postgres-exporter - image: docker.io/bitnami/postgres-exporter:0.15.0-debian-11-r26 + image: docker.io/bitnami/postgres-exporter:0.15.0-debian-12-r12 - name: postgresql - image: docker.io/bitnami/postgresql:16.2.0-debian-11-r17 + image: docker.io/bitnami/postgresql:16.2.0-debian-12-r4 apiVersion: v2 appVersion: 16.2.0 dependencies: @@ -35,4 +35,4 @@ maintainers: name: postgresql sources: - https://github.com/bitnami/charts/tree/main/bitnami/postgresql -version: 14.2.0 +version: 14.2.1 diff --git a/bitnami/postgresql/values.yaml b/bitnami/postgresql/values.yaml index 72add789f10151..a42332053e91fd 100644 --- a/bitnami/postgresql/values.yaml +++ b/bitnami/postgresql/values.yaml @@ -96,7 +96,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/postgresql - tag: 16.2.0-debian-11-r17 + tag: 16.2.0-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1354,7 +1354,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r112 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1463,7 +1463,7 @@ metrics: image: registry: docker.io repository: bitnami/postgres-exporter - tag: 0.15.0-debian-11-r26 + tag: 0.15.0-debian-12-r12 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 24776f09fcdba68811b9eb6a677efc4e86204e6b Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:01:34 +0100 Subject: [PATCH 078/129] [bitnami/pytorch] Release 3.9.1 updating components versions (#23688) Signed-off-by: Bitnami Containers --- bitnami/pytorch/Chart.lock | 6 +++--- bitnami/pytorch/Chart.yaml | 8 ++++---- bitnami/pytorch/values.yaml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/pytorch/Chart.lock b/bitnami/pytorch/Chart.lock index d8bae20177ab4c..6d39385682d141 100644 --- a/bitnami/pytorch/Chart.lock +++ b/bitnami/pytorch/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:57:52.978792814+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:29:17.262528297Z" diff --git a/bitnami/pytorch/Chart.yaml b/bitnami/pytorch/Chart.yaml index ac7a359829c5b3..91db8d489bc489 100644 --- a/bitnami/pytorch/Chart.yaml +++ b/bitnami/pytorch/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: git - image: docker.io/bitnami/git:2.43.0-debian-11-r9 + image: docker.io/bitnami/git:2.43.2-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: pytorch - image: docker.io/bitnami/pytorch:2.2.0-debian-11-r2 + image: docker.io/bitnami/pytorch:2.2.0-debian-12-r4 apiVersion: v2 appVersion: 2.2.0 dependencies: @@ -33,4 +33,4 @@ maintainers: name: pytorch sources: - https://github.com/bitnami/charts/tree/main/bitnami/pytorch -version: 3.9.0 +version: 3.9.1 diff --git a/bitnami/pytorch/values.yaml b/bitnami/pytorch/values.yaml index 5230a11e6b1c54..7c58756fa7e4fb 100644 --- a/bitnami/pytorch/values.yaml +++ b/bitnami/pytorch/values.yaml @@ -69,7 +69,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/pytorch - tag: 2.2.0-debian-11-r2 + tag: 2.2.0-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -537,7 +537,7 @@ networkPolicy: git: registry: docker.io repository: bitnami/git - tag: 2.43.0-debian-11-r9 + tag: 2.43.2-debian-12-r1 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -566,7 +566,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From f2f9358e8b7ec36434b51764d8b89186b05e12f9 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:02:21 +0100 Subject: [PATCH 079/129] [bitnami/redis] Release 18.15.1 updating components versions (#23692) Signed-off-by: Bitnami Containers --- bitnami/redis/Chart.lock | 6 +++--- bitnami/redis/Chart.yaml | 12 ++++++------ bitnami/redis/values.yaml | 10 +++++----- 3 files changed, 14 insertions(+), 14 deletions(-) diff --git a/bitnami/redis/Chart.lock b/bitnami/redis/Chart.lock index c9564857728889..d94791c90cead9 100644 --- a/bitnami/redis/Chart.lock +++ b/bitnami/redis/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T16:01:05.77962376+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:31:01.173894495Z" diff --git a/bitnami/redis/Chart.yaml b/bitnami/redis/Chart.yaml index 59bf6caa555cbd..b1fcdacc23e9fd 100644 --- a/bitnami/redis/Chart.yaml +++ b/bitnami/redis/Chart.yaml @@ -6,13 +6,13 @@ annotations: licenses: Apache-2.0 images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 + - name: redis + image: docker.io/bitnami/redis:7.2.4-debian-12-r8 - name: redis-exporter - image: docker.io/bitnami/redis-exporter:1.57.0-debian-11-r2 + image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r2 - name: redis-sentinel - image: docker.io/bitnami/redis-sentinel:7.2.4-debian-11-r6 - - name: redis - image: docker.io/bitnami/redis:7.2.4-debian-11-r5 + image: docker.io/bitnami/redis-sentinel:7.2.4-debian-12-r6 apiVersion: v2 appVersion: 7.2.4 dependencies: @@ -34,4 +34,4 @@ maintainers: name: redis sources: - https://github.com/bitnami/charts/tree/main/bitnami/redis -version: 18.15.0 +version: 18.15.1 diff --git a/bitnami/redis/values.yaml b/bitnami/redis/values.yaml index 63872e68c663f3..65ae7ac5709b8b 100644 --- a/bitnami/redis/values.yaml +++ b/bitnami/redis/values.yaml @@ -91,7 +91,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/redis - tag: 7.2.4-debian-11-r5 + tag: 7.2.4-debian-12-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1094,7 +1094,7 @@ sentinel: image: registry: docker.io repository: bitnami/redis-sentinel - tag: 7.2.4-debian-11-r6 + tag: 7.2.4-debian-12-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1585,7 +1585,7 @@ metrics: image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.57.0-debian-11-r2 + tag: 1.58.0-debian-12-r2 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1950,7 +1950,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -2008,7 +2008,7 @@ sysctl: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 5bfe3320bc4b3c0131f5d32aafa822e7b36fd410 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:04:27 +0100 Subject: [PATCH 080/129] [bitnami/node-exporter] Release 3.14.1 updating components versions (#23681) Signed-off-by: Bitnami Containers --- bitnami/node-exporter/Chart.lock | 6 +++--- bitnami/node-exporter/Chart.yaml | 4 ++-- bitnami/node-exporter/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/node-exporter/Chart.lock b/bitnami/node-exporter/Chart.lock index b339ab0de9bad8..a818abe93535d6 100644 --- a/bitnami/node-exporter/Chart.lock +++ b/bitnami/node-exporter/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:42:07.899491442+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:25:43.16158045Z" diff --git a/bitnami/node-exporter/Chart.yaml b/bitnami/node-exporter/Chart.yaml index 352110edd9f0d5..b6bf1e5fb0921c 100644 --- a/bitnami/node-exporter/Chart.yaml +++ b/bitnami/node-exporter/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: node-exporter - image: docker.io/bitnami/node-exporter:1.7.0-debian-11-r8 + image: docker.io/bitnami/node-exporter:1.7.0-debian-12-r11 apiVersion: v2 appVersion: 1.7.0 dependencies: @@ -28,4 +28,4 @@ maintainers: name: node-exporter sources: - https://github.com/bitnami/charts/tree/main/bitnami/node-exporter -version: 3.14.0 +version: 3.14.1 diff --git a/bitnami/node-exporter/values.yaml b/bitnami/node-exporter/values.yaml index de46905bbba9f9..b51c00bb8d98a7 100644 --- a/bitnami/node-exporter/values.yaml +++ b/bitnami/node-exporter/values.yaml @@ -101,7 +101,7 @@ serviceAccount: image: registry: docker.io repository: bitnami/node-exporter - tag: 1.7.0-debian-11-r8 + tag: 1.7.0-debian-12-r11 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 7234cddcc15f7b087f9f69fdfd43246f86d4ed8a Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:04:38 +0100 Subject: [PATCH 081/129] [bitnami/parse] Release 21.6.1 updating components versions (#23680) Signed-off-by: Bitnami Containers --- bitnami/parse/Chart.lock | 8 ++++---- bitnami/parse/Chart.yaml | 10 +++++----- bitnami/parse/values.yaml | 6 +++--- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/bitnami/parse/Chart.lock b/bitnami/parse/Chart.lock index e2f212f3405e9c..5fe7c9f81ec667 100644 --- a/bitnami/parse/Chart.lock +++ b/bitnami/parse/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: mongodb repository: oci://registry-1.docker.io/bitnamicharts - version: 14.8.2 + version: 14.9.4 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:02bec1f91e446bde185787855da20111d7250b6005860faa3a27560ea923d40f -generated: "2024-02-14T15:48:00.860304127+01:00" + version: 2.16.1 +digest: sha256:dee14bc615621129f7aafcf4fc4d693aa1a4d67c639384c5d0d2a261ecb196fc +generated: "2024-02-21T14:25:40.793481078Z" diff --git a/bitnami/parse/Chart.yaml b/bitnami/parse/Chart.yaml index 21c81f910df4c7..c60bf3e563aa5d 100644 --- a/bitnami/parse/Chart.yaml +++ b/bitnami/parse/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 - - name: parse-dashboard - image: docker.io/bitnami/parse-dashboard:5.3.0-debian-11-r6 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: parse - image: docker.io/bitnami/parse:6.4.0-debian-11-r6 + image: docker.io/bitnami/parse:6.4.0-debian-12-r1 + - name: parse-dashboard + image: docker.io/bitnami/parse-dashboard:5.3.0-debian-12-r1 apiVersion: v2 appVersion: 6.4.0 dependencies: @@ -38,4 +38,4 @@ maintainers: name: parse sources: - https://github.com/bitnami/charts/tree/main/bitnami/parse -version: 21.6.0 +version: 21.6.1 diff --git a/bitnami/parse/values.yaml b/bitnami/parse/values.yaml index e8ae5fbb6e2463..4945f72ba1e19f 100644 --- a/bitnami/parse/values.yaml +++ b/bitnami/parse/values.yaml @@ -77,7 +77,7 @@ server: image: registry: docker.io repository: bitnami/parse - tag: 6.4.0-debian-11-r6 + tag: 6.4.0-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -495,7 +495,7 @@ dashboard: image: registry: docker.io repository: bitnami/parse-dashboard - tag: 5.3.0-debian-11-r6 + tag: 5.3.0-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1068,7 +1068,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 1bf88ab5d09b6b1be29995b955b39431259f8de4 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:04:41 +0100 Subject: [PATCH 082/129] [bitnami/rabbitmq] Release 12.13.1 updating components versions (#23691) Signed-off-by: Bitnami Containers --- bitnami/rabbitmq/Chart.lock | 6 +++--- bitnami/rabbitmq/Chart.yaml | 8 ++++---- bitnami/rabbitmq/values.yaml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bitnami/rabbitmq/Chart.lock b/bitnami/rabbitmq/Chart.lock index 787ee433975c43..e05d631e9b2036 100644 --- a/bitnami/rabbitmq/Chart.lock +++ b/bitnami/rabbitmq/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:58:43.810338479+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:30:41.793002695Z" diff --git a/bitnami/rabbitmq/Chart.yaml b/bitnami/rabbitmq/Chart.yaml index 746d0b55464223..f7e56f9f596e3f 100644 --- a/bitnami/rabbitmq/Chart.yaml +++ b/bitnami/rabbitmq/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: rabbitmq - image: docker.io/bitnami/rabbitmq:3.12.12-debian-11-r7 + image: docker.io/bitnami/rabbitmq:3.12.13-debian-12-r1 apiVersion: v2 -appVersion: 3.12.12 +appVersion: 3.12.13 dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts @@ -30,4 +30,4 @@ maintainers: name: rabbitmq sources: - https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq -version: 12.13.0 +version: 12.13.1 diff --git a/bitnami/rabbitmq/values.yaml b/bitnami/rabbitmq/values.yaml index 40867adfe4ef08..fd35588c879b07 100644 --- a/bitnami/rabbitmq/values.yaml +++ b/bitnami/rabbitmq/values.yaml @@ -33,7 +33,7 @@ global: image: registry: docker.io repository: bitnami/rabbitmq - tag: 3.12.12-debian-11-r7 + tag: 3.12.13-debian-12-r1 digest: "" ## set to true if you would like to see extra information on logs ## It turns BASH and/or NAMI debugging in the image @@ -1434,7 +1434,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From a48415e53878a29d7fb1ab5a97a61ac5cc2fdaa4 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:06:05 +0100 Subject: [PATCH 083/129] [bitnami/odoo] Release 25.5.1 updating components versions (#23675) Signed-off-by: Bitnami Containers --- bitnami/odoo/Chart.lock | 8 ++++---- bitnami/odoo/Chart.yaml | 4 ++-- bitnami/odoo/values.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/bitnami/odoo/Chart.lock b/bitnami/odoo/Chart.lock index 8e061f06b3618c..155c371765a426 100644 --- a/bitnami/odoo/Chart.lock +++ b/bitnami/odoo/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.4 + version: 13.4.6 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:e08d67109d82e36a3e93290f950311e7761cee1565ff9cf4af06faf37b10fa31 -generated: "2024-02-14T15:45:13.127124206+01:00" + version: 2.16.1 +digest: sha256:13493ce073076d218152b111a17dbcdd9a2173681ec0f2e51142c4819964c1da +generated: "2024-02-21T14:23:37.210499915Z" diff --git a/bitnami/odoo/Chart.yaml b/bitnami/odoo/Chart.yaml index 0390be406ea36e..27cacd59f47276 100644 --- a/bitnami/odoo/Chart.yaml +++ b/bitnami/odoo/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: odoo - image: docker.io/bitnami/odoo:17.0.20240205-debian-11-r1 + image: docker.io/bitnami/odoo:17.0.20240205-debian-12-r3 apiVersion: v2 appVersion: 17.0.20240205 dependencies: @@ -34,4 +34,4 @@ maintainers: name: odoo sources: - https://github.com/bitnami/charts/tree/main/bitnami/odoo -version: 25.5.0 +version: 25.5.1 diff --git a/bitnami/odoo/values.yaml b/bitnami/odoo/values.yaml index 20e9bbd57fa732..32bac597c72741 100644 --- a/bitnami/odoo/values.yaml +++ b/bitnami/odoo/values.yaml @@ -70,7 +70,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/odoo - tag: 17.0.20240205-debian-11-r1 + tag: 17.0.20240205-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 6596e61fb7ba80556d3ffd419619656d619e661d Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:06:07 +0100 Subject: [PATCH 084/129] [bitnami/redis-cluster] Release 9.6.1 updating components versions (#23689) Signed-off-by: Bitnami Containers --- bitnami/redis-cluster/Chart.lock | 6 +++--- bitnami/redis-cluster/Chart.yaml | 8 ++++---- bitnami/redis-cluster/values.yaml | 8 ++++---- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/bitnami/redis-cluster/Chart.lock b/bitnami/redis-cluster/Chart.lock index 52a6907d9c393c..6bd0dfb1602a7f 100644 --- a/bitnami/redis-cluster/Chart.lock +++ b/bitnami/redis-cluster/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T16:01:35.418835241+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:29:24.783553739Z" diff --git a/bitnami/redis-cluster/Chart.yaml b/bitnami/redis-cluster/Chart.yaml index 5db22747d9f6c6..9333c58c5eb374 100644 --- a/bitnami/redis-cluster/Chart.yaml +++ b/bitnami/redis-cluster/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: redis-cluster - image: docker.io/bitnami/redis-cluster:7.2.4-debian-11-r5 + image: docker.io/bitnami/redis-cluster:7.2.4-debian-12-r8 - name: redis-exporter - image: docker.io/bitnami/redis-exporter:1.57.0-debian-11-r2 + image: docker.io/bitnami/redis-exporter:1.58.0-debian-12-r2 apiVersion: v2 appVersion: 7.2.4 dependencies: @@ -32,4 +32,4 @@ maintainers: name: redis-cluster sources: - https://github.com/bitnami/charts/tree/main/bitnami/redis-cluster -version: 9.6.0 +version: 9.6.1 diff --git a/bitnami/redis-cluster/values.yaml b/bitnami/redis-cluster/values.yaml index 959ee3581892a4..18630684d4c5de 100644 --- a/bitnami/redis-cluster/values.yaml +++ b/bitnami/redis-cluster/values.yaml @@ -70,7 +70,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/redis-cluster - tag: 7.2.4-debian-11-r5 + tag: 7.2.4-debian-12-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -406,7 +406,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -895,7 +895,7 @@ metrics: image: registry: docker.io repository: bitnami/redis-exporter - tag: 1.57.0-debian-11-r2 + tag: 1.58.0-debian-12-r2 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1083,7 +1083,7 @@ sysctlImage: ## registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 9ef60d26a4aabd7f4a0570ea1223d80e3ce6c91a Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:06:20 +0100 Subject: [PATCH 085/129] [bitnami/kube-prometheus] Release 8.28.1 updating components versions (#23686) Signed-off-by: Bitnami Containers --- bitnami/kube-prometheus/Chart.lock | 10 +++++----- bitnami/kube-prometheus/Chart.yaml | 14 +++++++------- bitnami/kube-prometheus/values.yaml | 10 +++++----- 3 files changed, 17 insertions(+), 17 deletions(-) diff --git a/bitnami/kube-prometheus/Chart.lock b/bitnami/kube-prometheus/Chart.lock index 7c17e1371ee214..ad8bd235dac665 100644 --- a/bitnami/kube-prometheus/Chart.lock +++ b/bitnami/kube-prometheus/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: node-exporter repository: oci://registry-1.docker.io/bitnamicharts - version: 3.12.2 + version: 3.13.1 - name: kube-state-metrics repository: oci://registry-1.docker.io/bitnamicharts - version: 3.11.4 + version: 3.13.3 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:03226dea58a8d6fe728130d472a78a32dd268917f3ffc5b126ac20fcd3f97877 -generated: "2024-02-14T15:16:22.230240011+01:00" + version: 2.16.1 +digest: sha256:9d0807a3a105c14df433deafcafb4af7b6a2f8afffe3b442f80610181118cbb4 +generated: "2024-02-21T14:27:40.204586936Z" diff --git a/bitnami/kube-prometheus/Chart.yaml b/bitnami/kube-prometheus/Chart.yaml index 1dfb2d6c4905bc..e632204e090741 100644 --- a/bitnami/kube-prometheus/Chart.yaml +++ b/bitnami/kube-prometheus/Chart.yaml @@ -6,15 +6,15 @@ annotations: licenses: Apache-2.0 images: | - name: alertmanager - image: docker.io/bitnami/alertmanager:0.26.0-debian-11-r54 + image: docker.io/bitnami/alertmanager:0.26.0-debian-12-r25 - name: blackbox-exporter - image: docker.io/bitnami/blackbox-exporter:0.24.0-debian-11-r150 - - name: prometheus-operator - image: docker.io/bitnami/prometheus-operator:0.71.2-debian-11-r4 + image: docker.io/bitnami/blackbox-exporter:0.24.0-debian-12-r23 - name: prometheus - image: docker.io/bitnami/prometheus:2.49.1-debian-11-r6 + image: docker.io/bitnami/prometheus:2.49.1-debian-12-r8 + - name: prometheus-operator + image: docker.io/bitnami/prometheus-operator:0.71.2-debian-12-r6 - name: thanos - image: docker.io/bitnami/thanos:0.34.0-debian-11-r3 + image: docker.io/bitnami/thanos:0.34.0-debian-12-r4 apiVersion: v2 appVersion: 0.71.2 dependencies: @@ -46,4 +46,4 @@ maintainers: name: kube-prometheus sources: - https://github.com/bitnami/charts/tree/main/bitnami/kube-prometheus -version: 8.28.0 +version: 8.28.1 diff --git a/bitnami/kube-prometheus/values.yaml b/bitnami/kube-prometheus/values.yaml index 6d984f22f0a50d..33caceecbea4dd 100644 --- a/bitnami/kube-prometheus/values.yaml +++ b/bitnami/kube-prometheus/values.yaml @@ -64,7 +64,7 @@ operator: image: registry: docker.io repository: bitnami/prometheus-operator - tag: 0.71.2-debian-11-r4 + tag: 0.71.2-debian-12-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -609,7 +609,7 @@ prometheus: image: registry: docker.io repository: bitnami/prometheus - tag: 2.49.1-debian-11-r6 + tag: 2.49.1-debian-12-r8 digest: "" ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -1365,7 +1365,7 @@ prometheus: image: registry: docker.io repository: bitnami/thanos - tag: 0.34.0-debian-11-r3 + tag: 0.34.0-debian-12-r4 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -1776,7 +1776,7 @@ alertmanager: image: registry: docker.io repository: bitnami/alertmanager - tag: 0.26.0-debian-11-r54 + tag: 0.26.0-debian-12-r25 digest: "" ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -2459,7 +2459,7 @@ blackboxExporter: image: registry: docker.io repository: bitnami/blackbox-exporter - tag: 0.24.0-debian-11-r150 + tag: 0.24.0-debian-12-r23 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From e2ede51f3c4c449ee7ff9e6e82a4eae26f6b6400 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:08:36 +0100 Subject: [PATCH 086/129] [bitnami/redmine] Release 26.5.1 updating components versions (#23693) Signed-off-by: Bitnami Containers --- bitnami/redmine/Chart.lock | 10 +++++----- bitnami/redmine/Chart.yaml | 6 +++--- bitnami/redmine/values.yaml | 4 ++-- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/redmine/Chart.lock b/bitnami/redmine/Chart.lock index fc85d85b7de715..b3954ecf4ab6a1 100644 --- a/bitnami/redmine/Chart.lock +++ b/bitnami/redmine/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.4 + version: 13.4.6 - name: mariadb repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.2 + version: 15.2.3 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:2569f9410bbe01ddfbe8426faa0bbfc1f8f03d13f4aedb987f3cddeb0183a10e -generated: "2024-02-14T16:02:15.543134595+01:00" + version: 2.16.1 +digest: sha256:387470d14a95f24121f5e6e15d2a19a9dfb5a8725e198cba8f40ff5fb9eb4706 +generated: "2024-02-21T14:31:03.679817633Z" diff --git a/bitnami/redmine/Chart.yaml b/bitnami/redmine/Chart.yaml index 00f541cc48721d..8839c68d64869b 100644 --- a/bitnami/redmine/Chart.yaml +++ b/bitnami/redmine/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: redmine - image: docker.io/bitnami/redmine:5.1.1-debian-11-r9 + image: docker.io/bitnami/redmine:5.1.1-debian-12-r1 apiVersion: v2 appVersion: 5.1.1 dependencies: @@ -43,4 +43,4 @@ maintainers: name: redmine sources: - https://github.com/bitnami/charts/tree/main/bitnami/redmine -version: 26.5.0 +version: 26.5.1 diff --git a/bitnami/redmine/values.yaml b/bitnami/redmine/values.yaml index 678169f4e5a73b..9452f45965e833 100644 --- a/bitnami/redmine/values.yaml +++ b/bitnami/redmine/values.yaml @@ -74,7 +74,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/redmine - tag: 5.1.1-debian-11-r9 + tag: 5.1.1-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -972,7 +972,7 @@ certificates: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 1a625c51a3609d6b9d80916ea71cd72f3ae30fea Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:08:56 +0100 Subject: [PATCH 087/129] [bitnami/nginx-ingress-controller] Release 10.5.1 updating components versions (#23674) Signed-off-by: Bitnami Containers --- bitnami/nginx-ingress-controller/Chart.lock | 6 +++--- bitnami/nginx-ingress-controller/Chart.yaml | 8 ++++---- bitnami/nginx-ingress-controller/values.yaml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bitnami/nginx-ingress-controller/Chart.lock b/bitnami/nginx-ingress-controller/Chart.lock index b12a3be2a60ebb..5f2e4f1420ca87 100644 --- a/bitnami/nginx-ingress-controller/Chart.lock +++ b/bitnami/nginx-ingress-controller/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:40:38.320549804+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:23:13.592729742Z" diff --git a/bitnami/nginx-ingress-controller/Chart.yaml b/bitnami/nginx-ingress-controller/Chart.yaml index f01720658be3f8..13a98526c73297 100644 --- a/bitnami/nginx-ingress-controller/Chart.yaml +++ b/bitnami/nginx-ingress-controller/Chart.yaml @@ -5,10 +5,10 @@ annotations: category: Infrastructure licenses: Apache-2.0 images: | - - name: nginx-ingress-controller - image: docker.io/bitnami/nginx-ingress-controller:1.9.6-debian-11-r6 - name: nginx - image: docker.io/bitnami/nginx:1.25.3-debian-11-r7 + image: docker.io/bitnami/nginx:1.25.4-debian-12-r1 + - name: nginx-ingress-controller + image: docker.io/bitnami/nginx-ingress-controller:1.9.6-debian-12-r7 apiVersion: v2 appVersion: 1.9.6 dependencies: @@ -34,4 +34,4 @@ maintainers: name: nginx-ingress-controller sources: - https://github.com/bitnami/charts/tree/main/bitnami/nginx-ingress-controller -version: 10.5.0 +version: 10.5.1 diff --git a/bitnami/nginx-ingress-controller/values.yaml b/bitnami/nginx-ingress-controller/values.yaml index 8e08f5c5ddf6d5..33abbebce5a36d 100644 --- a/bitnami/nginx-ingress-controller/values.yaml +++ b/bitnami/nginx-ingress-controller/values.yaml @@ -56,7 +56,7 @@ clusterDomain: cluster.local image: registry: docker.io repository: bitnami/nginx-ingress-controller - tag: 1.9.6-debian-11-r6 + tag: 1.9.6-debian-12-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -506,7 +506,7 @@ defaultBackend: image: registry: docker.io repository: bitnami/nginx - tag: 1.25.3-debian-11-r7 + tag: 1.25.4-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 0d6aa107ac3fd6cbb394101f5a743ba66178bf06 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:08:58 +0100 Subject: [PATCH 088/129] [bitnami/wildfly] Release 18.3.1 updating components versions (#23700) Signed-off-by: Bitnami Containers --- bitnami/wildfly/Chart.lock | 6 +++--- bitnami/wildfly/Chart.yaml | 6 +++--- bitnami/wildfly/values.yaml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bitnami/wildfly/Chart.lock b/bitnami/wildfly/Chart.lock index 89bf4a28738068..09d096c759e9c9 100644 --- a/bitnami/wildfly/Chart.lock +++ b/bitnami/wildfly/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T16:16:53.924456594+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:34:21.561750704Z" diff --git a/bitnami/wildfly/Chart.yaml b/bitnami/wildfly/Chart.yaml index 9a0460fb06d06b..6a33573e8f4790 100644 --- a/bitnami/wildfly/Chart.yaml +++ b/bitnami/wildfly/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: wildfly - image: docker.io/bitnami/wildfly:31.0.0-debian-11-r1 + image: docker.io/bitnami/wildfly:31.0.0-debian-12-r4 apiVersion: v2 appVersion: 31.0.0 dependencies: @@ -33,4 +33,4 @@ maintainers: name: wildfly sources: - https://github.com/bitnami/charts/tree/main/bitnami/wildfly -version: 18.3.0 +version: 18.3.1 diff --git a/bitnami/wildfly/values.yaml b/bitnami/wildfly/values.yaml index f3c7fbf9b24b89..f5bfc6207cc66c 100644 --- a/bitnami/wildfly/values.yaml +++ b/bitnami/wildfly/values.yaml @@ -70,7 +70,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/wildfly - tag: 31.0.0-debian-11-r1 + tag: 31.0.0-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -722,7 +722,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 3412f8001d3b1518a69532ad6f323bd0dcead677 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:09:41 +0100 Subject: [PATCH 089/129] [bitnami/spark] Release 8.7.1 updating components versions (#23695) Signed-off-by: Bitnami Containers --- bitnami/spark/Chart.lock | 6 +++--- bitnami/spark/Chart.yaml | 4 ++-- bitnami/spark/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/spark/Chart.lock b/bitnami/spark/Chart.lock index ac4f98ed6bf09f..028ab9a338ae54 100644 --- a/bitnami/spark/Chart.lock +++ b/bitnami/spark/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T16:07:29.505476981+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:32:40.387467704Z" diff --git a/bitnami/spark/Chart.yaml b/bitnami/spark/Chart.yaml index 7a5045f1f08f7a..9b9409c058000f 100644 --- a/bitnami/spark/Chart.yaml +++ b/bitnami/spark/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: spark - image: docker.io/bitnami/spark:3.5.0-debian-11-r22 + image: docker.io/bitnami/spark:3.5.0-debian-12-r16 apiVersion: v2 appVersion: 3.5.0 dependencies: @@ -27,4 +27,4 @@ maintainers: name: spark sources: - https://github.com/bitnami/charts/tree/main/bitnami/spark -version: 8.7.0 +version: 8.7.1 diff --git a/bitnami/spark/values.yaml b/bitnami/spark/values.yaml index a173ae9ff560e5..444f824658130a 100644 --- a/bitnami/spark/values.yaml +++ b/bitnami/spark/values.yaml @@ -93,7 +93,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/spark - tag: 3.5.0-debian-11-r22 + tag: 3.5.0-debian-12-r16 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From fb2750cc7e3a217bf585f4a763083fe235d09539 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:09:57 +0100 Subject: [PATCH 090/129] [bitnami/schema-registry] Release 16.9.1 updating components versions (#23694) Signed-off-by: Bitnami Containers --- bitnami/schema-registry/Chart.lock | 8 ++++---- bitnami/schema-registry/Chart.yaml | 4 ++-- bitnami/schema-registry/values.yaml | 2 +- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/bitnami/schema-registry/Chart.lock b/bitnami/schema-registry/Chart.lock index b37d7b99508fbc..cb7b633312160f 100644 --- a/bitnami/schema-registry/Chart.lock +++ b/bitnami/schema-registry/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: kafka repository: oci://registry-1.docker.io/bitnamicharts - version: 26.8.4 + version: 26.11.1 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:7e060954dc9147cde095c7bf1801ac5a975c57ae12ad151b929d6644d7f7c4f8 -generated: "2024-02-14T16:03:19.101010347+01:00" + version: 2.16.1 +digest: sha256:a29e160b6bfebf2b84efa10ba991339f70f46602a3ee0b0b1a4c81ab0fc5f736 +generated: "2024-02-21T14:31:10.502936339Z" diff --git a/bitnami/schema-registry/Chart.yaml b/bitnami/schema-registry/Chart.yaml index b9d763b42e02ea..f47f8696920d04 100644 --- a/bitnami/schema-registry/Chart.yaml +++ b/bitnami/schema-registry/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: schema-registry - image: docker.io/bitnami/schema-registry:7.5.3-debian-11-r3 + image: docker.io/bitnami/schema-registry:7.5.3-debian-12-r8 apiVersion: v2 appVersion: 7.5.3 dependencies: @@ -34,4 +34,4 @@ maintainers: name: schema-registry sources: - https://github.com/bitnami/charts/tree/main/bitnami/schema-registry -version: 16.9.0 +version: 16.9.1 diff --git a/bitnami/schema-registry/values.yaml b/bitnami/schema-registry/values.yaml index 6db5336eff4dbf..560a0a4d1c7e92 100644 --- a/bitnami/schema-registry/values.yaml +++ b/bitnami/schema-registry/values.yaml @@ -69,7 +69,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/schema-registry - tag: 7.5.3-debian-11-r17 + tag: 7.5.3-debian-12-r8 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images From 146e37b27e2572239ce7e4295e7bf7c1897e075e Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:10:02 +0100 Subject: [PATCH 091/129] [bitnami/tensorflow-resnet] Release 3.16.1 updating components versions (#23698) Signed-off-by: Bitnami Containers --- bitnami/tensorflow-resnet/Chart.lock | 6 +++--- bitnami/tensorflow-resnet/Chart.yaml | 6 +++--- bitnami/tensorflow-resnet/values.yaml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bitnami/tensorflow-resnet/Chart.lock b/bitnami/tensorflow-resnet/Chart.lock index 4a29ed58ae282b..18e03de1f0cca6 100644 --- a/bitnami/tensorflow-resnet/Chart.lock +++ b/bitnami/tensorflow-resnet/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T16:12:22.100146565+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:32:57.394521496Z" diff --git a/bitnami/tensorflow-resnet/Chart.yaml b/bitnami/tensorflow-resnet/Chart.yaml index f9ca661e537409..e79848e2c26914 100644 --- a/bitnami/tensorflow-resnet/Chart.yaml +++ b/bitnami/tensorflow-resnet/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: tensorflow-resnet - image: docker.io/bitnami/tensorflow-resnet:2.14.1-debian-11-r8 + image: docker.io/bitnami/tensorflow-resnet:2.14.1-debian-12-r12 - name: tensorflow-serving - image: docker.io/bitnami/tensorflow-serving:2.14.1-debian-11-r6 + image: docker.io/bitnami/tensorflow-serving:2.14.1-debian-12-r7 apiVersion: v2 appVersion: 2.14.1 dependencies: @@ -33,4 +33,4 @@ maintainers: name: tensorflow-resnet sources: - https://github.com/bitnami/charts/tree/main/bitnami/tensorflow-resnet -version: 3.16.0 +version: 3.16.1 diff --git a/bitnami/tensorflow-resnet/values.yaml b/bitnami/tensorflow-resnet/values.yaml index 20765f3efa7835..e1f182c86a5ed7 100644 --- a/bitnami/tensorflow-resnet/values.yaml +++ b/bitnami/tensorflow-resnet/values.yaml @@ -65,7 +65,7 @@ server: image: registry: docker.io repository: bitnami/tensorflow-serving - tag: 2.14.1-debian-11-r6 + tag: 2.14.1-debian-12-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -93,7 +93,7 @@ client: image: registry: docker.io repository: bitnami/tensorflow-resnet - tag: 2.14.1-debian-11-r8 + tag: 2.14.1-debian-12-r12 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From afb1c808094a8c7cea7ff30e9ee977732b0f9e96 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:25:20 +0100 Subject: [PATCH 092/129] [bitnami/logstash] Release 5.11.1 updating components versions (#23717) Signed-off-by: Bitnami Containers --- bitnami/logstash/Chart.lock | 6 +++--- bitnami/logstash/Chart.yaml | 6 +++--- bitnami/logstash/values.yaml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bitnami/logstash/Chart.lock b/bitnami/logstash/Chart.lock index 44da649ec93717..249d90a0550f82 100644 --- a/bitnami/logstash/Chart.lock +++ b/bitnami/logstash/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:19:55.430445697+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:45:43.349221992Z" diff --git a/bitnami/logstash/Chart.yaml b/bitnami/logstash/Chart.yaml index c33bc5a4883c99..3b65dbd4dcbfa5 100644 --- a/bitnami/logstash/Chart.yaml +++ b/bitnami/logstash/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: logstash - image: docker.io/bitnami/logstash:8.12.1-debian-11-r2 + image: docker.io/bitnami/logstash:8.12.1-debian-12-r4 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 8.12.1 dependencies: @@ -30,4 +30,4 @@ maintainers: name: logstash sources: - https://github.com/bitnami/charts/tree/main/bitnami/logstash -version: 5.11.0 +version: 5.11.1 diff --git a/bitnami/logstash/values.yaml b/bitnami/logstash/values.yaml index 2cfb38d0fe2325..4ff2887ce6db0e 100644 --- a/bitnami/logstash/values.yaml +++ b/bitnami/logstash/values.yaml @@ -70,7 +70,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/logstash - tag: 8.12.1-debian-11-r2 + tag: 8.12.1-debian-12-r4 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -619,7 +619,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From c653efa18449dbba3f5ba7b64fd20d94099e0321 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:25:58 +0100 Subject: [PATCH 093/129] [bitnami/whereabouts] Release 0.12.1 updating components versions (#23713) Signed-off-by: Bitnami Containers --- bitnami/whereabouts/Chart.lock | 6 +++--- bitnami/whereabouts/Chart.yaml | 4 ++-- bitnami/whereabouts/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/whereabouts/Chart.lock b/bitnami/whereabouts/Chart.lock index 5c64f750b00daa..64e6ddc453b59d 100644 --- a/bitnami/whereabouts/Chart.lock +++ b/bitnami/whereabouts/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T16:16:23.964082908+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:40:12.2681729Z" diff --git a/bitnami/whereabouts/Chart.yaml b/bitnami/whereabouts/Chart.yaml index 5d806c6344f00c..3e043e448cc1fa 100644 --- a/bitnami/whereabouts/Chart.yaml +++ b/bitnami/whereabouts/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: whereabouts - image: docker.io/bitnami/whereabouts:0.6.3-debian-11-r6 + image: docker.io/bitnami/whereabouts:0.6.3-debian-12-r8 apiVersion: v2 appVersion: 0.6.3 dependencies: @@ -29,4 +29,4 @@ maintainers: name: whereabouts sources: - https://github.com/bitnami/charts/tree/main/bitnami/whereabouts -version: 0.12.0 +version: 0.12.1 diff --git a/bitnami/whereabouts/values.yaml b/bitnami/whereabouts/values.yaml index 26c7b5d4d2ffe9..9b33393cfe55d5 100644 --- a/bitnami/whereabouts/values.yaml +++ b/bitnami/whereabouts/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/whereabouts - tag: 0.6.3-debian-11-r6 + tag: 0.6.3-debian-12-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From e2491f9a573e99bd53cc716a532b0bc77b51a30a Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:26:40 +0100 Subject: [PATCH 094/129] [bitnami/thanos] Release 13.2.1 updating components versions (#23699) Signed-off-by: Bitnami Containers --- bitnami/thanos/Chart.lock | 6 +++--- bitnami/thanos/Chart.yaml | 6 +++--- bitnami/thanos/values.yaml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bitnami/thanos/Chart.lock b/bitnami/thanos/Chart.lock index e5ae418bb870d3..2d6a021866ffd3 100644 --- a/bitnami/thanos/Chart.lock +++ b/bitnami/thanos/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 12.13.2 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:8fadb122dde78581ef5d3aee4ed0ad1d7b3e9f8d1812bbc17f90825679726862 -generated: "2024-02-14T16:13:14.648039895+01:00" + version: 2.16.1 +digest: sha256:8320fafa9a415c17d2af458c983e44759976fdebf585a86fed7cac15817bb55f +generated: "2024-02-21T14:34:18.900379356Z" diff --git a/bitnami/thanos/Chart.yaml b/bitnami/thanos/Chart.yaml index e959e16b6305ce..0e98a89d6f75b7 100644 --- a/bitnami/thanos/Chart.yaml +++ b/bitnami/thanos/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: thanos - image: docker.io/bitnami/thanos:0.34.0-debian-11-r3 + image: docker.io/bitnami/thanos:0.34.0-debian-12-r4 apiVersion: v2 appVersion: 0.34.0 dependencies: @@ -35,4 +35,4 @@ maintainers: name: thanos sources: - https://github.com/bitnami/charts/tree/main/bitnami/thanos -version: 13.2.0 +version: 13.2.1 diff --git a/bitnami/thanos/values.yaml b/bitnami/thanos/values.yaml index 0cbe4db180c4f4..a557892f677086 100644 --- a/bitnami/thanos/values.yaml +++ b/bitnami/thanos/values.yaml @@ -55,7 +55,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/thanos - tag: 0.34.0-debian-11-r3 + tag: 0.34.0-debian-12-r4 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -4870,7 +4870,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" ## Specify a imagePullPolicy. Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images From 33649be1f7f8f8dd8572f5372cdb331a18da1561 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:30:35 +0100 Subject: [PATCH 095/129] [bitnami/mariadb-galera] Release 11.6.1 updating components versions (#23720) Signed-off-by: Bitnami Containers --- bitnami/mariadb-galera/Chart.lock | 6 +++--- bitnami/mariadb-galera/Chart.yaml | 6 +++--- bitnami/mariadb-galera/values.yaml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bitnami/mariadb-galera/Chart.lock b/bitnami/mariadb-galera/Chart.lock index 1910072aaf4709..5f5668122080d2 100644 --- a/bitnami/mariadb-galera/Chart.lock +++ b/bitnami/mariadb-galera/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:23:45.325254714+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:46:14.444970794Z" diff --git a/bitnami/mariadb-galera/Chart.yaml b/bitnami/mariadb-galera/Chart.yaml index 7f902cb1aef7ee..e6962533317ceb 100644 --- a/bitnami/mariadb-galera/Chart.yaml +++ b/bitnami/mariadb-galera/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: mariadb-galera - image: docker.io/bitnami/mariadb-galera:11.2.3-debian-11-r1 + image: docker.io/bitnami/mariadb-galera:11.2.3-debian-12-r3 - name: mysqld-exporter - image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-11-r6 + image: docker.io/bitnami/mysqld-exporter:0.15.1-debian-12-r7 apiVersion: v2 appVersion: 11.2.3 dependencies: @@ -33,4 +33,4 @@ maintainers: name: mariadb-galera sources: - https://github.com/bitnami/charts/tree/main/bitnami/mariadb-galera -version: 11.6.0 +version: 11.6.1 diff --git a/bitnami/mariadb-galera/values.yaml b/bitnami/mariadb-galera/values.yaml index 863e02e32cd387..1637c5cd808af4 100644 --- a/bitnami/mariadb-galera/values.yaml +++ b/bitnami/mariadb-galera/values.yaml @@ -77,7 +77,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mariadb-galera - tag: 11.2.3-debian-11-r16 + tag: 11.2.3-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -873,7 +873,7 @@ metrics: image: registry: docker.io repository: bitnami/mysqld-exporter - tag: 0.15.1-debian-11-r6 + tag: 0.15.1-debian-12-r7 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets (secrets must be manually created in the namespace) From 3054892babd88c631d03eaf46f066eae4c805a0c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Wed, 21 Feb 2024 16:30:55 +0100 Subject: [PATCH 096/129] [bitnami/redis] feat: :sparkles: :lock: Add readOnlyRootFilesystem support (#23622) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [bitnami/redis] feat: :sparkles: :lock: Add readOnlyRootFilesystem support Signed-off-by: Javier Salmeron Garcia * chore: :wrench: Bump chart version Signed-off-by: Javier Salmeron Garcia --------- Signed-off-by: Javier Salmeron Garcia Signed-off-by: Javier J. Salmerón-García --- bitnami/redis/Chart.yaml | 2 +- bitnami/redis/README.md | 4 +++ .../redis/templates/master/application.yaml | 29 ++++++++--------- .../redis/templates/replicas/application.yaml | 17 ++++++++-- .../redis/templates/sentinel/statefulset.yaml | 32 ++++++++++--------- bitnami/redis/values.yaml | 20 +++++++----- 6 files changed, 63 insertions(+), 41 deletions(-) diff --git a/bitnami/redis/Chart.yaml b/bitnami/redis/Chart.yaml index b1fcdacc23e9fd..91e04dc3d301ce 100644 --- a/bitnami/redis/Chart.yaml +++ b/bitnami/redis/Chart.yaml @@ -34,4 +34,4 @@ maintainers: name: redis sources: - https://github.com/bitnami/charts/tree/main/bitnami/redis -version: 18.15.1 +version: 18.16.0 diff --git a/bitnami/redis/README.md b/bitnami/redis/README.md index 85dbf6dd183d33..28ba76b681e651 100644 --- a/bitnami/redis/README.md +++ b/bitnami/redis/README.md @@ -173,6 +173,7 @@ The command removes all the Kubernetes components associated with the chart and | `master.containerSecurityContext.runAsGroup` | Set Redis® master containers' Security Context runAsGroup | `0` | | `master.containerSecurityContext.runAsNonRoot` | Set Redis® master containers' Security Context runAsNonRoot | `true` | | `master.containerSecurityContext.allowPrivilegeEscalation` | Is it possible to escalate Redis® pod(s) privileges | `false` | +| `master.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `false` | | `master.containerSecurityContext.seccompProfile.type` | Set Redis® master containers' Security Context seccompProfile | `RuntimeDefault` | | `master.containerSecurityContext.capabilities.drop` | Set Redis® master containers' Security Context capabilities to drop | `["ALL"]` | | `master.kind` | Use either Deployment, StatefulSet (default) or DaemonSet | `StatefulSet` | @@ -292,6 +293,7 @@ The command removes all the Kubernetes components associated with the chart and | `replica.containerSecurityContext.runAsGroup` | Set Redis® replicas containers' Security Context runAsGroup | `0` | | `replica.containerSecurityContext.runAsNonRoot` | Set Redis® replicas containers' Security Context runAsNonRoot | `true` | | `replica.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® replicas pod's Security Context allowPrivilegeEscalation | `false` | +| `replica.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `false` | | `replica.containerSecurityContext.seccompProfile.type` | Set Redis® replicas containers' Security Context seccompProfile | `RuntimeDefault` | | `replica.containerSecurityContext.capabilities.drop` | Set Redis® replicas containers' Security Context capabilities to drop | `["ALL"]` | | `replica.schedulerName` | Alternate scheduler for Redis® replicas pods | `""` | @@ -434,6 +436,7 @@ The command removes all the Kubernetes components associated with the chart and | `sentinel.containerSecurityContext.runAsUser` | Set Redis® Sentinel containers' Security Context runAsUser | `1001` | | `sentinel.containerSecurityContext.runAsGroup` | Set Redis® Sentinel containers' Security Context runAsGroup | `0` | | `sentinel.containerSecurityContext.runAsNonRoot` | Set Redis® Sentinel containers' Security Context runAsNonRoot | `true` | +| `sentinel.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `false` | | `sentinel.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® Sentinel containers' Security Context allowPrivilegeEscalation | `false` | | `sentinel.containerSecurityContext.seccompProfile.type` | Set Redis® Sentinel containers' Security Context seccompProfile | `RuntimeDefault` | | `sentinel.containerSecurityContext.capabilities.drop` | Set Redis® Sentinel containers' Security Context capabilities to drop | `["ALL"]` | @@ -535,6 +538,7 @@ The command removes all the Kubernetes components associated with the chart and | `metrics.containerSecurityContext.runAsGroup` | Set Redis® exporter containers' Security Context runAsGroup | `0` | | `metrics.containerSecurityContext.runAsNonRoot` | Set Redis® exporter containers' Security Context runAsNonRoot | `true` | | `metrics.containerSecurityContext.allowPrivilegeEscalation` | Set Redis® exporter containers' Security Context allowPrivilegeEscalation | `false` | +| `metrics.containerSecurityContext.readOnlyRootFilesystem` | Set container's Security Context read-only root filesystem | `false` | | `metrics.containerSecurityContext.seccompProfile.type` | Set Redis® exporter containers' Security Context seccompProfile | `RuntimeDefault` | | `metrics.containerSecurityContext.capabilities.drop` | Set Redis® exporter containers' Security Context capabilities to drop | `["ALL"]` | | `metrics.extraVolumes` | Optionally specify extra list of additional volumes for the Redis® metrics sidecar | `[]` | diff --git a/bitnami/redis/templates/master/application.yaml b/bitnami/redis/templates/master/application.yaml index 9e76369674ee21..82cb97b0c20c59 100644 --- a/bitnami/redis/templates/master/application.yaml +++ b/bitnami/redis/templates/master/application.yaml @@ -247,10 +247,12 @@ spec: {{- end }} - name: config mountPath: /opt/bitnami/redis/mounted-etc - - name: redis-tmp-conf + - name: empty-dir mountPath: /opt/bitnami/redis/etc/ - - name: tmp + subPath: app-conf-dir + - name: empty-dir mountPath: /tmp + subPath: tmp-dir {{- if .Values.tls.enabled }} - name: redis-certificates mountPath: /opt/bitnami/redis/certs @@ -347,6 +349,9 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: app-tmp-dir {{- if .Values.auth.usePasswordFiles }} - name: redis-password mountPath: /secrets/ @@ -393,6 +398,9 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir - name: redis-data mountPath: {{ .Values.master.persistence.path }} {{- if .Values.master.persistence.subPath }} @@ -418,6 +426,9 @@ spec: {{- end }} {{- if .Values.sysctl.mountHostSys }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir - name: host-sys mountPath: /host-sys {{- end }} @@ -448,19 +459,7 @@ spec: hostPath: path: /sys {{- end }} - - name: redis-tmp-conf - {{- if or .Values.master.persistence.medium .Values.master.persistence.sizeLimit }} - emptyDir: - {{- if .Values.master.persistence.medium }} - medium: {{ .Values.master.persistence.medium | quote }} - {{- end }} - {{- if .Values.master.persistence.sizeLimit }} - sizeLimit: {{ .Values.master.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - - name: tmp + - name: empty-dir {{- if or .Values.master.persistence.medium .Values.master.persistence.sizeLimit }} emptyDir: {{- if .Values.master.persistence.medium }} diff --git a/bitnami/redis/templates/replicas/application.yaml b/bitnami/redis/templates/replicas/application.yaml index ba02686c5b8ca8..8ad0c6afca077a 100644 --- a/bitnami/redis/templates/replicas/application.yaml +++ b/bitnami/redis/templates/replicas/application.yaml @@ -267,8 +267,12 @@ spec: {{- end }} - name: config mountPath: /opt/bitnami/redis/mounted-etc - - name: redis-tmp-conf + - name: empty-dir mountPath: /opt/bitnami/redis/etc + subPath: app-conf-dir + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- if .Values.tls.enabled }} - name: redis-certificates mountPath: /opt/bitnami/redis/certs @@ -365,6 +369,9 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- if .Values.auth.usePasswordFiles }} - name: redis-password mountPath: /secrets/ @@ -411,6 +418,9 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir - name: redis-data mountPath: {{ .Values.replica.persistence.path }} {{- if .Values.replica.persistence.subPath }} @@ -436,6 +446,9 @@ spec: {{- end }} {{- if .Values.sysctl.mountHostSys }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir - name: host-sys mountPath: /host-sys {{- end }} @@ -466,7 +479,7 @@ spec: hostPath: path: /sys {{- end }} - - name: redis-tmp-conf + - name: empty-dir {{- if or .Values.replica.persistence.medium .Values.replica.persistence.sizeLimit }} emptyDir: {{- if .Values.replica.persistence.medium }} diff --git a/bitnami/redis/templates/sentinel/statefulset.yaml b/bitnami/redis/templates/sentinel/statefulset.yaml index 2806898a934f92..b4164a7b2dd881 100644 --- a/bitnami/redis/templates/sentinel/statefulset.yaml +++ b/bitnami/redis/templates/sentinel/statefulset.yaml @@ -295,10 +295,12 @@ spec: {{- end }} - name: config mountPath: /opt/bitnami/redis/mounted-etc - - name: redis-tmp-conf + - name: empty-dir mountPath: /opt/bitnami/redis/etc - - name: tmp + subPath: app-conf-dir + - name: empty-dir mountPath: /tmp + subPath: tmp-dir {{- if .Values.tls.enabled }} - name: redis-certificates mountPath: /opt/bitnami/redis/certs @@ -455,6 +457,9 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.sentinel.