This repository has been archived by the owner on Sep 17, 2020. It is now read-only.
Nexus service account #4
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ocol (helm#19582) * Configure parse-dashboard to form Urls with HTTPS protocol Signed-off-by: darteaga <[email protected]> * remove reasignaments in helpers Signed-off-by: darteaga <[email protected]>
…19430) Signed-off-by: Ivan Sukhomlyn <[email protected]>
* adds loadBalancerSourceRanges to service Signed-off-by: Dennis Webb <[email protected]> * [stable/kube2iam] adds loadBalancerSourceRanges to values-production.yaml Signed-off-by: Dennis Webb <[email protected]>
… for acme.staging (helm#19567) * allow traefik support of string or boolean for the acme.staging value Signed-off-by: dduportal <[email protected]> * allow traefik to be configured for a custom caServer when using ACME protocol Signed-off-by: dduportal <[email protected]> * stable/traefik chart version bump Signed-off-by: dduportal <[email protected]> * fix acme.staging value type to support both boolean and string Signed-off-by: dduportal <[email protected]> * Lint fix trailing spaces Signed-off-by: dduportal <[email protected]>
…elm#19533) * [stable/datadog] Remove the seccomp profile for system-probe The `system-probe` container currently has a specific seccomp profile. This seccomp profile currently misses some syscalls that are necessary to exec inside the container. Concretely, attempting to exec inside the container produces this error: ``` $ kubectl exec -ti datadog-fswnc -c system-probe /bin/bash shell-init: error retrieving current directory: getcwd: cannot access parent directories: Operation not permitted bash: initialize_job_control: getpgrp failed: Operation not permitted command terminated with exit code 1 ``` If we add `setpgrp` to the seccomp profile, we get: ``` $ kubectl exec -ti datadog-kbg97 -c system-probe /bin/bash shell-init: error retrieving current directory: getcwd: cannot access parent directories: Operation not permitted I have no name!@datadog-kbg97:.$ exit ``` If we add `getcwd`, we get: ``` $ kubectl exec -ti datadog-7b7lf -c system-probe /bin/bash I have no name!@datadog-7b7lf:/$ exit ``` If we add `geteuid` and `geteuid32`, we get: ``` $ kubectl exec -ti datadog-c42rb -c system-probe /bin/bash /bin/bash: cannot set uid to -1: effective uid 0: Invalid argument /bin/bash: cannot set gid to -1: effective gid -1: Invalid argument bash-5.0$ exit ``` If we get `getgid` and `getgid32`, we get: ``` $ kubectl exec -ti datadog-tp4qd -c system-probe /bin/bash /bin/bash: cannot set uid to -1: effective uid 0: Invalid argument bash-5.0$ exit ``` etc. If we compare the seccomp profile of `system-probe` with the [default one](https://github.com/moby/moby/blob/4b0371fb36a958589319ab7c501ff4bc22645cfa/profiles/seccomp/default.json), we see that a lot of syscalls that are missing are innocuous (`getcwd`) or might become useful one day (`inotify` family) Some syscalls are added on purpose for the `system-probe` container like `bpf` or `perf_event_open` ones. But those syscalls are part of the [default seccomp profile for containers that have the `SYS_ADMIN` capability](https://github.com/moby/moby/blob/4b0371fb36a958589319ab7c501ff4bc22645cfa/profiles/seccomp/default.json#L567-L594), and the [`system-probe` container do have the `SYS_ADMIN` capability](https://github.com/helm/charts/blob/3907cebc7042f452506a7471f912d6d0c8380e51/stable/datadog/templates/container-system-probe.yaml#L7). So, the `system-probe` specific seccomp profile is not necessary to have the `system-probe` container able to load eBPF programs. Its removal has been tested on GKE, both with Ubuntu and with Container-Optimized OS and both with docker and containerd. Signed-off-by: Lénaïc Huard <[email protected]> * Make the ad-hoc seccomp profile for system-probe an option which is enabled by default to stick with the current behavior. Signed-off-by: Lénaïc Huard <[email protected]> * [stable/datadog] Allow use of any arbitrary seccomp profile …for system-probe. By default, it will create an ad-hoc one. Signed-off-by: Lénaïc Huard <[email protected]> * [stable/datadog] Add a CI test for seccomp profile override Signed-off-by: Lénaïc Huard <[email protected]>