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir - name: start-scripts mountPath: /opt/bitnami/scripts/start-scripts - name: health @@ -568,6 +573,9 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.metrics.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir {{- if .Values.auth.usePasswordFiles }} - name: redis-password mountPath: /secrets/ @@ -614,6 +622,9 @@ spec: resources: {{- include "common.resources.preset" (dict "type" .Values.volumePermissions.resourcesPreset) | nindent 12 }} {{- end }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir - name: redis-data mountPath: {{ .Values.replica.persistence.path }} {{- if .Values.replica.persistence.subPath }} @@ -639,6 +650,9 @@ spec: {{- end }} {{- if .Values.sysctl.mountHostSys }} volumeMounts: + - name: empty-dir + mountPath: /tmp + subPath: tmp-dir - name: host-sys mountPath: /host-sys {{- end }} @@ -683,19 +697,7 @@ spec: emptyDir: {} {{- end }} {{- end }} - - name: redis-tmp-conf - {{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }} - emptyDir: - {{- if .Values.sentinel.persistence.medium }} - medium: {{ .Values.sentinel.persistence.medium | quote }} - {{- end }} - {{- if .Values.sentinel.persistence.sizeLimit }} - sizeLimit: {{ .Values.sentinel.persistence.sizeLimit | quote }} - {{- end }} - {{- else }} - emptyDir: {} - {{- end }} - - name: tmp + - name: empty-dir {{- if or .Values.sentinel.persistence.medium .Values.sentinel.persistence.sizeLimit }} emptyDir: {{- if .Values.sentinel.persistence.medium }} diff --git a/bitnami/redis/values.yaml b/bitnami/redis/values.yaml index 65ae7ac5709b8b..98c18705ec8550 100644 --- a/bitnami/redis/values.yaml +++ b/bitnami/redis/values.yaml @@ -297,6 +297,7 @@ master: ## @param master.containerSecurityContext.runAsGroup Set Redis® master containers' Security Context runAsGroup ## @param master.containerSecurityContext.runAsNonRoot Set Redis® master containers' Security Context runAsNonRoot ## @param master.containerSecurityContext.allowPrivilegeEscalation Is it possible to escalate Redis® pod(s) privileges + ## @param master.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem ## @param master.containerSecurityContext.seccompProfile.type Set Redis® master containers' Security Context seccompProfile ## @param master.containerSecurityContext.capabilities.drop Set Redis® master containers' Security Context capabilities to drop ## @@ -307,11 +308,11 @@ master: runAsGroup: 0 runAsNonRoot: true allowPrivilegeEscalation: false + readOnlyRootFilesystem: false seccompProfile: type: RuntimeDefault capabilities: - drop: - - ALL + drop: ["ALL"] ## @param master.kind Use either Deployment, StatefulSet (default) or DaemonSet ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ ## @@ -758,6 +759,7 @@ replica: ## @param replica.containerSecurityContext.runAsGroup Set Redis® replicas containers' Security Context runAsGroup ## @param replica.containerSecurityContext.runAsNonRoot Set Redis® replicas containers' Security Context runAsNonRoot ## @param replica.containerSecurityContext.allowPrivilegeEscalation Set Redis® replicas pod's Security Context allowPrivilegeEscalation + ## @param replica.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem ## @param replica.containerSecurityContext.seccompProfile.type Set Redis® replicas containers' Security Context seccompProfile ## @param replica.containerSecurityContext.capabilities.drop Set Redis® replicas containers' Security Context capabilities to drop ## @@ -768,11 +770,11 @@ replica: runAsGroup: 0 runAsNonRoot: true allowPrivilegeEscalation: false + readOnlyRootFilesystem: false seccompProfile: type: RuntimeDefault capabilities: - drop: - - ALL + drop: ["ALL"] ## @param replica.schedulerName Alternate scheduler for Redis® replicas pods ## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/ ## @@ -1311,6 +1313,7 @@ sentinel: ## @param sentinel.containerSecurityContext.runAsUser Set Redis® Sentinel containers' Security Context runAsUser ## @param sentinel.containerSecurityContext.runAsGroup Set Redis® Sentinel containers' Security Context runAsGroup ## @param sentinel.containerSecurityContext.runAsNonRoot Set Redis® Sentinel containers' Security Context runAsNonRoot + ## @param sentinel.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem ## @param sentinel.containerSecurityContext.allowPrivilegeEscalation Set Redis® Sentinel containers' Security Context allowPrivilegeEscalation ## @param sentinel.containerSecurityContext.seccompProfile.type Set Redis® Sentinel containers' Security Context seccompProfile ## @param sentinel.containerSecurityContext.capabilities.drop Set Redis® Sentinel containers' Security Context capabilities to drop @@ -1322,11 +1325,11 @@ sentinel: runAsGroup: 0 runAsNonRoot: true allowPrivilegeEscalation: false + readOnlyRootFilesystem: false seccompProfile: type: RuntimeDefault capabilities: - drop: - - ALL + drop: ["ALL"] ## @param sentinel.lifecycleHooks for the Redis® sentinel container(s) to automate configuration before or after startup ## lifecycleHooks: {} @@ -1681,6 +1684,7 @@ metrics: ## @param metrics.containerSecurityContext.runAsGroup Set Redis® exporter containers' Security Context runAsGroup ## @param metrics.containerSecurityContext.runAsNonRoot Set Redis® exporter containers' Security Context runAsNonRoot ## @param metrics.containerSecurityContext.allowPrivilegeEscalation Set Redis® exporter containers' Security Context allowPrivilegeEscalation + ## @param metrics.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context read-only root filesystem ## @param metrics.containerSecurityContext.seccompProfile.type Set Redis® exporter containers' Security Context seccompProfile ## @param metrics.containerSecurityContext.capabilities.drop Set Redis® exporter containers' Security Context capabilities to drop ## @@ -1691,11 +1695,11 @@ metrics: runAsGroup: 0 runAsNonRoot: true allowPrivilegeEscalation: false + readOnlyRootFilesystem: false seccompProfile: type: RuntimeDefault capabilities: - drop: - - ALL + drop: ["ALL"] ## @param metrics.extraVolumes Optionally specify extra list of additional volumes for the Redis® metrics sidecar ## extraVolumes: [] From 5d6624637ee9875a678618ba0bc49442b508c391 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:32:34 +0100 Subject: [PATCH 097/129] [bitnami/kibana] Release 10.11.1 updating components versions (#23665) Signed-off-by: Bitnami Containers --- bitnami/kibana/Chart.lock | 6 +++--- bitnami/kibana/Chart.yaml | 6 +++--- bitnami/kibana/values.yaml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bitnami/kibana/Chart.lock b/bitnami/kibana/Chart.lock index 33770d548b81dc..427953309d0058 100644 --- a/bitnami/kibana/Chart.lock +++ b/bitnami/kibana/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:13:02.329613801+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:13:04.669039364Z" diff --git a/bitnami/kibana/Chart.yaml b/bitnami/kibana/Chart.yaml index 670869bac9dd13..78745ef38a7ce2 100644 --- a/bitnami/kibana/Chart.yaml +++ b/bitnami/kibana/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: kibana - image: docker.io/bitnami/kibana:8.12.1-debian-11-r1 + image: docker.io/bitnami/kibana:8.12.1-debian-12-r4 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 8.12.1 dependencies: @@ -32,4 +32,4 @@ maintainers: name: kibana sources: - https://github.com/bitnami/charts/tree/main/bitnami/kibana -version: 10.11.0 +version: 10.11.1 diff --git a/bitnami/kibana/values.yaml b/bitnami/kibana/values.yaml index da08064b8e4313..04e84abb401c65 100644 --- a/bitnami/kibana/values.yaml +++ b/bitnami/kibana/values.yaml @@ -70,7 +70,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/kibana - tag: 8.12.1-debian-11-r1 + tag: 8.12.1-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -195,7 +195,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From e6930c89f4513db43bb5fa4aeac04a045d4a06fa Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:33:03 +0100 Subject: [PATCH 098/129] [bitnami/matomo] Release 5.3.1 updating components versions (#23723) Signed-off-by: Bitnami Containers --- bitnami/matomo/Chart.lock | 8 ++++---- bitnami/matomo/Chart.yaml | 8 ++++---- bitnami/matomo/values.yaml | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/bitnami/matomo/Chart.lock b/bitnami/matomo/Chart.lock index 719e57b9c5d1d8..a64ba78b2f6a84 100644 --- a/bitnami/matomo/Chart.lock +++ b/bitnami/matomo/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: mariadb repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.2 + version: 15.2.3 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:02e9fc30c23cb9cdab4426cd29f465bcdedb599cc3ca71b93a050af21de75a9a -generated: "2024-02-14T15:26:39.668570115+01:00" + version: 2.16.1 +digest: sha256:aa458dbf23d5ef02fcef95f38e53da0a1891b5aa4ca1564c8c057c30a147865a +generated: "2024-02-21T14:51:48.67346942Z" diff --git a/bitnami/matomo/Chart.yaml b/bitnami/matomo/Chart.yaml index a77f967c5060b3..8ccdbe773c44cc 100644 --- a/bitnami/matomo/Chart.yaml +++ b/bitnami/matomo/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: apache-exporter - image: docker.io/bitnami/apache-exporter:1.0.6-debian-11-r1 + image: docker.io/bitnami/apache-exporter:1.0.6-debian-12-r6 - name: matomo - image: docker.io/bitnami/matomo:5.0.2-debian-11-r0 + image: docker.io/bitnami/matomo:5.0.2-debian-12-r3 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 5.0.2 dependencies: @@ -39,4 +39,4 @@ maintainers: name: matomo sources: - https://github.com/bitnami/charts/tree/main/bitnami/matomo -version: 5.3.0 +version: 5.3.1 diff --git a/bitnami/matomo/values.yaml b/bitnami/matomo/values.yaml index ac63fa122aa381..408d190b67d8b8 100644 --- a/bitnami/matomo/values.yaml +++ b/bitnami/matomo/values.yaml @@ -59,7 +59,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/matomo - tag: 5.0.2-debian-11-r0 + tag: 5.0.2-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -702,7 +702,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -753,7 +753,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 1.0.6-debian-11-r1 + tag: 1.0.6-debian-12-r6 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -835,7 +835,7 @@ certificates: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From b415c7eea65959fddc711e87313107ff850f21c4 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:33:04 +0100 Subject: [PATCH 099/129] [bitnami/pinniped] Release 1.10.1 updating components versions (#23679) Signed-off-by: Bitnami Containers --- bitnami/pinniped/Chart.lock | 6 +++--- bitnami/pinniped/Chart.yaml | 4 ++-- bitnami/pinniped/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/pinniped/Chart.lock b/bitnami/pinniped/Chart.lock index b4c8606cb3674d..f5fe78fbc2b1db 100644 --- a/bitnami/pinniped/Chart.lock +++ b/bitnami/pinniped/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:52:01.226724176+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:25:13.312244933Z" diff --git a/bitnami/pinniped/Chart.yaml b/bitnami/pinniped/Chart.yaml index 89ce28af044a66..3979cfbc580f1a 100644 --- a/bitnami/pinniped/Chart.yaml +++ b/bitnami/pinniped/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: pinniped - image: docker.io/bitnami/pinniped:0.28.0-debian-11-r6 + image: docker.io/bitnami/pinniped:0.28.0-debian-12-r8 apiVersion: v2 appVersion: 0.28.0 dependencies: @@ -27,4 +27,4 @@ maintainers: name: pinniped sources: - https://github.com/bitnami/charts/tree/main/bitnami/pinniped -version: 1.10.0 +version: 1.10.1 diff --git a/bitnami/pinniped/values.yaml b/bitnami/pinniped/values.yaml index 5523fab4f1b28b..428a6c4024597e 100644 --- a/bitnami/pinniped/values.yaml +++ b/bitnami/pinniped/values.yaml @@ -58,7 +58,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/pinniped - tag: 0.28.0-debian-11-r6 + tag: 0.28.0-debian-12-r8 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 9442982d1d94b960413d2261f2373b26f6bb2e23 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:33:50 +0100 Subject: [PATCH 100/129] [bitnami/mlflow] Release 0.10.2 updating components versions (#23719) Signed-off-by: Bitnami Containers --- bitnami/mlflow/Chart.lock | 8 ++++---- bitnami/mlflow/Chart.yaml | 8 ++++---- bitnami/mlflow/values.yaml | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/bitnami/mlflow/Chart.lock b/bitnami/mlflow/Chart.lock index cfda55a874c7ac..35d04ae969fe61 100644 --- a/bitnami/mlflow/Chart.lock +++ b/bitnami/mlflow/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 12.13.2 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.4 + version: 13.4.6 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:51b52404204c6eb8c640ce1f584bbd17d42c67474da18d678d50338bcbbc90b0 -generated: "2024-02-14T15:33:26.152717876+01:00" + version: 2.16.1 +digest: sha256:e5a2e72dc8a61c3bff053a6535f7b8fb59314f3e80db48fdb9bf2580915d5b7d +generated: "2024-02-21T14:46:02.942899989Z" diff --git a/bitnami/mlflow/Chart.yaml b/bitnami/mlflow/Chart.yaml index 44f9e7d9807077..3f7b11d846cfb6 100644 --- a/bitnami/mlflow/Chart.yaml +++ b/bitnami/mlflow/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: git - image: docker.io/bitnami/git:2.43.0-debian-11-r9 + image: docker.io/bitnami/git:2.43.2-debian-12-r1 - name: mlflow - image: docker.io/bitnami/mlflow:2.10.2-debian-11-r0 + image: docker.io/bitnami/mlflow:2.10.2-debian-12-r3 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 2.10.2 dependencies: @@ -43,4 +43,4 @@ name: mlflow sources: - https://github.com/bitnami/containers/tree/main/bitnami/mlflow - https://github.com/mlflow/mlflow -version: 0.10.1 +version: 0.10.2 diff --git a/bitnami/mlflow/values.yaml b/bitnami/mlflow/values.yaml index aed485dc7e3404..f76c20971a5495 100644 --- a/bitnami/mlflow/values.yaml +++ b/bitnami/mlflow/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mlflow - tag: 2.10.2-debian-11-r0 + tag: 2.10.2-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -106,7 +106,7 @@ image: gitImage: registry: docker.io repository: bitnami/git - tag: 2.43.0-debian-11-r9 + tag: 2.43.2-debian-12-r1 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1243,7 +1243,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -1292,7 +1292,7 @@ waitContainer: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" ## @param waitContainer.image.pullPolicy Init container wait-container image pull policy ## From 631ffe3a91cf0734664db58cc7f904c3d015d3f3 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:34:01 +0100 Subject: [PATCH 101/129] [bitnami/memcached] Release 6.12.1 updating components versions (#23726) Signed-off-by: Bitnami Containers --- bitnami/memcached/Chart.lock | 6 +++--- bitnami/memcached/Chart.yaml | 8 ++++---- bitnami/memcached/values.yaml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/memcached/Chart.lock b/bitnami/memcached/Chart.lock index 4495b1505a0831..a2a8f05b7d13f1 100644 --- a/bitnami/memcached/Chart.lock +++ b/bitnami/memcached/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:29:03.853076403+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:53:56.287840254Z" diff --git a/bitnami/memcached/Chart.yaml b/bitnami/memcached/Chart.yaml index 17138260c5a0fd..ce5be6ea8446c0 100644 --- a/bitnami/memcached/Chart.yaml +++ b/bitnami/memcached/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: memcached - image: docker.io/bitnami/memcached:1.6.23-debian-11-r17 + image: docker.io/bitnami/memcached:1.6.23-debian-12-r6 - name: memcached-exporter - image: docker.io/bitnami/memcached-exporter:0.14.2-debian-11-r19 + image: docker.io/bitnami/memcached-exporter:0.14.2-debian-12-r9 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r109 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 1.6.23 dependencies: @@ -31,4 +31,4 @@ maintainers: name: memcached sources: - https://github.com/bitnami/charts/tree/main/bitnami/memcached -version: 6.12.0 +version: 6.12.1 diff --git a/bitnami/memcached/values.yaml b/bitnami/memcached/values.yaml index a0ab0b5737e612..e9fff439691536 100644 --- a/bitnami/memcached/values.yaml +++ b/bitnami/memcached/values.yaml @@ -70,7 +70,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/memcached - tag: 1.6.23-debian-11-r17 + tag: 1.6.23-debian-12-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -589,7 +589,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r109 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -644,7 +644,7 @@ metrics: image: registry: docker.io repository: bitnami/memcached-exporter - tag: 0.14.2-debian-11-r19 + tag: 0.14.2-debian-12-r9 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From e22a37d385f6157e935f7fedd28879114cb6c39f Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:36:39 +0100 Subject: [PATCH 102/129] [bitnami/minio] Release 13.6.1 updating components versions (#23727) Signed-off-by: Bitnami Containers --- bitnami/minio/Chart.lock | 6 +++--- bitnami/minio/Chart.yaml | 8 ++++---- bitnami/minio/values.yaml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/minio/Chart.lock b/bitnami/minio/Chart.lock index a1188ae9feb9c1..387f69bd61a967 100644 --- a/bitnami/minio/Chart.lock +++ b/bitnami/minio/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:32:44.293289184+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:55:31.231405106Z" diff --git a/bitnami/minio/Chart.yaml b/bitnami/minio/Chart.yaml index dd933191030dea..7ff2cba939f567 100644 --- a/bitnami/minio/Chart.yaml +++ b/bitnami/minio/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: minio - image: docker.io/bitnami/minio:2024.2.17-debian-11-r0 + image: docker.io/bitnami/minio:2024.2.17-debian-12-r1 - name: minio-client - image: docker.io/bitnami/minio-client:2024.2.16-debian-11-r0 + image: docker.io/bitnami/minio-client:2024.2.16-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r112 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 2024.2.17 dependencies: @@ -34,4 +34,4 @@ maintainers: name: minio sources: - https://github.com/bitnami/charts/tree/main/bitnami/minio -version: 13.6.0 +version: 13.6.1 diff --git a/bitnami/minio/values.yaml b/bitnami/minio/values.yaml index 4c95168dd91636..8dd5da4fa6e271 100644 --- a/bitnami/minio/values.yaml +++ b/bitnami/minio/values.yaml @@ -59,7 +59,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/minio - tag: 2024.2.17-debian-11-r0 + tag: 2024.2.17-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -87,7 +87,7 @@ image: clientImage: registry: docker.io repository: bitnami/minio-client - tag: 2024.2.16-debian-11-r0 + tag: 2024.2.16-debian-12-r1 digest: "" ## @param mode MinIO® server mode (`standalone` or `distributed`) ## ref: https://docs.minio.io/docs/distributed-minio-quickstart-guide @@ -1036,7 +1036,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r112 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 0fdb81cee690425a63e1765ba3138f33a476c89b Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:36:43 +0100 Subject: [PATCH 103/129] [bitnami/metallb] Release 4.14.1 updating components versions (#23724) Signed-off-by: Bitnami Containers --- bitnami/metallb/Chart.lock | 6 +++--- bitnami/metallb/Chart.yaml | 8 ++++---- bitnami/metallb/values.yaml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bitnami/metallb/Chart.lock b/bitnami/metallb/Chart.lock index 2ba14eaf01c3b6..48e2cbd942fd75 100644 --- a/bitnami/metallb/Chart.lock +++ b/bitnami/metallb/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:30:04.851044293+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:52:17.653717485Z" diff --git a/bitnami/metallb/Chart.yaml b/bitnami/metallb/Chart.yaml index c8cf8ba2e6962d..e513802c55c997 100644 --- a/bitnami/metallb/Chart.yaml +++ b/bitnami/metallb/Chart.yaml @@ -5,10 +5,10 @@ annotations: category: Infrastructure licenses: Apache-2.0 images: | - - name: metallb-speaker - image: docker.io/bitnami/metallb-speaker:0.14.3-debian-11-r2 - name: metallb-controller - image: docker.io/bitnami/metallb-controller:0.14.3-debian-11-r3 + image: docker.io/bitnami/metallb-controller:0.14.3-debian-12-r4 + - name: metallb-speaker + image: docker.io/bitnami/metallb-speaker:0.14.3-debian-12-r4 apiVersion: v2 appVersion: 0.14.3 dependencies: @@ -35,4 +35,4 @@ maintainers: name: metallb sources: - https://github.com/bitnami/charts/tree/main/bitnami/metallb -version: 4.14.0 +version: 4.14.1 diff --git a/bitnami/metallb/values.yaml b/bitnami/metallb/values.yaml index f05f822c03729c..bd2dd853d5a402 100644 --- a/bitnami/metallb/values.yaml +++ b/bitnami/metallb/values.yaml @@ -146,7 +146,7 @@ controller: image: registry: docker.io repository: bitnami/metallb-controller - tag: 0.14.3-debian-11-r3 + tag: 0.14.3-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -543,7 +543,7 @@ speaker: image: registry: docker.io repository: bitnami/metallb-speaker - tag: 0.14.3-debian-11-r2 + tag: 0.14.3-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 82c460feb8decbfaab69e3aa8992c002b8c17098 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:39:58 +0100 Subject: [PATCH 104/129] [bitnami/mastodon] Release 4.5.1 updating components versions (#23725) Signed-off-by: Bitnami Containers --- bitnami/mastodon/Chart.lock | 14 +++++++------- bitnami/mastodon/Chart.yaml | 8 ++++---- bitnami/mastodon/values.yaml | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/bitnami/mastodon/Chart.lock b/bitnami/mastodon/Chart.lock index 6c72669adebe6b..2ed5dc3b47e350 100644 --- a/bitnami/mastodon/Chart.lock +++ b/bitnami/mastodon/Chart.lock @@ -1,21 +1,21 @@ dependencies: - name: redis repository: oci://registry-1.docker.io/bitnamicharts - version: 18.13.0 + version: 18.14.2 - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.4 + version: 13.4.6 - name: elasticsearch repository: oci://registry-1.docker.io/bitnamicharts - version: 19.18.0 + version: 19.19.1 - name: minio repository: oci://registry-1.docker.io/bitnamicharts version: 12.13.2 - name: apache repository: oci://registry-1.docker.io/bitnamicharts - version: 10.5.4 + version: 10.6.1 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:de863a85a270ef0927118fd24ebf5cb0e5d147a89d2b5325b723e2b91cd06ad0 -generated: "2024-02-14T15:25:13.061747577+01:00" + version: 2.16.1 +digest: sha256:f6ad7dbf5d379ef6dd1412b1b0018744fe0b917a198242b2b1137434530b29a8 +generated: "2024-02-21T14:53:35.905890327Z" diff --git a/bitnami/mastodon/Chart.yaml b/bitnami/mastodon/Chart.yaml index 0d9e1447a3bebf..a8d1ff8d3d3b92 100644 --- a/bitnami/mastodon/Chart.yaml +++ b/bitnami/mastodon/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: mastodon - image: docker.io/bitnami/mastodon:4.2.5-debian-11-r1 + image: docker.io/bitnami/mastodon:4.2.7-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 -appVersion: 4.2.5 +appVersion: 4.2.7 dependencies: - condition: redis.enabled name: redis @@ -49,4 +49,4 @@ maintainers: name: mastodon sources: - https://github.com/bitnami/charts/tree/main/bitnami/mastodon -version: 4.5.0 +version: 4.5.1 diff --git a/bitnami/mastodon/values.yaml b/bitnami/mastodon/values.yaml index 7f7978d8b1d987..d500d60dc01eb3 100644 --- a/bitnami/mastodon/values.yaml +++ b/bitnami/mastodon/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mastodon - tag: 4.2.5-debian-11-r1 + tag: 4.2.7-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1539,7 +1539,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. From e22a5f08353b195ff9a9e4d88b0c9931046b0183 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:40:23 +0100 Subject: [PATCH 105/129] [bitnami/milvus] Release 5.6.1 updating components versions (#23728) Signed-off-by: Bitnami Containers --- bitnami/milvus/Chart.lock | 10 +++++----- bitnami/milvus/Chart.yaml | 12 ++++++------ bitnami/milvus/values.yaml | 8 ++++---- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/bitnami/milvus/Chart.lock b/bitnami/milvus/Chart.lock index f4b03195c894ca..a3bbeeeb8c5914 100644 --- a/bitnami/milvus/Chart.lock +++ b/bitnami/milvus/Chart.lock @@ -1,15 +1,15 @@ dependencies: - name: etcd repository: oci://registry-1.docker.io/bitnamicharts - version: 9.10.5 + version: 9.14.0 - name: kafka repository: oci://registry-1.docker.io/bitnamicharts - version: 26.8.4 + version: 26.11.1 - name: minio repository: oci://registry-1.docker.io/bitnamicharts version: 12.13.2 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:8dddb9f33688378ef5b560b3b81b4a586fe52d82b86964de9472df3945d6db47 -generated: "2024-02-14T15:32:09.87125637+01:00" + version: 2.16.1 +digest: sha256:68779c51d7d8cdc65ab57ccdfe6c8a71c732a8cadecb366ea2121b419beeda61 +generated: "2024-02-21T14:55:44.25314904Z" diff --git a/bitnami/milvus/Chart.yaml b/bitnami/milvus/Chart.yaml index ff0a821784002b..74318ab5d56244 100644 --- a/bitnami/milvus/Chart.yaml +++ b/bitnami/milvus/Chart.yaml @@ -6,15 +6,15 @@ annotations: licenses: Apache-2.0 images: | - name: attu - image: docker.io/bitnami/attu:2.3.8-debian-11-r0 + image: docker.io/bitnami/attu:2.3.8-debian-12-r4 - name: milvus - image: docker.io/bitnami/milvus:2.3.8-debian-11-r0 + image: docker.io/bitnami/milvus:2.3.9-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: pymilvus - image: docker.io/bitnami/pymilvus:2.3.6-debian-11-r2 + image: docker.io/bitnami/pymilvus:2.3.6-debian-12-r5 apiVersion: v2 -appVersion: 2.3.8 +appVersion: 2.3.9 dependencies: - name: etcd repository: oci://registry-1.docker.io/bitnamicharts @@ -48,4 +48,4 @@ maintainers: name: milvus sources: - https://github.com/bitnami/charts/tree/main/bitnami/milvus -version: 5.6.0 +version: 5.6.1 diff --git a/bitnami/milvus/values.yaml b/bitnami/milvus/values.yaml index 9d0e7c9bbc1fea..0acac103decdb5 100644 --- a/bitnami/milvus/values.yaml +++ b/bitnami/milvus/values.yaml @@ -78,7 +78,7 @@ milvus: image: registry: docker.io repository: bitnami/milvus - tag: 2.3.8-debian-11-r0 + tag: 2.3.9-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -259,7 +259,7 @@ initJob: image: registry: docker.io repository: bitnami/pymilvus - tag: 2.3.6-debian-11-r2 + tag: 2.3.6-debian-12-r5 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -4521,7 +4521,7 @@ attu: image: registry: docker.io repository: bitnami/attu - tag: 2.3.8-debian-11-r0 + tag: 2.3.8-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -5078,7 +5078,7 @@ waitContainer: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" ## @param waitContainer.image.pullPolicy Init container wait-container image pull policy ## From 96c398f7cca8f220ce707e2d15349cbcc74de9af Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:42:13 +0100 Subject: [PATCH 106/129] [bitnami/mongodb] Release 14.11.1 updating components versions (#23730) Signed-off-by: Bitnami Containers --- bitnami/mongodb/Chart.lock | 6 +++--- bitnami/mongodb/Chart.yaml | 14 +++++++------- bitnami/mongodb/values.yaml | 10 +++++----- 3 files changed, 15 insertions(+), 15 deletions(-) diff --git a/bitnami/mongodb/Chart.lock b/bitnami/mongodb/Chart.lock index 13671dbe52e518..44ffcf76f85020 100644 --- a/bitnami/mongodb/Chart.lock +++ b/bitnami/mongodb/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:33:48.230797375+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:57:28.35434212Z" diff --git a/bitnami/mongodb/Chart.yaml b/bitnami/mongodb/Chart.yaml index 5e519a1e55c3ff..3d4671bc19b1f6 100644 --- a/bitnami/mongodb/Chart.yaml +++ b/bitnami/mongodb/Chart.yaml @@ -6,15 +6,15 @@ annotations: licenses: Apache-2.0 images: | - name: kubectl - image: docker.io/bitnami/kubectl:1.29.1-debian-11-r3 - - name: mongodb-exporter - image: docker.io/bitnami/mongodb-exporter:0.40.0-debian-11-r6 + image: docker.io/bitnami/kubectl:1.29.2-debian-12-r1 - name: mongodb - image: docker.io/bitnami/mongodb:7.0.5-debian-11-r6 + image: docker.io/bitnami/mongodb:7.0.5-debian-12-r4 + - name: mongodb-exporter + image: docker.io/bitnami/mongodb-exporter:0.40.0-debian-12-r11 - name: nginx - image: docker.io/bitnami/nginx:1.25.3-debian-11-r7 + image: docker.io/bitnami/nginx:1.25.4-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 7.0.5 dependencies: @@ -39,4 +39,4 @@ maintainers: name: mongodb sources: - https://github.com/bitnami/charts/tree/main/bitnami/mongodb -version: 14.11.0 +version: 14.11.1 diff --git a/bitnami/mongodb/values.yaml b/bitnami/mongodb/values.yaml index 7360b0d1ada737..c2c1cc30d7c529 100644 --- a/bitnami/mongodb/values.yaml +++ b/bitnami/mongodb/values.yaml @@ -120,7 +120,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mongodb - tag: 7.0.5-debian-11-r6 + tag: 7.0.5-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images @@ -246,7 +246,7 @@ tls: image: registry: docker.io repository: bitnami/nginx - tag: 1.25.3-debian-11-r7 + tag: 1.25.4-debian-12-r1 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -832,7 +832,7 @@ externalAccess: image: registry: docker.io repository: bitnami/kubectl - tag: 1.29.1-debian-11-r3 + tag: 1.29.2-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1378,7 +1378,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2172,7 +2172,7 @@ metrics: image: registry: docker.io repository: bitnami/mongodb-exporter - tag: 0.40.0-debian-11-r6 + tag: 0.40.0-debian-12-r11 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From df51210f9df9ad251c0c231b72de60e6786b5dcb Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 16:51:19 +0100 Subject: [PATCH 107/129] [bitnami/mongodb-sharded] Release 7.7.1 updating components versions (#23729) Signed-off-by: Bitnami Containers --- bitnami/mongodb-sharded/Chart.lock | 6 +++--- bitnami/mongodb-sharded/Chart.yaml | 8 ++++---- bitnami/mongodb-sharded/values.yaml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/mongodb-sharded/Chart.lock b/bitnami/mongodb-sharded/Chart.lock index 8dba8347357a80..b73c43c65f9796 100644 --- a/bitnami/mongodb-sharded/Chart.lock +++ b/bitnami/mongodb-sharded/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:34:18.444267518+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:57:16.335067122Z" diff --git a/bitnami/mongodb-sharded/Chart.yaml b/bitnami/mongodb-sharded/Chart.yaml index c3bf67ded2d23d..d569de22bae20c 100644 --- a/bitnami/mongodb-sharded/Chart.yaml +++ b/bitnami/mongodb-sharded/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: mongodb-exporter - image: docker.io/bitnami/mongodb-exporter:0.40.0-debian-11-r6 + image: docker.io/bitnami/mongodb-exporter:0.40.0-debian-12-r11 - name: mongodb-sharded - image: docker.io/bitnami/mongodb-sharded:7.0.5-debian-11-r6 + image: docker.io/bitnami/mongodb-sharded:7.0.5-debian-12-r2 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 7.0.5 dependencies: @@ -35,4 +35,4 @@ maintainers: name: mongodb-sharded sources: - https://github.com/bitnami/charts/tree/main/bitnami/mongodb-sharded -version: 7.7.0 +version: 7.7.1 diff --git a/bitnami/mongodb-sharded/values.yaml b/bitnami/mongodb-sharded/values.yaml index 46e79434d56465..36a11bd7f59804 100644 --- a/bitnami/mongodb-sharded/values.yaml +++ b/bitnami/mongodb-sharded/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mongodb-sharded - tag: 7.0.5-debian-11-r6 + tag: 7.0.5-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -244,7 +244,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -1734,7 +1734,7 @@ metrics: image: registry: docker.io repository: bitnami/mongodb-exporter - tag: 0.40.0-debian-11-r6 + tag: 0.40.0-debian-12-r11 digest: "" pullPolicy: Always ## Optionally specify an array of imagePullSecrets. From 7946235da8cf482a26ba7c4cbd3977d96056bc4d Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:06:36 +0100 Subject: [PATCH 108/129] [bitnami/apisix] Release 2.8.2 updating components versions (#23733) Signed-off-by: Bitnami Containers --- bitnami/apisix/Chart.yaml | 6 +++--- bitnami/apisix/values.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bitnami/apisix/Chart.yaml b/bitnami/apisix/Chart.yaml index db45afa0febfaf..2733210ea14e83 100644 --- a/bitnami/apisix/Chart.yaml +++ b/bitnami/apisix/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: apisix - image: docker.io/bitnami/apisix:3.8.0-debian-12-r6 + image: docker.io/bitnami/apisix:3.8.0-debian-12-r7 - name: apisix-dashboard image: docker.io/bitnami/apisix-dashboard:3.0.1-debian-12-r21 - name: apisix-ingress-controller - image: docker.io/bitnami/apisix-ingress-controller:1.8.0-debian-12-r10 + image: docker.io/bitnami/apisix-ingress-controller:1.8.0-debian-12-r11 - name: os-shell image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 @@ -45,4 +45,4 @@ sources: - https://github.com/bitnami/charts/tree/main/bitnami/apisix - https://github.com/bitnami/charts/tree/main/bitnami/apisix-dashboard - https://github.com/bitnami/charts/tree/main/bitnami/apisix-ingress-controller -version: 2.8.1 +version: 2.8.2 diff --git a/bitnami/apisix/values.yaml b/bitnami/apisix/values.yaml index 1ed447ec9b0a97..517cf439b5da5f 100644 --- a/bitnami/apisix/values.yaml +++ b/bitnami/apisix/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/apisix - tag: 3.8.0-debian-12-r6 + tag: 3.8.0-debian-12-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2383,7 +2383,7 @@ ingressController: image: registry: docker.io repository: bitnami/apisix-ingress-controller - tag: 1.8.0-debian-12-r10 + tag: 1.8.0-debian-12-r11 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 0fb61c9c04bfa6ecfdee443b2bfe82bd6fb2ffb0 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:10:55 +0100 Subject: [PATCH 109/129] [bitnami/argo-workflows] Release 6.6.3 updating components versions (#23740) Signed-off-by: Bitnami Containers --- bitnami/argo-workflows/Chart.yaml | 8 ++++---- bitnami/argo-workflows/values.yaml | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/bitnami/argo-workflows/Chart.yaml b/bitnami/argo-workflows/Chart.yaml index 613cd90b3a7fda..fcc90e5090fb55 100644 --- a/bitnami/argo-workflows/Chart.yaml +++ b/bitnami/argo-workflows/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: argo-workflow-cli - image: docker.io/bitnami/argo-workflow-cli:3.5.4-debian-12-r6 + image: docker.io/bitnami/argo-workflow-cli:3.5.4-debian-12-r7 - name: argo-workflow-controller - image: docker.io/bitnami/argo-workflow-controller:3.5.4-debian-12-r6 + image: docker.io/bitnami/argo-workflow-controller:3.5.4-debian-12-r7 - name: argo-workflow-exec - image: docker.io/bitnami/argo-workflow-exec:3.5.4-debian-12-r9 + image: docker.io/bitnami/argo-workflow-exec:3.5.4-debian-12-r10 apiVersion: v2 appVersion: 3.5.4 dependencies: @@ -42,4 +42,4 @@ maintainers: name: argo-workflows sources: - https://github.com/bitnami/charts/tree/main/bitnami/argo-workflows -version: 6.6.2 +version: 6.6.3 diff --git a/bitnami/argo-workflows/values.yaml b/bitnami/argo-workflows/values.yaml index 7169a0f4c954c1..16ffefa87c1183 100644 --- a/bitnami/argo-workflows/values.yaml +++ b/bitnami/argo-workflows/values.yaml @@ -66,7 +66,7 @@ server: image: registry: docker.io repository: bitnami/argo-workflow-cli - tag: 3.5.4-debian-12-r6 + tag: 3.5.4-debian-12-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -552,7 +552,7 @@ controller: image: registry: docker.io repository: bitnami/argo-workflow-controller - tag: 3.5.4-debian-12-r6 + tag: 3.5.4-debian-12-r7 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1104,7 +1104,7 @@ executor: image: registry: docker.io repository: bitnami/argo-workflow-exec - tag: 3.5.4-debian-12-r9 + tag: 3.5.4-debian-12-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 8677e71e8040ed92b99fae6a0e915fc85698dba6 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:11:02 +0100 Subject: [PATCH 110/129] [bitnami/aspnet-core] Release 5.6.2 updating components versions (#23734) Signed-off-by: Bitnami Containers --- bitnami/aspnet-core/Chart.yaml | 4 ++-- bitnami/aspnet-core/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bitnami/aspnet-core/Chart.yaml b/bitnami/aspnet-core/Chart.yaml index 924932fc503c45..e4bc65bcb0dd88 100644 --- a/bitnami/aspnet-core/Chart.yaml +++ b/bitnami/aspnet-core/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: aspnet-core - image: docker.io/bitnami/aspnet-core:8.0.2-debian-12-r1 + image: docker.io/bitnami/aspnet-core:8.0.2-debian-12-r2 - name: dotnet-sdk image: docker.io/bitnami/dotnet-sdk:8.0.200-debian-12-r1 - name: git @@ -31,4 +31,4 @@ maintainers: name: aspnet-core sources: - https://github.com/bitnami/charts/tree/main/bitnami/aspnet-core -version: 5.6.1 +version: 5.6.2 diff --git a/bitnami/aspnet-core/values.yaml b/bitnami/aspnet-core/values.yaml index e7572962ced917..2558b5c16b7e36 100644 --- a/bitnami/aspnet-core/values.yaml +++ b/bitnami/aspnet-core/values.yaml @@ -62,7 +62,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/aspnet-core - tag: 8.0.2-debian-12-r1 + tag: 8.0.2-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 03a44ae68d7aa17f8260926c39842b7c380ec3cc Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:11:08 +0100 Subject: [PATCH 111/129] [bitnami/airflow] Release 16.8.2 updating components versions (#23735) Signed-off-by: Bitnami Containers --- bitnami/airflow/Chart.yaml | 10 +++++----- bitnami/airflow/values.yaml | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bitnami/airflow/Chart.yaml b/bitnami/airflow/Chart.yaml index fcb52bd5ba28a8..3ce5d156581092 100644 --- a/bitnami/airflow/Chart.yaml +++ b/bitnami/airflow/Chart.yaml @@ -6,13 +6,13 @@ annotations: licenses: Apache-2.0 images: | - name: airflow - image: docker.io/bitnami/airflow:2.8.1-debian-12-r10 + image: docker.io/bitnami/airflow:2.8.1-debian-12-r11 - name: airflow-exporter - image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-12-r23 + image: docker.io/bitnami/airflow-exporter:0.20220314.0-debian-12-r24 - name: airflow-scheduler - image: docker.io/bitnami/airflow-scheduler:2.8.1-debian-12-r9 + image: docker.io/bitnami/airflow-scheduler:2.8.1-debian-12-r10 - name: airflow-worker - image: docker.io/bitnami/airflow-worker:2.8.1-debian-12-r9 + image: docker.io/bitnami/airflow-worker:2.8.1-debian-12-r10 - name: git image: docker.io/bitnami/git:2.43.2-debian-12-r1 - name: os-shell @@ -47,4 +47,4 @@ maintainers: name: airflow sources: - https://github.com/bitnami/charts/tree/main/bitnami/airflow -version: 16.8.1 +version: 16.8.2 diff --git a/bitnami/airflow/values.yaml b/bitnami/airflow/values.yaml index beff8d1fac7eda..31b6c66d1eddd3 100644 --- a/bitnami/airflow/values.yaml +++ b/bitnami/airflow/values.yaml @@ -184,7 +184,7 @@ web: image: registry: docker.io repository: bitnami/airflow - tag: 2.8.1-debian-12-r10 + tag: 2.8.1-debian-12-r11 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -525,7 +525,7 @@ scheduler: image: registry: docker.io repository: bitnami/airflow-scheduler - tag: 2.8.1-debian-12-r9 + tag: 2.8.1-debian-12-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -842,7 +842,7 @@ worker: image: registry: docker.io repository: bitnami/airflow-worker - tag: 2.8.1-debian-12-r9 + tag: 2.8.1-debian-12-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1579,7 +1579,7 @@ metrics: image: registry: docker.io repository: bitnami/airflow-exporter - tag: 0.20220314.0-debian-12-r23 + tag: 0.20220314.0-debian-12-r24 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 4838d0012aadb9d06732357c10279fb372c8eb6b Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:11:53 +0100 Subject: [PATCH 112/129] [bitnami/apache] Release 10.6.2 updating components versions (#23737) Signed-off-by: Bitnami Containers --- bitnami/apache/Chart.yaml | 6 +++--- bitnami/apache/values.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bitnami/apache/Chart.yaml b/bitnami/apache/Chart.yaml index 9ab491f0898f81..f9408c3944f930 100644 --- a/bitnami/apache/Chart.yaml +++ b/bitnami/apache/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: apache - image: docker.io/bitnami/apache:2.4.58-debian-12-r16 + image: docker.io/bitnami/apache:2.4.58-debian-12-r17 - name: apache-exporter - image: docker.io/bitnami/apache-exporter:1.0.6-debian-12-r6 + image: docker.io/bitnami/apache-exporter:1.0.6-debian-12-r7 - name: git image: docker.io/bitnami/git:2.43.2-debian-12-r1 apiVersion: v2 @@ -35,4 +35,4 @@ maintainers: name: apache sources: - https://github.com/bitnami/charts/tree/main/bitnami/apache -version: 10.6.1 +version: 10.6.2 diff --git a/bitnami/apache/values.yaml b/bitnami/apache/values.yaml index 4b4ddd86344f84..11066ba60dfc10 100644 --- a/bitnami/apache/values.yaml +++ b/bitnami/apache/values.yaml @@ -53,7 +53,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/apache - tag: 2.4.58-debian-12-r16 + tag: 2.4.58-debian-12-r17 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -617,7 +617,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 1.0.6-debian-12-r6 + tag: 1.0.6-debian-12-r7 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From f84796a63f0d6d071033ed875be9b623c7f98f42 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:12:29 +0100 Subject: [PATCH 113/129] [bitnami/clickhouse] Release 5.2.2 updating components versions (#23738) Signed-off-by: Bitnami Containers --- bitnami/clickhouse/Chart.lock | 6 +++--- bitnami/clickhouse/Chart.yaml | 4 ++-- bitnami/clickhouse/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/clickhouse/Chart.lock b/bitnami/clickhouse/Chart.lock index d7e44124796218..5a80313402bbab 100644 --- a/bitnami/clickhouse/Chart.lock +++ b/bitnami/clickhouse/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: zookeeper repository: oci://registry-1.docker.io/bitnamicharts - version: 12.9.0 + version: 12.10.1 - name: common repository: oci://registry-1.docker.io/bitnamicharts version: 2.16.1 -digest: sha256:b3683d34b21beb8a442eba300f8a571eae2ed16e85155f46d0a5a7f023d7c0d1 -generated: "2024-02-21T12:07:26.204659357Z" +digest: sha256:6ad2824d3d172a317d273366daf056a3721c230f6782eb678a12132ba05a0252 +generated: "2024-02-21T15:56:44.805152741Z" diff --git a/bitnami/clickhouse/Chart.yaml b/bitnami/clickhouse/Chart.yaml index 8eb90b11c05c3e..9c39dfadadbe71 100644 --- a/bitnami/clickhouse/Chart.yaml +++ b/bitnami/clickhouse/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: clickhouse - image: docker.io/bitnami/clickhouse:24.1.5-debian-12-r2 + image: docker.io/bitnami/clickhouse:24.1.5-debian-12-r3 - name: os-shell image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: zookeeper @@ -35,4 +35,4 @@ maintainers: name: clickhouse sources: - https://github.com/bitnami/charts/tree/main/bitnami/clickhouse -version: 5.2.1 +version: 5.2.2 diff --git a/bitnami/clickhouse/values.yaml b/bitnami/clickhouse/values.yaml index bc40305e247239..42e0d7d2fe7eaa 100644 --- a/bitnami/clickhouse/values.yaml +++ b/bitnami/clickhouse/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/clickhouse - tag: 24.1.5-debian-12-r2 + tag: 24.1.5-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From c2b8c51ae857f19a2f24230931df6381c761e6fb Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:14:04 +0100 Subject: [PATCH 114/129] [bitnami/flux] Release 1.8.1 updating components versions (#23706) Signed-off-by: Bitnami Containers --- bitnami/flux/Chart.lock | 6 +++--- bitnami/flux/Chart.yaml | 18 +++++++++--------- bitnami/flux/values.yaml | 14 +++++++------- 3 files changed, 19 insertions(+), 19 deletions(-) diff --git a/bitnami/flux/Chart.lock b/bitnami/flux/Chart.lock index 2fe6ade1e0d77c..eaddcaa3508ba2 100644 --- a/bitnami/flux/Chart.lock +++ b/bitnami/flux/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T14:53:50.334937625+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:36:17.997342206Z" diff --git a/bitnami/flux/Chart.yaml b/bitnami/flux/Chart.yaml index 6dc0fb5909d9c8..af6006b3799a41 100644 --- a/bitnami/flux/Chart.yaml +++ b/bitnami/flux/Chart.yaml @@ -5,20 +5,20 @@ annotations: category: Infrastructure licenses: Apache-2.0 images: | - - name: fluxcd-source-controller - image: docker.io/bitnami/fluxcd-source-controller:1.2.4-debian-11-r2 - name: fluxcd-helm-controller - image: docker.io/bitnami/fluxcd-helm-controller:0.37.4-debian-11-r1 + image: docker.io/bitnami/fluxcd-helm-controller:0.37.4-debian-12-r4 - name: fluxcd-image-automation-controller - image: docker.io/bitnami/fluxcd-image-automation-controller:0.37.1-debian-11-r2 + image: docker.io/bitnami/fluxcd-image-automation-controller:0.37.1-debian-12-r4 - name: fluxcd-image-reflector-controller - image: docker.io/bitnami/fluxcd-image-reflector-controller:0.31.2-debian-11-r2 + image: docker.io/bitnami/fluxcd-image-reflector-controller:0.31.2-debian-12-r4 - name: fluxcd-kustomize-controller - image: docker.io/bitnami/fluxcd-kustomize-controller:1.2.2-debian-11-r1 + image: docker.io/bitnami/fluxcd-kustomize-controller:1.2.2-debian-12-r4 - name: fluxcd-notification-controller - image: docker.io/bitnami/fluxcd-notification-controller:1.2.4-debian-11-r2 + image: docker.io/bitnami/fluxcd-notification-controller:1.2.4-debian-12-r4 + - name: fluxcd-source-controller + image: docker.io/bitnami/fluxcd-source-controller:1.2.4-debian-12-r4 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 1.2.4 dependencies: @@ -43,4 +43,4 @@ maintainers: name: flux sources: - https://github.com/bitnami/charts/tree/main/bitnami/flux -version: 1.8.0 +version: 1.8.1 diff --git a/bitnami/flux/values.yaml b/bitnami/flux/values.yaml index b13389d0d96578..6cd8a245031b60 100644 --- a/bitnami/flux/values.yaml +++ b/bitnami/flux/values.yaml @@ -85,7 +85,7 @@ kustomizeController: image: registry: docker.io repository: bitnami/fluxcd-kustomize-controller - tag: 1.2.2-debian-11-r1 + tag: 1.2.2-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -598,7 +598,7 @@ helmController: image: registry: docker.io repository: bitnami/fluxcd-helm-controller - tag: 0.37.4-debian-11-r1 + tag: 0.37.4-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1111,7 +1111,7 @@ sourceController: image: registry: docker.io repository: bitnami/fluxcd-source-controller - tag: 1.2.4-debian-11-r2 + tag: 1.2.4-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1723,7 +1723,7 @@ notificationController: image: registry: docker.io repository: bitnami/fluxcd-notification-controller - tag: 1.2.4-debian-11-r2 + tag: 1.2.4-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2236,7 +2236,7 @@ imageAutomationController: image: registry: docker.io repository: bitnami/fluxcd-image-automation-controller - tag: 0.37.1-debian-11-r2 + tag: 0.37.1-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2749,7 +2749,7 @@ imageReflectorController: image: registry: docker.io repository: bitnami/fluxcd-image-reflector-controller - tag: 0.31.2-debian-11-r2 + tag: 0.31.2-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -3299,7 +3299,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 20ae965367da3598d4e5dff5e19ef5140a791c52 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:19:19 +0100 Subject: [PATCH 115/129] [bitnami/contour] Release 15.5.2 updating components versions (#23739) Signed-off-by: Bitnami Containers --- bitnami/contour/Chart.yaml | 4 ++-- bitnami/contour/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/bitnami/contour/Chart.yaml b/bitnami/contour/Chart.yaml index a384fc0ca09ff8..393cc6b66eeb8c 100644 --- a/bitnami/contour/Chart.yaml +++ b/bitnami/contour/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: contour - image: docker.io/bitnami/contour:1.27.1-debian-12-r2 + image: docker.io/bitnami/contour:1.27.1-debian-12-r3 - name: envoy image: docker.io/bitnami/envoy:1.27.3-debian-12-r3 - name: nginx @@ -32,4 +32,4 @@ maintainers: name: contour sources: - https://github.com/bitnami/charts/tree/main/bitnami/contour -version: 15.5.1 +version: 15.5.2 diff --git a/bitnami/contour/values.yaml b/bitnami/contour/values.yaml index c46340285656d6..0c26a74c907a85 100644 --- a/bitnami/contour/values.yaml +++ b/bitnami/contour/values.yaml @@ -92,7 +92,7 @@ contour: image: registry: docker.io repository: bitnami/contour - tag: 1.27.1-debian-12-r2 + tag: 1.27.1-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From f1b455dff6a6449b6c81bcf03ef35939ff651d58 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:20:03 +0100 Subject: [PATCH 116/129] [bitnami/supabase] Release 2.9.1 updating components versions (#23712) Signed-off-by: Bitnami Containers --- bitnami/supabase/Chart.lock | 8 ++++---- bitnami/supabase/Chart.yaml | 24 ++++++++++++------------ bitnami/supabase/values.yaml | 22 +++++++++++----------- 3 files changed, 27 insertions(+), 27 deletions(-) diff --git a/bitnami/supabase/Chart.lock b/bitnami/supabase/Chart.lock index 