The cluster name parameter has been introduced to disambiguate nodes having the same name in different clusters. Cluster names are, for ex., used to build hostnames and must therefore comply with some rules. We enforce here the same rules as the ones enforced by GKE: https://cloud.google.com/kubernetes-engine/docs/reference/rest/v1beta1/projects.locations.clusters#Cluster.FIELDS.name The DataDog agent itself is already checking the validity of cluster names since DataDog/datadog-agent#4492. The goal of this change in the helm chart is to catch issues as early as possible because having a clear error message from helm is smarter than having to dig in the logs of a failing agent. Signed-off-by: Lénaïc Huard <[email protected]>
* [incubator/zookeeper] Removing extraneous ending curly brace from the zookeeper service template Signed-off-by: Vishnu Pradeep <[email protected]> * [incubator/zookeeper] Bumping up the zookeeper chart version to 2.1.2 Signed-off-by: Vishnu Pradeep <[email protected]>
… crds (helm#19593) rbac resource names. Signed-off-by: Stefan Sedich <[email protected]>
Signed-off-by: Ashish Amarnath <[email protected]>
- Updated image tags as per 1.4.0 release - Updated values.yaml - Updated README - Updated Chart.yaml - Updated deployment-local-provisioner.yaml - Updated deployment-maya-apiserver.yaml - Updated deployment-ndm-operator.yaml Signed-off-by: ChandanSagar <[email protected]>
* Upgrade to the latest 5.7.28 version * Fixes server crash for 5.7.14, see helm#16222 Signed-off-by: Taras Yatsurak <[email protected]>
Signed-off-by: Dave Henderson <[email protected]>
* Add resource limits to sysctlImage Signed-off-by: Bob Violier <[email protected]> * Fix description in README Signed-off-by: Bob Violier <[email protected]>
Signed-off-by: Cees-Jan Kiewiet <[email protected]>
* HTTPS is required for unifi gui Signed-off-by: Wayne Pascoe <[email protected]> * Removed new annotation in values.yaml Added instructions in README Signed-off-by: Wayne Pascoe <[email protected]>
…#19580) Signed-off-by: Ato Araki <[email protected]>
Signed-off-by: Bitnami Containers <[email protected]>
…#19599) Signed-off-by: Bitnami Containers <[email protected]>
Signed-off-by: Josh Dolitsky <[email protected]>
* fix the logic to determine master node. When container was recreated or restart or other conditions, pod is not bing removed, then the master node may becomes a coordinator . This commit add a condition to check if master ip equals the ip of pod itself. If master ip equals the ip of pod itself, it is master node. fix helm#17550 Signed-off-by: fuyuan.chu <[email protected]> * fix unexpected new line Signed-off-by: fuyuan.chu <[email protected]>
* [fluent-bit] allow collecting audit logs Signed-off-by: alejandroEsc <[email protected]> * fixed extranentry item Signed-off-by: alejandroEsc <[email protected]>
* [stable/pomerium] Added the extra values that are needed to pass helm lint --strict Signed-off-by: Alexios Polyzos <[email protected]> * [stable/pomerium] Added the extra variables to the Pomerium configuration list Signed-off-by: Alexios Polyzos <[email protected]> * [stable/pomerium] Bump chart version Signed-off-by: Alexios Polyzos <[email protected]> * [stable/pomerium] Default name overrides to empty string Signed-off-by: Alexios Polyzos <[email protected]>
helm#19119) * [stable/prometheus-blackbox-exporter] Able to mount extra secrets into the Pod, for example certificates. Signed-off-by: Hung Do <[email protected]> * [stable/prometheus-blackbox-exporter] Able to mount extra configmaps Signed-off-by: Hung Do <[email protected]> * [stable/prometheus-blackbox-exporter] Bump up minor version and configmap and secret variables are on par with each other Signed-off-by: Hung Do <[email protected]> * [stable/prometheus-blackbox-exporter] Improved configmap/secrets examples in the values.yaml Signed-off-by: Hung Do <[email protected]>
* [stable/datadog] Allow dots in cluster names because some users already have dots in their cluster names: helm#19327 (comment) Signed-off-by: Lénaïc Huard <[email protected]> * [stable/datadog] Add a test for clusterName Signed-off-by: Lénaïc Huard <[email protected]>
AWS EKS supports IAM roles via ServiceAccounts. Signed-off-by: Mikko Kokkonen <[email protected]>
…e in Pods and Deployments (helm#19311) * changing the flag podLabels to extraLabels in order to change also the Deployment resource Signed-off-by: Thiago Dias <[email protected]> * rolling back podLabels and adding extraLabels in all the others resources Signed-off-by: Thiago Dias <[email protected]> * bumping the version to 5.3.0 Signed-off-by: Thiago Dias <[email protected]>
…ontroller (helm#19627) Signed-off-by: Peter Rifel <[email protected]>
* [stable/karma] Add configMap.annotations option Signed-off-by: Grace Do <[email protected]> * [stable/karma] Bump chart version Signed-off-by: Grace Do <[email protected]> * Fix configmap annotations value Signed-off-by: Grace Do <[email protected]>
* [stable/rethinkdb] stateful migrate api version from depreciated, add required selector Signed-off-by: Jacob Dent <[email protected]> * [stable/rethinkdb] deployment migrate api version from depreciated, add required selector Signed-off-by: Jacob Dent <[email protected]> * [stable/rethinkdb] bump minor version Signed-off-by: Jacob Dent <[email protected]>
* Datadog: remove hard coded names * The new system-probe container and config used hard coded CongigMap names meaning only one installation is possible per cluster and namespace. Signed-off-by: Matt Klich <[email protected]> * bump version Signed-off-by: David J. M. Karlsen <[email protected]>
Signed-off-by: Mateusz Gozdek <[email protected]>
Fix the usage of the `.Values.datadog.site` and `.Values.datadog.dd_url` parameters when `.Values.daemonset.useDedicatedContainers` is activated. Signed-off-by: cedric lamoriniere <[email protected]>
…itor (helm#19848) * prometheus-operator - add tlsConfig to prometheus servicemonitor Signed-off-by: Alex Williams <[email protected]> * Bump to 8.5.5. Signed-off-by: Alex Williams <[email protected]> * nindent on correct line Signed-off-by: Alex Williams <[email protected]>
) Signed-off-by: Bitnami Containers <[email protected]>
…ed images to newest … (helm#19927) * update prometheus to 2.15.2 and also all other used images to newest version Signed-off-by: André Bauer <[email protected]> * changed alertmanager baseurl to satisfy the new check of the url on container startup Signed-off-by: André Bauer <[email protected]> * removed executable flag from files Signed-off-by: André Bauer <[email protected]> * fix merge conflict Signed-off-by: André Bauer <[email protected]>
…rceRanges (helm#19967) * Add support for loadBalancerSourceRanges Signed-off-by: Matteo Ruina <[email protected]> * Fix indentation Signed-off-by: Matteo Ruina <[email protected]> * Bump minor version Signed-off-by: Matteo Ruina <[email protected]>
Signed-off-by: Dawid Malinowski <[email protected]>
…elm#19983) * Deployment extensions/v1beta1 to apps/v1 Deployment in extensions/v1beta1 API group is removed in kubernetes v1.16. https://kubernetes.io/blog/2019/07/18/api-deprecations-in-1-16/ Changed Deployment to apps/v1 API group. Signed-off-by: Carlos Giraldo <[email protected]> * Chart version bumped Signed-off-by: Carlos Giraldo <[email protected]>
helm#19969) * Bump prometheus-operator chart version Signed-off-by: yujin-hong <[email protected]> * [stable/prometheus-operater] fix typo for prometheus Operator Service type comment Service type `NodePort` was denoted as `NodepPort`. It can cause confusion to beginners. Signed-off-by: yujin-hong <[email protected]>
Signed-off-by: Jesse Seldess <[email protected]>
starting with v3.0.0 of this Helm Chart, the extraArgs configuration value stopped working, as it was not passed through the Minio binary. This fix adds the parameters directly to the Entrypoint command. Fixes helm#19903 Signed-off-by: Willi Eggeling <[email protected]>
…20005) Fixes helm#18997, which causes graylog chart to fail due to deprecated API version used by the old mongodb-replicaset chart. Signed-off-by: juliohm1978 <[email protected]>
) Signed-off-by: Bitnami Containers <[email protected]>
) Signed-off-by: Bitnami Containers <[email protected]>
) Signed-off-by: Bitnami Containers <[email protected]>
Signed-off-by: vishal-vp <[email protected]>
…lm#20007) Signed-off-by: Bitnami Containers <[email protected]>
…e-metrics (helm#20004) Signed-off-by: Yong Wen Chua <[email protected]>
Signed-off-by: Takashi Ando <[email protected]>
…0010) Signed-off-by: Bitnami Containers <[email protected]>
Signed-off-by: Bitnami Containers <[email protected]>
…conds (helm#19214) * [stable/pgadmin] Update image v4.14 to v4.15 (helm#19028) * [stable/pgadmin] Update image v4.14 to v4.15 Signed-off-by: Rowan Ruseler <[email protected]> * chart version bump Signed-off-by: Rowan Ruseler <[email protected]> Signed-off-by: Marc Rodriguez-Estivill <[email protected]> * Added failureThreshold on livenessProbe Signed-off-by: Marc Rodriguez-Estivill <[email protected]> * bump version to 0.4.1 Signed-off-by: Marc Rodriguez-Estivill <[email protected]> * Revert "[stable/pgadmin] Update image v4.14 to v4.15 (helm#19028)" This reverts commit a23341e. Signed-off-by: Marc Rodriguez-Estivill <[email protected]> * added timeoutSeconds Signed-off-by: Marc Rodriguez-Estivill <[email protected]> Co-authored-by: rowanr <[email protected]>
…m#19712) * [stable/drone] add securityContext to drone server prevents "Error: container has runAsNonRoot and image will run as root" in k8s clusters with podSecuritypolicies Signed-off-by: Paul Voss <[email protected]> * [stable/drone] add setting for the drone server http port allows running the server pod as non-root user Signed-off-by: Paul Voss <[email protected]> * [stable/drone] update README.md and bump chart version Signed-off-by: Paul Voss <[email protected]> * [stable/drone] bump Chart version to 2.5.0 Signed-off-by: Paul Voss <[email protected]>
Signed-off-by: wilmardo <[email protected]>
* [stable/redis-ha] add persistentVolume.reclaimPolicy Also document extra persistentVolume variables and reformat markdown table Signed-off-by: Morgan Christiansson <[email protected]> * [stable/redis] Change persistentVolume.reclaimPolicy default to nil Thanks @DandyDeveloper Signed-off-by: Morgan Christiansson <[email protected]> Co-Authored-By: Aaron Layfield <[email protected]> Co-authored-by: Aaron Layfield <[email protected]>
…20031) Signed-off-by: Bitnami Containers <[email protected]>
) Signed-off-by: Bitnami Containers <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Which issue this PR fixes
(optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close that issue when PR gets merged)Special notes for your reviewer:
Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
[stable/chart])