277f8a45ac90b2..b54516881772e7 100644 --- a/bitnami/supabase/Chart.lock +++ b/bitnami/supabase/Chart.lock @@ -1,12 +1,12 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.4 + version: 13.4.6 - name: kong repository: oci://registry-1.docker.io/bitnamicharts version: 10.4.2 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:667565a0bd31c198ac16b80cbf48ebe85336e6f542c7bdc5d35fe237fca494d4 -generated: "2024-02-14T16:10:38.169993447+01:00" + version: 2.16.1 +digest: sha256:f7bd94372cce504bf5c59fb95b7d12d9c16d910382ca129cf595afa0953a6e9a +generated: "2024-02-21T14:39:49.634348384Z" diff --git a/bitnami/supabase/Chart.yaml b/bitnami/supabase/Chart.yaml index eb9b2b3f4004de..346341bfc5216d 100644 --- a/bitnami/supabase/Chart.yaml +++ b/bitnami/supabase/Chart.yaml @@ -6,25 +6,25 @@ annotations: licenses: Apache-2.0 images: | - name: gotrue - image: docker.io/bitnami/gotrue:1.0.1-debian-11-r225 + image: docker.io/bitnami/gotrue:1.0.1-debian-12-r20 - name: jwt-cli - image: docker.io/bitnami/jwt-cli:6.0.0-debian-11-r28 + image: docker.io/bitnami/jwt-cli:6.0.0-debian-12-r16 - name: kubectl - image: docker.io/bitnami/kubectl:1.29.1-debian-11-r3 + image: docker.io/bitnami/kubectl:1.29.2-debian-12-r1 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: postgrest - image: docker.io/bitnami/postgrest:11.2.2-debian-11-r7 - - name: supabase-postgres-meta - image: docker.io/bitnami/supabase-postgres-meta:0.77.0-debian-11-r1 + image: docker.io/bitnami/postgrest:11.2.2-debian-12-r11 - name: supabase-postgres - image: docker.io/bitnami/supabase-postgres:15.1.1-debian-11-r10 + image: docker.io/bitnami/supabase-postgres:15.1.1-debian-12-r12 + - name: supabase-postgres-meta + image: docker.io/bitnami/supabase-postgres-meta:0.77.1-debian-12-r3 - name: supabase-realtime - image: docker.io/bitnami/supabase-realtime:2.25.62-debian-11-r1 + image: docker.io/bitnami/supabase-realtime:2.25.62-debian-12-r4 - name: supabase-storage - image: docker.io/bitnami/supabase-storage:0.46.5-debian-11-r2 + image: docker.io/bitnami/supabase-storage:0.47.0-debian-12-r2 - name: supabase-studio - image: docker.io/bitnami/supabase-studio:0.23.11-debian-11-r4 + image: docker.io/bitnami/supabase-studio:0.23.11-debian-12-r6 apiVersion: v2 appVersion: 0.23.11 dependencies: @@ -53,4 +53,4 @@ maintainers: name: supabase sources: - https://github.com/bitnami/charts/tree/main/bitnami/supabase -version: 2.9.0 +version: 2.9.1 diff --git a/bitnami/supabase/values.yaml b/bitnami/supabase/values.yaml index 3c8af1da81e66c..b7bce5fd08bd09 100644 --- a/bitnami/supabase/values.yaml +++ b/bitnami/supabase/values.yaml @@ -103,7 +103,7 @@ jwt: image: registry: docker.io repository: bitnami/jwt-cli - tag: 6.0.0-debian-11-r28 + tag: 6.0.0-debian-12-r16 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -130,7 +130,7 @@ jwt: ## registry: docker.io repository: bitnami/kubectl - tag: 1.29.1-debian-11-r3 + tag: 1.29.2-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -321,7 +321,7 @@ auth: image: registry: docker.io repository: bitnami/gotrue - tag: 1.0.1-debian-11-r225 + tag: 1.0.1-debian-12-r20 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -721,7 +721,7 @@ meta: image: registry: docker.io repository: bitnami/supabase-postgres-meta - tag: 0.77.0-debian-11-r1 + tag: 0.77.1-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1137,7 +1137,7 @@ realtime: image: registry: docker.io repository: bitnami/supabase-realtime - tag: 2.25.62-debian-11-r1 + tag: 2.25.62-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1535,7 +1535,7 @@ rest: image: registry: docker.io repository: bitnami/postgrest - tag: 11.2.2-debian-11-r7 + tag: 11.2.2-debian-12-r11 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1939,7 +1939,7 @@ storage: image: registry: docker.io repository: bitnami/supabase-storage - tag: 0.46.5-debian-11-r2 + tag: 0.47.0-debian-12-r2 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2388,7 +2388,7 @@ studio: image: registry: docker.io repository: bitnami/supabase-studio - tag: 0.23.11-debian-11-r4 + tag: 0.23.11-debian-12-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -2870,7 +2870,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -2921,7 +2921,7 @@ volumePermissions: psqlImage: registry: docker.io repository: bitnami/supabase-postgres - tag: 15.1.1-debian-11-r10 + tag: 15.1.1-debian-12-r12 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -3079,7 +3079,7 @@ postgresql: image: registry: docker.io repository: bitnami/supabase-postgres - tag: 15.1.1-debian-11-r10 + tag: 15.1.1-debian-12-r12 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From c154eff821c5814d9622e997157f759002a853aa Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:20:35 +0100 Subject: [PATCH 117/129] [bitnami/phpmyadmin] Release 14.5.1 updating components versions (#23711) Signed-off-by: Bitnami Containers --- bitnami/phpmyadmin/Chart.lock | 8 ++++---- bitnami/phpmyadmin/Chart.yaml | 6 +++--- bitnami/phpmyadmin/values.yaml | 4 ++-- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bitnami/phpmyadmin/Chart.lock b/bitnami/phpmyadmin/Chart.lock index 0f69a5174d526d..0c3de5b8b19217 100644 --- a/bitnami/phpmyadmin/Chart.lock +++ b/bitnami/phpmyadmin/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: mariadb repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.2 + version: 15.2.3 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:e6c360a71ba4fb2fc20c6dab115a1a614334e67943a8977637eab017593d6141 -generated: "2024-02-14T15:50:59.227574094+01:00" + version: 2.16.1 +digest: sha256:2f4178c546461823871a3e99890bfd98fe96a5275592ea9edf187f5aa7b1b45b +generated: "2024-02-21T14:39:53.882369961Z" diff --git a/bitnami/phpmyadmin/Chart.yaml b/bitnami/phpmyadmin/Chart.yaml index 0b8ddbe347e835..8e52c653ed79f1 100644 --- a/bitnami/phpmyadmin/Chart.yaml +++ b/bitnami/phpmyadmin/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: apache-exporter - image: docker.io/bitnami/apache-exporter:1.0.6-debian-11-r1 + image: docker.io/bitnami/apache-exporter:1.0.6-debian-12-r6 - name: phpmyadmin - image: docker.io/bitnami/phpmyadmin:5.2.1-debian-11-r131 + image: docker.io/bitnami/phpmyadmin:5.2.1-debian-12-r19 apiVersion: v2 appVersion: 5.2.1 dependencies: @@ -36,4 +36,4 @@ maintainers: name: phpmyadmin sources: - https://github.com/bitnami/charts/tree/main/bitnami/phpmyadmin -version: 14.5.0 +version: 14.5.1 diff --git a/bitnami/phpmyadmin/values.yaml b/bitnami/phpmyadmin/values.yaml index 8f16b5e4f6c148..a678a436f5f5ec 100644 --- a/bitnami/phpmyadmin/values.yaml +++ b/bitnami/phpmyadmin/values.yaml @@ -54,7 +54,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/phpmyadmin - tag: 5.2.1-debian-11-r131 + tag: 5.2.1-debian-12-r19 digest: "" ## Specify a imagePullPolicy ## @@ -601,7 +601,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 1.0.6-debian-11-r1 + tag: 1.0.6-debian-12-r6 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From c3c6ab571b469bd4c59c37238fffc9855e8d8d33 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:21:33 +0100 Subject: [PATCH 118/129] [bitnami/kube-state-metrics] Release 3.14.1 updating components versions (#23707) Signed-off-by: Bitnami Containers --- bitnami/kube-state-metrics/Chart.lock | 6 +++--- bitnami/kube-state-metrics/Chart.yaml | 4 ++-- bitnami/kube-state-metrics/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/kube-state-metrics/Chart.lock b/bitnami/kube-state-metrics/Chart.lock index 92fb009b25b1f0..79e887f20e1bc3 100644 --- a/bitnami/kube-state-metrics/Chart.lock +++ b/bitnami/kube-state-metrics/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:17:15.216455963+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:37:49.912692174Z" diff --git a/bitnami/kube-state-metrics/Chart.yaml b/bitnami/kube-state-metrics/Chart.yaml index 855ef6c4c7f915..029c008d31c9a6 100644 --- a/bitnami/kube-state-metrics/Chart.yaml +++ b/bitnami/kube-state-metrics/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: kube-state-metrics - image: docker.io/bitnami/kube-state-metrics:2.10.1-debian-11-r9 + image: docker.io/bitnami/kube-state-metrics:2.10.1-debian-12-r14 apiVersion: v2 appVersion: 2.10.1 dependencies: @@ -28,4 +28,4 @@ maintainers: name: kube-state-metrics sources: - https://github.com/bitnami/charts/tree/main/bitnami/kube-state-metrics -version: 3.14.0 +version: 3.14.1 diff --git a/bitnami/kube-state-metrics/values.yaml b/bitnami/kube-state-metrics/values.yaml index 67c85875a339f9..4004184fd5e605 100644 --- a/bitnami/kube-state-metrics/values.yaml +++ b/bitnami/kube-state-metrics/values.yaml @@ -101,7 +101,7 @@ serviceAccount: image: registry: docker.io repository: bitnami/kube-state-metrics - tag: 2.10.1-debian-11-r9 + tag: 2.10.1-debian-12-r14 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From b679cea51c0687c16fb86fecdd615215550aabe7 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:21:39 +0100 Subject: [PATCH 119/129] [bitnami/metrics-server] Release 6.11.1 updating components versions (#23716) Signed-off-by: Bitnami Containers --- bitnami/metrics-server/Chart.lock | 6 +++--- bitnami/metrics-server/Chart.yaml | 4 ++-- bitnami/metrics-server/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/metrics-server/Chart.lock b/bitnami/metrics-server/Chart.lock index 538110b740bada..1e53497898001b 100644 --- a/bitnami/metrics-server/Chart.lock +++ b/bitnami/metrics-server/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:31:06.282975985+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:42:24.908719958Z" diff --git a/bitnami/metrics-server/Chart.yaml b/bitnami/metrics-server/Chart.yaml index f5ebf49f2ce3d0..01915166715461 100644 --- a/bitnami/metrics-server/Chart.yaml +++ b/bitnami/metrics-server/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: metrics-server - image: docker.io/bitnami/metrics-server:0.7.0-debian-11-r4 + image: docker.io/bitnami/metrics-server:0.7.0-debian-12-r6 apiVersion: v2 appVersion: 0.7.0 dependencies: @@ -28,4 +28,4 @@ maintainers: name: metrics-server sources: - https://github.com/bitnami/charts/tree/main/bitnami/metrics-server -version: 6.11.0 +version: 6.11.1 diff --git a/bitnami/metrics-server/values.yaml b/bitnami/metrics-server/values.yaml index 47ec6f15494986..af1fd962d6913e 100644 --- a/bitnami/metrics-server/values.yaml +++ b/bitnami/metrics-server/values.yaml @@ -67,7 +67,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/metrics-server - tag: 0.7.0-debian-11-r4 + tag: 0.7.0-debian-12-r6 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 226b8e0c0c7e87090bbd4e22530328a253569b69 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:22:00 +0100 Subject: [PATCH 120/129] [bitnami/cassandra] Release 10.11.2 updating components versions (#23736) Signed-off-by: Bitnami Containers --- bitnami/cassandra/Chart.yaml | 6 +++--- bitnami/cassandra/values.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bitnami/cassandra/Chart.yaml b/bitnami/cassandra/Chart.yaml index 478295b472da29..ce1a87903e6927 100644 --- a/bitnami/cassandra/Chart.yaml +++ b/bitnami/cassandra/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: cassandra - image: docker.io/bitnami/cassandra:4.1.4-debian-12-r2 + image: docker.io/bitnami/cassandra:4.1.4-debian-12-r3 - name: cassandra-exporter - image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-12-r16 + image: docker.io/bitnami/cassandra-exporter:2.3.8-debian-12-r17 - name: os-shell image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 @@ -32,4 +32,4 @@ maintainers: name: cassandra sources: - https://github.com/bitnami/charts/tree/main/bitnami/cassandra -version: 10.11.1 +version: 10.11.2 diff --git a/bitnami/cassandra/values.yaml b/bitnami/cassandra/values.yaml index de318eaaa2a967..39228375106d91 100644 --- a/bitnami/cassandra/values.yaml +++ b/bitnami/cassandra/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/cassandra - tag: 4.1.4-debian-12-r2 + tag: 4.1.4-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -737,7 +737,7 @@ metrics: image: registry: docker.io repository: bitnami/cassandra-exporter - tag: 2.3.8-debian-12-r16 + tag: 2.3.8-debian-12-r17 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 1a3d86b0791c2a4a65678690decfed71ff1f652f Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:22:18 +0100 Subject: [PATCH 121/129] [bitnami/kubernetes-event-exporter] Release 2.15.1 updating components versions (#23715) Signed-off-by: Bitnami Containers --- bitnami/kubernetes-event-exporter/Chart.lock | 6 +++--- bitnami/kubernetes-event-exporter/Chart.yaml | 4 ++-- bitnami/kubernetes-event-exporter/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/kubernetes-event-exporter/Chart.lock b/bitnami/kubernetes-event-exporter/Chart.lock index d5a28338e77ef6..1c806f7df1ba1d 100644 --- a/bitnami/kubernetes-event-exporter/Chart.lock +++ b/bitnami/kubernetes-event-exporter/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:19:17.230320672+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:42:24.740236053Z" diff --git a/bitnami/kubernetes-event-exporter/Chart.yaml b/bitnami/kubernetes-event-exporter/Chart.yaml index d9d92b4f250976..3e6aaad8106918 100644 --- a/bitnami/kubernetes-event-exporter/Chart.yaml +++ b/bitnami/kubernetes-event-exporter/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: kubernetes-event-exporter - image: docker.io/bitnami/kubernetes-event-exporter:1.6.1-debian-11-r9 + image: docker.io/bitnami/kubernetes-event-exporter:1.6.1-debian-12-r14 apiVersion: v2 appVersion: 1.6.1 dependencies: @@ -31,4 +31,4 @@ maintainers: name: kubernetes-event-exporter sources: - https://github.com/bitnami/charts/tree/main/bitnami/kubernetes-event-exporter -version: 2.15.0 +version: 2.15.1 diff --git a/bitnami/kubernetes-event-exporter/values.yaml b/bitnami/kubernetes-event-exporter/values.yaml index ef5fce6eb7c529..3c5cb4a9e25845 100644 --- a/bitnami/kubernetes-event-exporter/values.yaml +++ b/bitnami/kubernetes-event-exporter/values.yaml @@ -76,7 +76,7 @@ image: ## registry: docker.io repository: bitnami/kubernetes-event-exporter - tag: 1.6.1-debian-11-r9 + tag: 1.6.1-debian-12-r14 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 996f6a640c9ef485d567f3893b582b35a2e31c2f Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:23:30 +0100 Subject: [PATCH 122/129] [bitnami/mongodb-sharded] Release 7.7.2 updating components versions (#23742) Signed-off-by: Bitnami Containers --- bitnami/mongodb-sharded/Chart.yaml | 6 +++--- bitnami/mongodb-sharded/values.yaml | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bitnami/mongodb-sharded/Chart.yaml b/bitnami/mongodb-sharded/Chart.yaml index d569de22bae20c..3a3825407291f2 100644 --- a/bitnami/mongodb-sharded/Chart.yaml +++ b/bitnami/mongodb-sharded/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: mongodb-exporter - image: docker.io/bitnami/mongodb-exporter:0.40.0-debian-12-r11 + image: docker.io/bitnami/mongodb-exporter:0.40.0-debian-12-r12 - name: mongodb-sharded - image: docker.io/bitnami/mongodb-sharded:7.0.5-debian-12-r2 + image: docker.io/bitnami/mongodb-sharded:7.0.5-debian-12-r3 - name: os-shell image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 @@ -35,4 +35,4 @@ maintainers: name: mongodb-sharded sources: - https://github.com/bitnami/charts/tree/main/bitnami/mongodb-sharded -version: 7.7.1 +version: 7.7.2 diff --git a/bitnami/mongodb-sharded/values.yaml b/bitnami/mongodb-sharded/values.yaml index 36a11bd7f59804..7a72f1f98cdeb0 100644 --- a/bitnami/mongodb-sharded/values.yaml +++ b/bitnami/mongodb-sharded/values.yaml @@ -76,7 +76,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/mongodb-sharded - tag: 7.0.5-debian-12-r2 + tag: 7.0.5-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1734,7 +1734,7 @@ metrics: image: registry: docker.io repository: bitnami/mongodb-exporter - tag: 0.40.0-debian-12-r11 + tag: 0.40.0-debian-12-r12 digest: "" pullPolicy: Always ## Optionally specify an array of imagePullSecrets. From 4a3e3507afe9369fc9a59c6c34d47e9a327c30b3 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:24:02 +0100 Subject: [PATCH 123/129] [bitnami/jupyterhub] Release 5.8.1 updating components versions (#23708) Signed-off-by: Bitnami Containers --- bitnami/jupyterhub/Chart.lock | 8 ++++---- bitnami/jupyterhub/Chart.yaml | 10 +++++----- bitnami/jupyterhub/values.yaml | 8 ++++---- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/bitnami/jupyterhub/Chart.lock b/bitnami/jupyterhub/Chart.lock index 4fdff194033c6f..5f403eb343427e 100644 --- a/bitnami/jupyterhub/Chart.lock +++ b/bitnami/jupyterhub/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: postgresql repository: oci://registry-1.docker.io/bitnamicharts - version: 13.4.4 + version: 13.4.6 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:e08d67109d82e36a3e93290f950311e7761cee1565ff9cf4af06faf37b10fa31 -generated: "2024-02-14T15:08:39.12007353+01:00" + version: 2.16.1 +digest: sha256:13493ce073076d218152b111a17dbcdd9a2173681ec0f2e51142c4819964c1da +generated: "2024-02-21T14:37:56.85246206Z" diff --git a/bitnami/jupyterhub/Chart.yaml b/bitnami/jupyterhub/Chart.yaml index 8a0ab110e810f3..4092c612d8f04e 100644 --- a/bitnami/jupyterhub/Chart.yaml +++ b/bitnami/jupyterhub/Chart.yaml @@ -6,13 +6,13 @@ annotations: licenses: Apache-2.0 images: | - name: configurable-http-proxy - image: docker.io/bitnami/configurable-http-proxy:4.6.1-debian-11-r5 + image: docker.io/bitnami/configurable-http-proxy:4.6.1-debian-12-r10 - name: jupyter-base-notebook - image: docker.io/bitnami/jupyter-base-notebook:4.0.2-debian-11-r75 + image: docker.io/bitnami/jupyter-base-notebook:4.0.2-debian-12-r25 - name: jupyterhub - image: docker.io/bitnami/jupyterhub:4.0.2-debian-11-r71 + image: docker.io/bitnami/jupyterhub:4.0.2-debian-12-r25 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 4.0.2 dependencies: @@ -37,4 +37,4 @@ maintainers: name: jupyterhub sources: - https://github.com/bitnami/charts/tree/main/bitnami/jupyterhub -version: 5.8.0 +version: 5.8.1 diff --git a/bitnami/jupyterhub/values.yaml b/bitnami/jupyterhub/values.yaml index 5641ae46727346..7d9444bab309d6 100644 --- a/bitnami/jupyterhub/values.yaml +++ b/bitnami/jupyterhub/values.yaml @@ -68,7 +68,7 @@ hub: image: registry: docker.io repository: bitnami/jupyterhub - tag: 4.0.2-debian-11-r71 + tag: 4.0.2-debian-12-r25 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -671,7 +671,7 @@ proxy: image: registry: docker.io repository: bitnami/configurable-http-proxy - tag: 4.6.1-debian-11-r5 + tag: 4.6.1-debian-12-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1519,7 +1519,7 @@ singleuser: image: registry: docker.io repository: bitnami/jupyter-base-notebook - tag: 4.0.2-debian-11-r75 + tag: 4.0.2-debian-12-r25 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -1740,7 +1740,7 @@ singleuser: auxiliaryImage: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From 7ba1daa5ddb69be0f3411d14dd46fea01c3780c7 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:24:07 +0100 Subject: [PATCH 124/129] [bitnami/phpbb] Release 16.4.1 updating components versions (#23709) Signed-off-by: Bitnami Containers --- bitnami/phpbb/Chart.lock | 8 ++++---- bitnami/phpbb/Chart.yaml | 8 ++++---- bitnami/phpbb/values.yaml | 6 +++--- 3 files changed, 11 insertions(+), 11 deletions(-) diff --git a/bitnami/phpbb/Chart.lock b/bitnami/phpbb/Chart.lock index 8a51870840ba03..5e478dbf2ff62c 100644 --- a/bitnami/phpbb/Chart.lock +++ b/bitnami/phpbb/Chart.lock @@ -1,9 +1,9 @@ dependencies: - name: mariadb repository: oci://registry-1.docker.io/bitnamicharts - version: 15.2.2 + version: 15.2.3 - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:02e9fc30c23cb9cdab4426cd29f465bcdedb599cc3ca71b93a050af21de75a9a -generated: "2024-02-14T15:48:53.741425963+01:00" + version: 2.16.1 +digest: sha256:aa458dbf23d5ef02fcef95f38e53da0a1891b5aa4ca1564c8c057c30a147865a +generated: "2024-02-21T14:38:08.695558704Z" diff --git a/bitnami/phpbb/Chart.yaml b/bitnami/phpbb/Chart.yaml index f9efdf38e21500..0f5984c7b570b7 100644 --- a/bitnami/phpbb/Chart.yaml +++ b/bitnami/phpbb/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: apache-exporter - image: docker.io/bitnami/apache-exporter:1.0.6-debian-11-r1 + image: docker.io/bitnami/apache-exporter:1.0.6-debian-12-r6 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 - name: phpbb - image: docker.io/bitnami/phpbb:3.3.11-debian-11-r7 + image: docker.io/bitnami/phpbb:3.3.11-debian-12-r14 apiVersion: v2 appVersion: 3.3.11 dependencies: @@ -37,4 +37,4 @@ maintainers: name: phpbb sources: - https://github.com/bitnami/charts/tree/main/bitnami/phpbb -version: 16.4.0 +version: 16.4.1 diff --git a/bitnami/phpbb/values.yaml b/bitnami/phpbb/values.yaml index f18ef00900bda3..decea7dcc3f543 100644 --- a/bitnami/phpbb/values.yaml +++ b/bitnami/phpbb/values.yaml @@ -56,7 +56,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/phpbb - tag: 3.3.11-debian-11-r7 + tag: 3.3.11-debian-12-r14 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -175,7 +175,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. @@ -714,7 +714,7 @@ metrics: image: registry: docker.io repository: bitnami/apache-exporter - tag: 1.0.6-debian-11-r1 + tag: 1.0.6-debian-12-r6 digest: "" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. From b334020d6e218ba99785527c309ee01ac64ee590 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:25:38 +0100 Subject: [PATCH 125/129] [bitnami/sealed-secrets] Release 1.10.1 updating components versions (#23697) Signed-off-by: Bitnami Containers --- bitnami/sealed-secrets/Chart.lock | 6 +++--- bitnami/sealed-secrets/Chart.yaml | 4 ++-- bitnami/sealed-secrets/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/sealed-secrets/Chart.lock b/bitnami/sealed-secrets/Chart.lock index 17e6a1e2ef87c9..ae461d68084d16 100644 --- a/bitnami/sealed-secrets/Chart.lock +++ b/bitnami/sealed-secrets/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T16:04:00.233408717+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:32:57.29188755Z" diff --git a/bitnami/sealed-secrets/Chart.yaml b/bitnami/sealed-secrets/Chart.yaml index 5bf61bda9e33aa..af3eb487f210f0 100644 --- a/bitnami/sealed-secrets/Chart.yaml +++ b/bitnami/sealed-secrets/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: sealed-secrets-controller - image: docker.io/bitnami/sealed-secrets-controller:0.26.0-debian-11-r0 + image: docker.io/bitnami/sealed-secrets-controller:0.26.0-debian-12-r1 apiVersion: v2 appVersion: 0.26.0 dependencies: @@ -29,4 +29,4 @@ name: sealed-secrets sources: - https://github.com/bitnami/charts/tree/main/bitnami/sealed-secrets - https://github.com/bitnami-labs/sealed-secrets -version: 1.10.0 +version: 1.10.1 diff --git a/bitnami/sealed-secrets/values.yaml b/bitnami/sealed-secrets/values.yaml index 1c8f63d8835c6a..7f443bc43d3841 100644 --- a/bitnami/sealed-secrets/values.yaml +++ b/bitnami/sealed-secrets/values.yaml @@ -62,7 +62,7 @@ extraDeploy: [] image: registry: docker.io repository: bitnami/sealed-secrets-controller - tag: 0.26.0-debian-11-r0 + tag: 0.26.0-debian-12-r1 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 0e794fcf139a8bc3153d73be04621ff84116267d Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:26:00 +0100 Subject: [PATCH 126/129] [bitnami/kuberay] Release 0.6.1 updating components versions (#23714) Signed-off-by: Bitnami Containers --- bitnami/kuberay/Chart.lock | 6 +++--- bitnami/kuberay/Chart.yaml | 8 ++++---- bitnami/kuberay/values.yaml | 6 +++--- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/bitnami/kuberay/Chart.lock b/bitnami/kuberay/Chart.lock index c5941eddd0da5e..7b29b9cb63a7ac 100644 --- a/bitnami/kuberay/Chart.lock +++ b/bitnami/kuberay/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T15:18:57.732250798+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:41:47.280628765Z" diff --git a/bitnami/kuberay/Chart.yaml b/bitnami/kuberay/Chart.yaml index 6f2f1d72448bda..4683efff570225 100644 --- a/bitnami/kuberay/Chart.yaml +++ b/bitnami/kuberay/Chart.yaml @@ -6,11 +6,11 @@ annotations: licenses: Apache-2.0 images: | - name: kuberay-apiserver - image: docker.io/bitnami/kuberay-apiserver:1.0.0-debian-11-r7 + image: docker.io/bitnami/kuberay-apiserver:1.0.0-debian-12-r10 - name: kuberay-operator - image: docker.io/bitnami/kuberay-operator:1.0.0-debian-11-r10 + image: docker.io/bitnami/kuberay-operator:1.0.0-debian-12-r13 - name: ray - image: docker.io/bitnami/ray:2.9.2-debian-11-r0 + image: docker.io/bitnami/ray:2.9.2-debian-12-r3 apiVersion: v2 appVersion: 1.0.0 dependencies: @@ -32,4 +32,4 @@ maintainers: name: kuberay sources: - https://github.com/bitnami/charts/tree/main/bitnami/kuberay -version: 0.6.0 +version: 0.6.1 diff --git a/bitnami/kuberay/values.yaml b/bitnami/kuberay/values.yaml index 49d9314c099fe3..94025149d89c57 100644 --- a/bitnami/kuberay/values.yaml +++ b/bitnami/kuberay/values.yaml @@ -73,7 +73,7 @@ diagnosticMode: rayImage: registry: docker.io repository: bitnami/ray - tag: 2.9.2-debian-11-r0 + tag: 2.9.2-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -110,7 +110,7 @@ operator: image: registry: docker.io repository: bitnami/kuberay-operator - tag: 1.0.0-debian-11-r10 + tag: 1.0.0-debian-12-r13 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -760,7 +760,7 @@ apiserver: image: registry: docker.io repository: bitnami/kuberay-apiserver - tag: 1.0.0-debian-11-r7 + tag: 1.0.0-debian-12-r10 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 838cf89e4956b8f661c9bb7791fdbcd8484be121 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:27:08 +0100 Subject: [PATCH 127/129] [bitnami/flink] Release 0.10.1 updating components versions (#23704) Signed-off-by: Bitnami Containers --- bitnami/flink/Chart.lock | 6 +++--- bitnami/flink/Chart.yaml | 4 ++-- bitnami/flink/values.yaml | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/bitnami/flink/Chart.lock b/bitnami/flink/Chart.lock index 0af9ea55d59034..05859a31ac8b05 100644 --- a/bitnami/flink/Chart.lock +++ b/bitnami/flink/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T14:50:54.647870165+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:36:12.883585735Z" diff --git a/bitnami/flink/Chart.yaml b/bitnami/flink/Chart.yaml index 4b5b5ade4af49c..c10b08b0034c4f 100644 --- a/bitnami/flink/Chart.yaml +++ b/bitnami/flink/Chart.yaml @@ -6,7 +6,7 @@ annotations: licenses: Apache-2.0 images: | - name: flink - image: docker.io/bitnami/flink:1.18.1-debian-11-r4 + image: docker.io/bitnami/flink:1.18.1-debian-12-r9 apiVersion: v2 appVersion: 1.18.1 dependencies: @@ -28,4 +28,4 @@ maintainers: name: flink sources: - https://github.com/bitnami/charts/tree/main/bitnami/flink -version: 0.10.0 +version: 0.10.1 diff --git a/bitnami/flink/values.yaml b/bitnami/flink/values.yaml index 19d62994a1a111..c33d42762693d9 100644 --- a/bitnami/flink/values.yaml +++ b/bitnami/flink/values.yaml @@ -70,7 +70,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/flink - tag: 1.18.1-debian-11-r4 + tag: 1.18.1-debian-12-r9 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 6320ee83541271390b94d0f1fbe5d4d63554484c Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:29:11 +0100 Subject: [PATCH 128/129] [bitnami/cert-manager] Release 0.21.1 updating components versions (#23702) Signed-off-by: Bitnami Containers --- bitnami/cert-manager/Chart.lock | 6 +++--- bitnami/cert-manager/Chart.yaml | 12 ++++++------ bitnami/cert-manager/values.yaml | 8 ++++---- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/bitnami/cert-manager/Chart.lock b/bitnami/cert-manager/Chart.lock index b7ec4e8a7f85b7..a9da84017ee361 100644 --- a/bitnami/cert-manager/Chart.lock +++ b/bitnami/cert-manager/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T14:39:08.242204883+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:34:33.19835552Z" diff --git a/bitnami/cert-manager/Chart.yaml b/bitnami/cert-manager/Chart.yaml index c33ca2812e20db..82d3aedec2d6f2 100644 --- a/bitnami/cert-manager/Chart.yaml +++ b/bitnami/cert-manager/Chart.yaml @@ -6,13 +6,13 @@ annotations: licenses: Apache-2.0 images: | - name: acmesolver - image: docker.io/bitnami/acmesolver:1.14.2-debian-11-r0 + image: docker.io/bitnami/acmesolver:1.14.2-debian-12-r4 - name: cainjector - image: docker.io/bitnami/cainjector:1.14.2-debian-11-r0 - - name: cert-manager-webhook - image: docker.io/bitnami/cert-manager-webhook:1.14.2-debian-11-r0 + image: docker.io/bitnami/cainjector:1.14.2-debian-12-r4 - name: cert-manager - image: docker.io/bitnami/cert-manager:1.14.2-debian-11-r0 + image: docker.io/bitnami/cert-manager:1.14.2-debian-12-r3 + - name: cert-manager-webhook + image: docker.io/bitnami/cert-manager-webhook:1.14.2-debian-12-r3 apiVersion: v2 appVersion: 1.14.2 dependencies: @@ -35,4 +35,4 @@ maintainers: name: cert-manager sources: - https://github.com/bitnami/charts/tree/main/bitnami/cert-manager -version: 0.21.0 +version: 0.21.1 diff --git a/bitnami/cert-manager/values.yaml b/bitnami/cert-manager/values.yaml index 72547e7f414727..b00557f991e46c 100644 --- a/bitnami/cert-manager/values.yaml +++ b/bitnami/cert-manager/values.yaml @@ -70,7 +70,7 @@ controller: image: registry: docker.io repository: bitnami/cert-manager - tag: 1.14.2-debian-11-r0 + tag: 1.14.2-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -101,7 +101,7 @@ controller: image: registry: docker.io repository: bitnami/acmesolver - tag: 1.14.2-debian-11-r0 + tag: 1.14.2-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -470,7 +470,7 @@ webhook: image: registry: docker.io repository: bitnami/cert-manager-webhook - tag: 1.14.2-debian-11-r0 + tag: 1.14.2-debian-12-r3 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' @@ -823,7 +823,7 @@ cainjector: image: registry: docker.io repository: bitnami/cainjector - tag: 1.14.2-debian-11-r0 + tag: 1.14.2-debian-12-r4 digest: "" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' From 277354f02021bd0f1851f7dbe8885afeb197e2ad Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Wed, 21 Feb 2024 17:30:03 +0100 Subject: [PATCH 129/129] [bitnami/etcd] Release 9.14.1 updating components versions (#23701) Signed-off-by: Bitnami Containers --- bitnami/etcd/Chart.lock | 6 +++--- bitnami/etcd/Chart.yaml | 6 +++--- bitnami/etcd/values.yaml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bitnami/etcd/Chart.lock b/bitnami/etcd/Chart.lock index 5432b8c6a1f7ad..606b20ff0bfd46 100644 --- a/bitnami/etcd/Chart.lock +++ b/bitnami/etcd/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common repository: oci://registry-1.docker.io/bitnamicharts - version: 2.15.3 -digest: sha256:d80293db4b59902571fcfcbeabb6b81aebb1c05e8a6d25510053e7c329d73002 -generated: "2024-02-14T14:49:04.260649712+01:00" + version: 2.16.1 +digest: sha256:f808a6fdc9c374d158ad7ff2f2c53a6c409e41da778d768b232dd20f86ef8b47 +generated: "2024-02-21T14:34:32.721320104Z" diff --git a/bitnami/etcd/Chart.yaml b/bitnami/etcd/Chart.yaml index f07fbfcd59f1db..0de43b4550004c 100644 --- a/bitnami/etcd/Chart.yaml +++ b/bitnami/etcd/Chart.yaml @@ -6,9 +6,9 @@ annotations: licenses: Apache-2.0 images: | - name: etcd - image: docker.io/bitnami/etcd:3.5.12-debian-11-r3 + image: docker.io/bitnami/etcd:3.5.12-debian-12-r6 - name: os-shell - image: docker.io/bitnami/os-shell:11-debian-11-r96 + image: docker.io/bitnami/os-shell:12-debian-12-r15 apiVersion: v2 appVersion: 3.5.12 dependencies: @@ -32,4 +32,4 @@ maintainers: name: etcd sources: - https://github.com/bitnami/charts/tree/main/bitnami/etcd -version: 9.14.0 +version: 9.14.1 diff --git a/bitnami/etcd/values.yaml b/bitnami/etcd/values.yaml index 5b006e412a10c8..1b20e892cec2a8 100644 --- a/bitnami/etcd/values.yaml +++ b/bitnami/etcd/values.yaml @@ -70,7 +70,7 @@ diagnosticMode: image: registry: docker.io repository: bitnami/etcd - tag: 3.5.12-debian-11-r3 + tag: 3.5.12-debian-12-r6 digest: "" ## @param image.pullPolicy etcd image pull policy ## Specify a imagePullPolicy @@ -662,7 +662,7 @@ volumePermissions: image: registry: docker.io repository: bitnami/os-shell - tag: 11-debian-11-r96 + tag: 12-debian-12-r15 digest: "" ## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy ##