From b8eb50aa9ff4bd2bb085e5c60e63bc22fb7f85f0 Mon Sep 17 00:00:00 2001 From: Francois Travais Date: Mon, 17 Dec 2018 19:54:09 +0100 Subject: [PATCH 001/136] [stable/fluentd-elasticsearch] Add DaemonSet updateStartegy settings to values.yml (#8302) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/fluentd-elasticsearch] Add DaemonSet updateStartegy variable to values.yml (#7978) Signed-off-by: François Travais * [stable/fluentd-elasticsearch] Bump version to next minor: 1.4.0 Signed-off-by: François Travais * oops, fix version / appVersion bump Signed-off-by: Paul Czarkowski Signed-off-by: Melissa Palmer --- stable/fluentd-elasticsearch/Chart.yaml | 2 +- stable/fluentd-elasticsearch/README.md | 1 + stable/fluentd-elasticsearch/templates/daemonset.yaml | 2 ++ stable/fluentd-elasticsearch/values.yaml | 5 +++++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/fluentd-elasticsearch/Chart.yaml b/stable/fluentd-elasticsearch/Chart.yaml index a559916f2dd9..91aeecf069ae 100644 --- a/stable/fluentd-elasticsearch/Chart.yaml +++ b/stable/fluentd-elasticsearch/Chart.yaml @@ -1,5 +1,5 @@ name: fluentd-elasticsearch -version: 1.4.2 +version: 1.5.0 appVersion: 2.3.2 home: https://www.fluentd.org/ description: A Fluentd Helm chart for Kubernetes with Elasticsearch output diff --git a/stable/fluentd-elasticsearch/README.md b/stable/fluentd-elasticsearch/README.md index f163cf322eed..f85d3d55689a 100644 --- a/stable/fluentd-elasticsearch/README.md +++ b/stable/fluentd-elasticsearch/README.md @@ -77,6 +77,7 @@ The following table lists the configurable parameters of the Fluentd elasticsear | `serviceAccount.create` | Specifies whether a service account should be created.| `true` | | `serviceAccount.name` | Name of the service account. | | | `tolerations` | Optional daemonset tolerations | `{}` | +| `updateStrategy` | Optional daemonset update strategy | `type: RollingUpdate` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/fluentd-elasticsearch/templates/daemonset.yaml b/stable/fluentd-elasticsearch/templates/daemonset.yaml index 7324b542c266..b725dc6e866e 100644 --- a/stable/fluentd-elasticsearch/templates/daemonset.yaml +++ b/stable/fluentd-elasticsearch/templates/daemonset.yaml @@ -11,6 +11,8 @@ metadata: heritage: "{{ .Release.Service }}" release: "{{ .Release.Name }}" spec: + updateStrategy: +{{ toYaml .Values.updateStrategy | indent 4 }} selector: matchLabels: app: {{ template "fluentd-elasticsearch.fullname" . }} diff --git a/stable/fluentd-elasticsearch/values.yaml b/stable/fluentd-elasticsearch/values.yaml index 9fad44eb17f0..9236b0d18f34 100644 --- a/stable/fluentd-elasticsearch/values.yaml +++ b/stable/fluentd-elasticsearch/values.yaml @@ -62,6 +62,11 @@ annotations: {} # prometheus.io/scrape: "true" # prometheus.io/port: "24231" +## DaemonSet update strategy +## Ref: https://kubernetes.io/docs/tasks/manage-daemon/update-daemon-set/ +updateStrategy: + type: RollingUpdate + tolerations: {} # - key: node-role.kubernetes.io/master # operator: Exists From e1d39d5e80a205ed6a955e54a7079c0ec459f77d Mon Sep 17 00:00:00 2001 From: Mehran Kholdi Date: Mon, 17 Dec 2018 22:31:16 +0330 Subject: [PATCH 002/136] Fix typo in stolon chart configuration (#8951) * Fix typo in chart configuration Signed-off-by: Mehran Kholdi * bump version to 1.0.0 since its stable Signed-off-by: Paul Czarkowski Signed-off-by: Melissa Palmer --- stable/stolon/Chart.yaml | 2 +- stable/stolon/README.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/stolon/Chart.yaml b/stable/stolon/Chart.yaml index 24b5c5513311..438d50b76e2b 100644 --- a/stable/stolon/Chart.yaml +++ b/stable/stolon/Chart.yaml @@ -1,5 +1,5 @@ name: stolon -version: 0.4.4 +version: 1.0.0 appVersion: 0.12.0 description: Stolon - PostgreSQL cloud native High Availability. home: https://github.com/sorintlab/stolon diff --git a/stable/stolon/README.md b/stable/stolon/README.md index d4da20090aaf..3b4f3776a1ca 100644 --- a/stable/stolon/README.md +++ b/stable/stolon/README.md @@ -48,7 +48,7 @@ Kubernetes is the default store backend. `consul`, `etcdv2` or `etcdv3` can also | `store.kubeResourceKind` | Kubernetes resource kind (only for kubernetes) | `configmap` | | `pgParameters` | [`postgresql.conf`][pgconf] options used during cluster creation | `{}` | | `ports` | Ports to expose on pods | `{"stolon":{"containerPort": 5432},"metrics":{"containerPort": 8080}}`| -| `job.autoCreateCluster | Set to `false` to force-disable auto-cluster-creation which may clear pre-existing postgres db data | `true` | +| `job.autoCreateCluster` | Set to `false` to force-disable auto-cluster-creation which may clear pre-existing postgres db data | `true` | | `keeper.replicaCount` | Number of keeper nodes | `2` | | `keeper.resources` | Keeper resource requests/limit | `{}` | | `keeper.priorityClassName` | Keeper priorityClassName | `nil` | From 5fdb7a13393dc010114dbb044cb8c05110831664 Mon Sep 17 00:00:00 2001 From: Romain Poirot <32273490+Redlinkk@users.noreply.github.com> Date: Mon, 17 Dec 2018 20:10:58 +0100 Subject: [PATCH 003/136] [stable/consul] Add post-hook to configure basic acls (#8393) Signed-off-by: Romain Poirot Signed-off-by: Melissa Palmer --- stable/consul/Chart.yaml | 2 +- stable/consul/README.md | 6 +++- stable/consul/templates/basic-acls.yaml | 46 +++++++++++++++++++++++++ stable/consul/values.yaml | 6 ++++ 4 files changed, 58 insertions(+), 2 deletions(-) create mode 100644 stable/consul/templates/basic-acls.yaml diff --git a/stable/consul/Chart.yaml b/stable/consul/Chart.yaml index 8a3077a685fc..c86f243b9695 100755 --- a/stable/consul/Chart.yaml +++ b/stable/consul/Chart.yaml @@ -1,6 +1,6 @@ name: consul home: https://github.com/hashicorp/consul -version: 3.4.3 +version: 3.5.0 appVersion: 1.0.0 description: Highly available and distributed service discovery and key-value store designed with support for the modern data center to make distributed systems and diff --git a/stable/consul/README.md b/stable/consul/README.md index 235c43be5a5d..42f358991af9 100644 --- a/stable/consul/README.md +++ b/stable/consul/README.md @@ -57,7 +57,10 @@ The following table lists the configurable parameters of the consul chart and th | `ui.enabled` | Enable Consul Web UI | `true` | | `uiService.enabled` | Create dedicated Consul Web UI svc | `true` | | `uiService.type` | Dedicate Consul Web UI svc type | `NodePort` | -| `test.image` | Test container image requires kubectl + bash (used for helm test) | `lachlanevenson/k8s-kubectl` | +| `acl.enabled` | Enable basic ACL configuration | `false` | +| `acl.masterToken` | Master token that was provided in consul ACL config file | `""` | +| `acl.agentToken` | Agent token that was provided in consul ACL config file | `""` | +| `test.image` | Test container image requires kubectl + bash (used for helm test) | `lachlanevenson/k8s-kubectl` | | `test.imageTag` | Test container image tag (used for helm test) | `v1.4.8-bash` | | `test.rbac.create` | Create rbac for test container | `false` | | `test.rbac.serviceAccountName` | Name of existed service account for test container | `` | @@ -103,6 +106,7 @@ $ kubectl delete pvc -l component=${RELEASE-NAME}-consul ## Pitfalls * When ACLs are enabled and `acl_default_policy` is set to `deny`, it is necessary to set the `acl_token` to a token that can perform at least the `consul members`, otherwise the kubernetes liveness probe will keep failing and the containers will be killed every 5 minutes. + * Basic ACLs configuration can be done by setting `acl.enabled` to `true`, and setting values for `acl.masterToken` and `acl.agentToken`. ## Testing diff --git a/stable/consul/templates/basic-acls.yaml b/stable/consul/templates/basic-acls.yaml new file mode 100644 index 000000000000..e74723b0f8d9 --- /dev/null +++ b/stable/consul/templates/basic-acls.yaml @@ -0,0 +1,46 @@ +{{- if .Values.acl.enabled}} +apiVersion: batch/v1 +kind: Job +metadata: + name: "configure-basic-acls" + annotations: + "helm.sh/hook": post-install + "helm.sh/hook-delete-policy": hook-succeeded + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "consul.chart" . }} + component: "{{ .Release.Name }}-{{ .Values.Component }}" +spec: + template: + metadata: + name: "configure-basic-acls" + labels: + heritage: {{ .Release.Service | quote }} + release: {{ .Release.Name | quote }} + chart: {{ template "consul.chart" . }} + component: "{{ .Release.Name }}-{{ .Values.Component }}" + spec: + restartPolicy: Never + containers: + - name: "add-agent-acl" + image: appropriate/curl:latest + args: + - -X + - PUT + - --header + - 'X-Consul-Token: {{ .Values.acl.masterToken }}' + - --data + - '{ "Name": "Agent Token", "Type": "client", "Rules": "node \"\" { policy = \"write\" } service \"\" { policy = \"read\" } key \"_rexec\" { policy = \"write\" }", "ID": "{{ .Values.acl.agentToken }}"}' + - 'http://{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.HttpPort }}/v1/acl/create' + - name: "modify-anonymous-acl" + image: appropriate/curl:latest + args: + - -X + - PUT + - --header + - 'X-Consul-Token: {{ .Values.acl.masterToken }}' + - --data + - '{ "Name": "Anonymous Token", "Type": "client", "Rules": "node \"\" { policy = \"read\" }", "ID": "anonymous"}' + - 'http://{{ .Release.Name }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.HttpPort }}/v1/acl/create' +{{- end }} \ No newline at end of file diff --git a/stable/consul/values.yaml b/stable/consul/values.yaml index 934fe4004bf2..f39a18a8deac 100644 --- a/stable/consul/values.yaml +++ b/stable/consul/values.yaml @@ -118,6 +118,12 @@ uiIngress: hosts: [] tls: {} +## Useful when ACLs are enabled +acl: + enabled: false + masterToken: "" + agentToken: "" + ## test container details test: image: lachlanevenson/k8s-kubectl From 7cc1f944b4ca01eb9707317414934e158fa66fe5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fl=C3=A1vio=20Ferreira?= Date: Mon, 17 Dec 2018 19:18:51 +0000 Subject: [PATCH 004/136] [stable/aerospike] Add load balancer source ranges (#8604) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * [stable/aerospike] Add loadBalancerSourceRanges to service Signed-off-by: Flávio Ferreira * [stable/aerospike] Bump chart version Signed-off-by: Flávio Ferreira * [stable/aerospike] Fix comment Signed-off-by: Flávio Ferreira * Bump to minor version Signed-off-by: Flávio Ferreira Signed-off-by: Melissa Palmer --- stable/aerospike/Chart.yaml | 2 +- stable/aerospike/templates/service.yaml | 4 ++++ stable/aerospike/values.yaml | 3 +++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/stable/aerospike/Chart.yaml b/stable/aerospike/Chart.yaml index e9b75019542c..4b129caf6813 100644 --- a/stable/aerospike/Chart.yaml +++ b/stable/aerospike/Chart.yaml @@ -5,7 +5,7 @@ keywords: - aerospike - big-data home: http://aerospike.com -version: 0.1.7 +version: 0.2.0 icon: https://s3-us-west-1.amazonaws.com/aerospike-fd/wp-content/uploads/2016/06/Aerospike_square_logo.png sources: - https://github.com/aerospike/aerospike-server diff --git a/stable/aerospike/templates/service.yaml b/stable/aerospike/templates/service.yaml index 341512a153f0..4486cc10d4c7 100644 --- a/stable/aerospike/templates/service.yaml +++ b/stable/aerospike/templates/service.yaml @@ -20,6 +20,10 @@ spec: {{ if eq .Values.service.type "LoadBalancer" -}} {{ if .Values.service.loadBalancerIP -}} loadBalancerIP: {{ .Values.service.loadBalancerIP }} {{ end -}} + {{- if .Values.service.loadBalancerSourceRanges }} + loadBalancerSourceRanges: + {{ toYaml .Values.service.loadBalancerSourceRanges | indent 2}} + {{ end -}} {{- end -}} ports: - port: 3000 diff --git a/stable/aerospike/values.yaml b/stable/aerospike/values.yaml index f975b8f9bbaf..c868f0addb6a 100644 --- a/stable/aerospike/values.yaml +++ b/stable/aerospike/values.yaml @@ -33,6 +33,9 @@ service: annotations: {} loadBalancerIP: clusterIP: None + # This field takes a list of IP CIDR ranges, which Kubernetes will use to configure firewall exceptions + # loadBalancerSourceRanges: + # - 10.0.0.0/8 meshService: annotations: {} From 1458419e1e59309759cc208e067a5e58010f4145 Mon Sep 17 00:00:00 2001 From: Masahiro Fujimura Date: Tue, 18 Dec 2018 04:33:42 +0900 Subject: [PATCH 005/136] [stable/sentry] Fix persistent keys in values.yaml (#8878) * Fix redis values key Signed-off-by: masahiro331 * since its a stable repo, update to 1.0.0 Signed-off-by: Paul Czarkowski Signed-off-by: Melissa Palmer --- stable/sentry/Chart.yaml | 2 +- stable/sentry/values.yaml | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/stable/sentry/Chart.yaml b/stable/sentry/Chart.yaml index a8178e54b5e8..816f08473fd0 100644 --- a/stable/sentry/Chart.yaml +++ b/stable/sentry/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Sentry is a cross-platform crash reporting and aggregation platform. name: sentry -version: 0.5.0 +version: 1.0.0 appVersion: 9.0 keywords: - debugging diff --git a/stable/sentry/values.yaml b/stable/sentry/values.yaml index f84d5aef0684..7089d6ddaeca 100644 --- a/stable/sentry/values.yaml +++ b/stable/sentry/values.yaml @@ -147,8 +147,10 @@ postgresql: enabled: true redis: - persistence: - enabled: true + master: + persistence: + enabled: true + # If change pvc size redis.master.persistence.size: 20Gi config: configYml: "" From d439dcad50fadad3c489484aac2bed7a3866d22c Mon Sep 17 00:00:00 2001 From: mwmanley Date: Mon, 17 Dec 2018 14:42:10 -0500 Subject: [PATCH 006/136] Fix edge case where secret names will contain dots (for DNS-named secrets) (#9054) * Add regexp Signed-off-by: Mark Manley * bump helm chart version Signed-off-by: Mark Manley Signed-off-by: Melissa Palmer --- incubator/vault/Chart.yaml | 2 +- incubator/vault/templates/deployment.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/incubator/vault/Chart.yaml b/incubator/vault/Chart.yaml index 039835bf74a6..54ec2757fe6c 100644 --- a/incubator/vault/Chart.yaml +++ b/incubator/vault/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart for Vault, a tool for managing secrets name: vault -version: 0.14.2 +version: 0.14.3 appVersion: 0.11.2 home: https://www.vaultproject.io/ icon: https://www.vaultproject.io/assets/images/mega-nav/logo-vault-0f83e3d2.svg diff --git a/incubator/vault/templates/deployment.yaml b/incubator/vault/templates/deployment.yaml index d8e9c7aac9f1..a24c0f714c92 100644 --- a/incubator/vault/templates/deployment.yaml +++ b/incubator/vault/templates/deployment.yaml @@ -77,7 +77,7 @@ spec: - name: vault-root mountPath: /root/ {{- range .Values.vault.customSecrets }} - - name: {{ .secretName }} + - name: {{ .secretName | replace "." "-"}} mountPath: {{ .mountPath }} {{- end }} {{- if .Values.vault.extraContainers }} @@ -126,7 +126,7 @@ spec: - name: vault-root emptyDir: {} {{- range .Values.vault.customSecrets }} - - name: {{ .secretName }} + - name: {{ .secretName | replace "." "-"}} secret: secretName: {{ .secretName }} {{- end }} From 8a556d6181f33bf4c68a784038f9f98e65b9ba17 Mon Sep 17 00:00:00 2001 From: Marc Sensenich Date: Mon, 17 Dec 2018 19:52:09 +0000 Subject: [PATCH 007/136] [stable/filebeat] Creation of a PodSecurityPolicy for Filebeat (#9151) * Creation of a PodSecurityPolicy for Filebeat Signed-off-by: Marc Sensenich * Add new variables to the filebeat README Signed-off-by: Marc Sensenich * Reference correct chart in Filebeat README Signed-off-by: Marc Sensenich * Fixed README to with correct field name for podSecurityPolicy.enabled Signed-off-by: Marc Sensenich Signed-off-by: Melissa Palmer --- stable/filebeat/Chart.yaml | 2 +- stable/filebeat/README.md | 4 +- .../filebeat/templates/podsecuritypolicy.yaml | 53 +++++++++++++++++++ stable/filebeat/templates/role.yaml | 20 +++++++ stable/filebeat/templates/rolebinding.yaml | 22 ++++++++ stable/filebeat/values.yaml | 15 ++++++ 6 files changed, 114 insertions(+), 2 deletions(-) create mode 100644 stable/filebeat/templates/podsecuritypolicy.yaml create mode 100644 stable/filebeat/templates/role.yaml create mode 100644 stable/filebeat/templates/rolebinding.yaml diff --git a/stable/filebeat/Chart.yaml b/stable/filebeat/Chart.yaml index 7021c8ac30a7..868ca81f300b 100644 --- a/stable/filebeat/Chart.yaml +++ b/stable/filebeat/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: A Helm chart to collect Kubernetes logs with filebeat icon: https://www.elastic.co/assets/blt47799dcdcf08438d/logo-elastic-beats-lt.svg name: filebeat -version: 1.0.5 +version: 1.1.0 appVersion: 6.5.1 home: https://www.elastic.co/products/beats/filebeat sources: diff --git a/stable/filebeat/README.md b/stable/filebeat/README.md index 04f5767b0485..40c9016b2d45 100644 --- a/stable/filebeat/README.md +++ b/stable/filebeat/README.md @@ -56,7 +56,9 @@ The following table lists the configurable parameters of the filebeat chart and | `affinity` | | `{}` | | `rbac.create` | Specifies whether RBAC resources should be created | `true` | | `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | -| `serviceAccount.name` | he name of the ServiceAccount to use | `""` | +| `serviceAccount.name` | the name of the ServiceAccount to use | `""` | +| `podSecurityPolicy.enabled` | Should the PodSecurityPolicy be created. Depends on `rbac.create` being set to `true`. | `false` | +| `podSecurityPolicy.annotations` | Annotations to be added to the created PodSecurityPolicy: | `""` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. diff --git a/stable/filebeat/templates/podsecuritypolicy.yaml b/stable/filebeat/templates/podsecuritypolicy.yaml new file mode 100644 index 000000000000..3a11b3826032 --- /dev/null +++ b/stable/filebeat/templates/podsecuritypolicy.yaml @@ -0,0 +1,53 @@ +{{- if .Values.rbac.create -}} +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: extensions/v1beta1 +kind: PodSecurityPolicy +metadata: + name: {{ template "filebeat.fullname" . }} + annotations: +{{- if .Values.podSecurityPolicy.annotations }} +{{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} +{{- end }} +spec: + privileged: false + allowPrivilegeEscalation: false + allowedHostPaths: + - pathPrefix: /var/log + readOnly: true + - pathPrefix: /var/lib/docker/containers + readOnly: true + - pathPrefix: /var/lib/filebeat + requiredDropCapabilities: + - ALL + volumes: + - configMap + - secret + - hostPath + hostNetwork: false + hostIPC: false + hostPID: false + runAsUser: + rule: MustRunAs + ranges: + - min: 0 + max: 0 + seLinux: + rule: RunAsAny + supplementalGroups: + rule: MustRunAs + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + fsGroup: + rule: MustRunAs + ranges: + # Forbid adding the root group. + - min: 1 + max: 65535 + hostPorts: + - min: 1 + max: 65535 + readOnlyRootFilesystem: false +{{- end -}} +{{- end -}} diff --git a/stable/filebeat/templates/role.yaml b/stable/filebeat/templates/role.yaml new file mode 100644 index 000000000000..93cb69ab8bef --- /dev/null +++ b/stable/filebeat/templates/role.yaml @@ -0,0 +1,20 @@ +{{- if .Values.rbac.create }} +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1beta1 +kind: Role +metadata: + name: {{ template "filebeat.fullname" . }} + labels: + app: {{ template "filebeat.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +rules: +- apiGroups: ['extensions'] + resources: ['podsecuritypolicies'] + verbs: ['use'] + resourceNames: + - {{ template "filebeat.fullname" . }} +{{- end }} +{{- end }} diff --git a/stable/filebeat/templates/rolebinding.yaml b/stable/filebeat/templates/rolebinding.yaml new file mode 100644 index 000000000000..4eca983f3e16 --- /dev/null +++ b/stable/filebeat/templates/rolebinding.yaml @@ -0,0 +1,22 @@ +{{- if .Values.rbac.create }} +{{- if .Values.podSecurityPolicy.enabled }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "filebeat.fullname" . }} + labels: + app: {{ template "filebeat.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version }} + heritage: {{ .Release.Service }} + release: {{ .Release.Name }} + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ template "filebeat.fullname" . }} + apiGroup: rbac.authorization.k8s.io +subjects: +- kind: ServiceAccount + name: {{ template "filebeat.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{- end }} +{{- end }} diff --git a/stable/filebeat/values.yaml b/stable/filebeat/values.yaml index f9b77b9470ca..97dec9c8ec94 100644 --- a/stable/filebeat/values.yaml +++ b/stable/filebeat/values.yaml @@ -124,3 +124,18 @@ serviceAccount: # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template name: + +## Specify if a Pod Security Policy for filebeat must be created +## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/ +## +podSecurityPolicy: + enabled: False + annotations: {} + ## Specify pod annotations + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#apparmor + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#seccomp + ## Ref: https://kubernetes.io/docs/concepts/policy/pod-security-policy/#sysctl + ## + # seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*' + # seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default' + # apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default' From 8a47b1749ea6359ae8954d16f6678af287c774ed Mon Sep 17 00:00:00 2001 From: rmakram-ims <43446736+rmakram-ims@users.noreply.github.com> Date: Mon, 17 Dec 2018 15:00:28 -0500 Subject: [PATCH 008/136] [stable/prometheus-node-exporter]Add support for nodePort (#9754) * [stable/prometheus-node-exporter]Add support for nodePort Signed-off-by: Roger Makram * bump version to 1.0.0 since its stable needed to bump anyways as this isn't really a patch update. Signed-off-by: Paul Czarkowski Signed-off-by: Melissa Palmer --- stable/prometheus-node-exporter/Chart.yaml | 2 +- stable/prometheus-node-exporter/README.md | 1 + stable/prometheus-node-exporter/templates/service.yaml | 3 +++ stable/prometheus-node-exporter/values.yaml | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/stable/prometheus-node-exporter/Chart.yaml b/stable/prometheus-node-exporter/Chart.yaml index 61ebb0edc746..478aba49cfe4 100644 --- a/stable/prometheus-node-exporter/Chart.yaml +++ b/stable/prometheus-node-exporter/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.17.0" description: A Helm chart for prometheus node-exporter name: prometheus-node-exporter -version: 0.6.2 +version: 1.0.0 home: https://github.com/prometheus/node_exporter/ sources: - https://github.com/prometheus/node_exporter/ diff --git a/stable/prometheus-node-exporter/README.md b/stable/prometheus-node-exporter/README.md index 74caa90d3d6b..4bd4b4120b42 100644 --- a/stable/prometheus-node-exporter/README.md +++ b/stable/prometheus-node-exporter/README.md @@ -50,6 +50,7 @@ The following table lists the configurable parameters of the Node Exporter chart | `service.type` | Service type | `ClusterIP` | | | `service.port` | The service port | `9100` | | | `service.targetPort` | The target port of the container | `9100` | | +| `service.nodePort` | The node port of the service | | | | `service.annotations` | Kubernetes service annotations | `{prometheus.io/scrape: "true"}` | | | `serviceAccount.create` | Specifies whether a service account should be created. | `true` | | | `serviceAccount.name` | Service account to be used. If not set and `serviceAccount.create` is `true`, a name is generated using the fullname template | | | diff --git a/stable/prometheus-node-exporter/templates/service.yaml b/stable/prometheus-node-exporter/templates/service.yaml index 3bb47956dc5a..cffe547b10a2 100644 --- a/stable/prometheus-node-exporter/templates/service.yaml +++ b/stable/prometheus-node-exporter/templates/service.yaml @@ -11,6 +11,9 @@ spec: type: {{ .Values.service.type }} ports: - port: {{ .Values.service.port }} + {{- if ( and (eq .Values.service.type "NodePort" ) (not (empty .Values.service.nodePort)) ) }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} targetPort: {{ .Values.service.targetPort }} protocol: TCP name: metrics diff --git a/stable/prometheus-node-exporter/values.yaml b/stable/prometheus-node-exporter/values.yaml index 7d3fc76a0982..3169424347e4 100644 --- a/stable/prometheus-node-exporter/values.yaml +++ b/stable/prometheus-node-exporter/values.yaml @@ -10,6 +10,7 @@ service: type: ClusterIP port: 9100 targetPort: 9100 + nodePort: annotations: prometheus.io/scrape: "true" From e19ac04fa027daa9f77a6e14980519058a5ee5ca Mon Sep 17 00:00:00 2001 From: Lachlan Cooper Date: Tue, 18 Dec 2018 07:08:43 +1100 Subject: [PATCH 009/136] [stable/prometheus-consul-exporter] Fix service selector (#9958) * [stable/prometheus-consul-exporter] Fix selector Signed-off-by: Lachlan Cooper * Bump chart version Signed-off-by: Lachlan Cooper Signed-off-by: Melissa Palmer --- stable/prometheus-consul-exporter/Chart.yaml | 2 +- stable/prometheus-consul-exporter/templates/service.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/stable/prometheus-consul-exporter/Chart.yaml b/stable/prometheus-consul-exporter/Chart.yaml index 27ccd8e1683b..85470043d635 100644 --- a/stable/prometheus-consul-exporter/Chart.yaml +++ b/stable/prometheus-consul-exporter/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.4.0" description: A Helm chart for the Prometheus Consul Exporter name: prometheus-consul-exporter -version: 0.1.1 +version: 0.1.2 keywords: - metrics - consul diff --git a/stable/prometheus-consul-exporter/templates/service.yaml b/stable/prometheus-consul-exporter/templates/service.yaml index 56a1abfe63ed..c88fe5d9bd14 100644 --- a/stable/prometheus-consul-exporter/templates/service.yaml +++ b/stable/prometheus-consul-exporter/templates/service.yaml @@ -18,3 +18,4 @@ spec: name: http selector: app: {{ template "prometheus-consul-exporter.name" . }} + release: {{ .Release.Name }} From 427da6e9dbe7935b6f226495084f4519c81d7d0f Mon Sep 17 00:00:00 2001 From: Yann Soubeyrand Date: Mon, 17 Dec 2018 21:18:51 +0100 Subject: [PATCH 010/136] [stable/nginx-ingress] Allow overriding fullname (#9277) * [stable/nginx-ingress] Allow overriding fullname When using this chart as a subchart, it may be useful to override it's fullname. Signed-off-by: Yann Soubeyrand * [stable/nginx-ingress] Bump chart version Signed-off-by: Yann Soubeyrand Signed-off-by: Melissa Palmer --- stable/nginx-ingress/Chart.yaml | 2 +- stable/nginx-ingress/templates/_helpers.tpl | 18 ++++++------------ 2 files changed, 7 insertions(+), 13 deletions(-) diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index f5e52ad9643b..fbc8f3d58f8e 100644 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,5 +1,5 @@ name: nginx-ingress -version: 1.0.2 +version: 1.1.0 appVersion: 0.21.0 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. diff --git a/stable/nginx-ingress/templates/_helpers.tpl b/stable/nginx-ingress/templates/_helpers.tpl index c2ba89282fff..b65ac2bb408a 100644 --- a/stable/nginx-ingress/templates/_helpers.tpl +++ b/stable/nginx-ingress/templates/_helpers.tpl @@ -11,6 +11,9 @@ Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "nginx-ingress.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} {{- if contains $name .Release.Name -}} {{- .Release.Name | trunc 63 | trimSuffix "-" -}} @@ -18,18 +21,14 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{- end -}} +{{- end -}} {{/* Create a default fully qualified controller name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "nginx-ingress.controller.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.controller.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.controller.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- printf "%s-%s" (include "nginx-ingress.fullname" .) .Values.controller.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* @@ -52,12 +51,7 @@ Create a default fully qualified default backend name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). */}} {{- define "nginx-ingress.defaultBackend.fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- if contains $name .Release.Name -}} -{{- printf "%s-%s" .Release.Name .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} -{{- else -}} -{{- printf "%s-%s-%s" .Release.Name $name .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} -{{- end -}} +{{- printf "%s-%s" (include "nginx-ingress.fullname" .) .Values.defaultBackend.name | trunc 63 | trimSuffix "-" -}} {{- end -}} {{/* From 51b9cdcffc2038162b2a032c8e49be68900ad093 Mon Sep 17 00:00:00 2001 From: Vasily Sliouniaev Date: Mon, 17 Dec 2018 20:27:33 +0000 Subject: [PATCH 011/136] [stable/prometheus-operator] Fix typo selecor -> selector (#10053) * Fix typo Signed-off-by: Vasily * bump chart version to 1.0.0 since its a stable repo Signed-off-by: Paul Czarkowski Signed-off-by: Melissa Palmer --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 2 +- stable/prometheus-operator/ci/test-values.yaml | 2 +- stable/prometheus-operator/templates/prometheus/prometheus.yaml | 2 +- stable/prometheus-operator/values.yaml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index f82fe14d3cc2..dcabda3fb889 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 0.1.31 +version: 1.0.0 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index 7fa3359c2675..5079402bdc25 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -117,7 +117,7 @@ The following tables lists the configurable parameters of the prometheus-operato | `prometheus.service.annotations` | Prometheus Service Annotations | `{}` | | `prometheus.additionalServiceMonitors` | List of `serviceMonitor` objects to create. See https://github.com/coreos/prometheus-operator/blob/master/Documentation/api.md#servicemonitorspec | `[]` | | `prometheus.prometheusSpec.podMetadata` | Standard object’s metadata. More info: https://github.com/kubernetes/community/blob/master/contributors/devel/api-conventions.md#metadata Metadata Labels and Annotations gets propagated to the prometheus pods. | `{}` | -| `prometheus.prometheusSpec.serviceMonitorSelecorNilUsesHelmValues` | If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the prometheus resource to be created with selectors based on values in the helm deployment, which will also match the servicemonitors created | `true` | +| `prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues` | If true, a nil or {} value for prometheus.prometheusSpec.serviceMonitorSelector will cause the prometheus resource to be created with selectors based on values in the helm deployment, which will also match the servicemonitors created | `true` | | `prometheus.prometheusSpec.serviceMonitorSelector` | ServiceMonitors to be selected for target discovery. | `{}` | | `prometheus.prometheusSpec.serviceMonitorNamespaceSelector` | Namespaces to be selected for ServiceMonitor discovery. If nil, only check own namespace. | `{}` | | `prometheus.prometheusSpec.image.repository` | Base image to use for a Prometheus deployment. | `quay.io/prometheus/prometheus` | diff --git a/stable/prometheus-operator/ci/test-values.yaml b/stable/prometheus-operator/ci/test-values.yaml index 2f690e654474..dea9111f9e67 100644 --- a/stable/prometheus-operator/ci/test-values.yaml +++ b/stable/prometheus-operator/ci/test-values.yaml @@ -737,7 +737,7 @@ prometheus: ## prometheus resource to be created with selectors based on values in the helm deployment, ## which will also match the servicemonitors created ## - serviceMonitorSelecorNilUsesHelmValues: true + serviceMonitorSelectorNilUsesHelmValues: true ## serviceMonitorSelector will limit which servicemonitors are used to create scrape ## configs in Prometheus. See serviceMonitorSelectorUseHelmLabels diff --git a/stable/prometheus-operator/templates/prometheus/prometheus.yaml b/stable/prometheus-operator/templates/prometheus/prometheus.yaml index fc7a270eb122..15732e6df174 100644 --- a/stable/prometheus-operator/templates/prometheus/prometheus.yaml +++ b/stable/prometheus-operator/templates/prometheus/prometheus.yaml @@ -68,7 +68,7 @@ spec: {{- if .Values.prometheus.prometheusSpec.serviceMonitorSelector }} serviceMonitorSelector: {{ toYaml .Values.prometheus.prometheusSpec.serviceMonitorSelector | indent 4 }} -{{ else if .Values.prometheus.prometheusSpec.serviceMonitorSelecorNilUsesHelmValues }} +{{ else if .Values.prometheus.prometheusSpec.serviceMonitorSelectorNilUsesHelmValues }} serviceMonitorSelector: matchLabels: release: {{ .Release.Name | quote }} diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index 0ecbba019159..e1f763a57671 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -737,7 +737,7 @@ prometheus: ## prometheus resource to be created with selectors based on values in the helm deployment, ## which will also match the servicemonitors created ## - serviceMonitorSelecorNilUsesHelmValues: true + serviceMonitorSelectorNilUsesHelmValues: true ## serviceMonitorSelector will limit which servicemonitors are used to create scrape ## configs in Prometheus. See serviceMonitorSelectorUseHelmLabels From 89b43f17e3c7f3eebcd9c08cf1a64ee687efc692 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Mon, 17 Dec 2018 21:36:19 +0100 Subject: [PATCH 012/136] [stable/ghost] Release 6.1.7 (#10078) * ghost: update to `2.9.0` Signed-off-by: Bitnami Containers * ghost: bump chart appVersion to `2.9.0` Signed-off-by: Bitnami Containers * ghost: bump chart version to `6.1.7` Signed-off-by: Bitnami Containers Signed-off-by: Melissa Palmer --- stable/ghost/Chart.yaml | 4 ++-- stable/ghost/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index e1aacecad5b7..93b4ef7cf979 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,6 +1,6 @@ name: ghost -version: 6.1.6 -appVersion: 2.8.0 +version: 6.1.7 +appVersion: 2.9.0 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index da9e780fb7e8..706bfa7a3137 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/ghost - tag: 2.8.0 + tag: 2.9.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From edfa7d1adb821450c8a4bcdade4e6f7b09592ae0 Mon Sep 17 00:00:00 2001 From: Fabrizio Fortino Date: Mon, 17 Dec 2018 21:51:51 +0100 Subject: [PATCH 013/136] [stable/elasticsearch] update to version 6.5.3 (#10050) Signed-off-by: Fabrizio Fortino Signed-off-by: Melissa Palmer --- stable/elasticsearch/Chart.yaml | 4 ++-- stable/elasticsearch/README.md | 2 +- stable/elasticsearch/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/elasticsearch/Chart.yaml b/stable/elasticsearch/Chart.yaml index 8b04710b314c..12a384d324f4 100755 --- a/stable/elasticsearch/Chart.yaml +++ b/stable/elasticsearch/Chart.yaml @@ -1,7 +1,7 @@ name: elasticsearch home: https://www.elastic.co/products/elasticsearch -version: 1.15.0 -appVersion: 6.5.1 +version: 1.15.1 +appVersion: 6.5.3 description: Flexible and powerful open source, distributed real-time search and analytics engine. icon: https://static-www.elastic.co/assets/blteb1c97719574938d/logo-elastic-elasticsearch-lt.svg diff --git a/stable/elasticsearch/README.md b/stable/elasticsearch/README.md index 8d1445fb88e1..a405b95c3237 100644 --- a/stable/elasticsearch/README.md +++ b/stable/elasticsearch/README.md @@ -61,7 +61,7 @@ The following table lists the configurable parameters of the elasticsearch chart | Parameter | Description | Default | | ------------------------------------ | ------------------------------------------------------------------- | --------------------------------------------------- | -| `appVersion` | Application Version (Elasticsearch) | `6.5.1` | +| `appVersion` | Application Version (Elasticsearch) | `6.5.3` | | `image.repository` | Container image name | `docker.elastic.co/elasticsearch/elasticsearch-oss` | | `image.tag` | Container image tag | `6.5.1` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | diff --git a/stable/elasticsearch/values.yaml b/stable/elasticsearch/values.yaml index bfbe8d93af64..56ace4a1638f 100644 --- a/stable/elasticsearch/values.yaml +++ b/stable/elasticsearch/values.yaml @@ -33,7 +33,7 @@ podSecurityPolicy: image: repository: "docker.elastic.co/elasticsearch/elasticsearch-oss" - tag: "6.5.1" + tag: "6.5.3" pullPolicy: "IfNotPresent" # If specified, use these secrets to access the image # pullSecrets: From 508827e90cbe4b13e762ba9632b53b9f3fb248fe Mon Sep 17 00:00:00 2001 From: Thomas Lovett Date: Mon, 17 Dec 2018 15:00:16 -0600 Subject: [PATCH 014/136] [stable/fluentd] Add support for configuring elasticsearch scheme and ssl_version (#9575) * [stable/fluentd] Add support for configuring elasticsearch scheme and ssl_version - Allows end users to connect Fluentd to Elasticsearch over HTTPS - Uses the same defaults as the underlying out_elasticsearch plugin (see github.com/uken/fluent-plugin-elasticsearch as of commit 573c39a) Signed-off-by: Thomas Lovett * bump minor version rather than patch Signed-off-by: Paul Czarkowski Signed-off-by: Melissa Palmer --- stable/fluentd/Chart.yaml | 2 +- stable/fluentd/templates/deployment.yaml | 4 ++++ stable/fluentd/values.yaml | 4 ++++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/fluentd/Chart.yaml b/stable/fluentd/Chart.yaml index 6fc34d0e2dee..2a58f011e628 100644 --- a/stable/fluentd/Chart.yaml +++ b/stable/fluentd/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: A Fluentd Elasticsearch Helm chart for Kubernetes. icon: https://raw.githubusercontent.com/fluent/fluentd-docs/master/public/logo/Fluentd_square.png name: fluentd -version: 1.0.0 +version: 1.1.0 appVersion: v2.3.1 home: https://www.fluentd.org/ sources: diff --git a/stable/fluentd/templates/deployment.yaml b/stable/fluentd/templates/deployment.yaml index beea1a4a3d89..0501d17cdf1f 100644 --- a/stable/fluentd/templates/deployment.yaml +++ b/stable/fluentd/templates/deployment.yaml @@ -38,6 +38,10 @@ spec: value: {{ .Values.output.host | quote }} - name: OUTPUT_PORT value: {{ .Values.output.port | quote }} + - name: OUTPUT_SCHEME + value: {{ .Values.output.scheme | quote }} + - name: OUTPUT_SSL_VERSION + value: {{ .Values.output.sslVersion | quote }} - name: OUTPUT_BUFFER_CHUNK_LIMIT value: {{ .Values.output.buffer_chunk_limit | quote }} - name: OUTPUT_BUFFER_QUEUE_LIMIT diff --git a/stable/fluentd/values.yaml b/stable/fluentd/values.yaml index 24fee34cb8a3..38f309dccb88 100644 --- a/stable/fluentd/values.yaml +++ b/stable/fluentd/values.yaml @@ -12,6 +12,8 @@ image: output: host: elasticsearch-client.default.svc.cluster.local port: 9200 + scheme: http + sslVersion: TLSv1 buffer_chunk_limit: 2M buffer_queue_limit: 8 @@ -86,6 +88,8 @@ configMaps: # Replace with the host/port to your Elasticsearch cluster. host "#{ENV['OUTPUT_HOST']}" port "#{ENV['OUTPUT_PORT']}" + scheme "#{ENV['OUTPUT_SCHEME']}" + ssl_version "#{ENV['OUTPUT_SSL_VERSION']}" logstash_format true @type file From 7e40073f92fb88c60f3df522c442056b5c5bd91a Mon Sep 17 00:00:00 2001 From: Dean Coakley Date: Mon, 17 Dec 2018 21:08:39 +0000 Subject: [PATCH 015/136] [stable/aerospike] Fix typo in README wit->wait (#9622) * [stable/aerospike] Fix typo in README wit->wait * Fix typo wit->wait * Make capitalisation of configuration table consistent Signed-off-by: Dean Coakley * Increment chart version Signed-off-by: Dean Coakley * fix version bump Signed-off-by: Paul Czarkowski Signed-off-by: Melissa Palmer --- stable/aerospike/Chart.yaml | 2 +- stable/aerospike/README.md | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/aerospike/Chart.yaml b/stable/aerospike/Chart.yaml index 4b129caf6813..96a8d88d055d 100644 --- a/stable/aerospike/Chart.yaml +++ b/stable/aerospike/Chart.yaml @@ -5,7 +5,7 @@ keywords: - aerospike - big-data home: http://aerospike.com -version: 0.2.0 +version: 0.2.1 icon: https://s3-us-west-1.amazonaws.com/aerospike-fd/wp-content/uploads/2016/06/Aerospike_square_logo.png sources: - https://github.com/aerospike/aerospike-server diff --git a/stable/aerospike/README.md b/stable/aerospike/README.md index eeb74cc3b0bf..112448ea552a 100644 --- a/stable/aerospike/README.md +++ b/stable/aerospike/README.md @@ -45,11 +45,11 @@ The chart can be customized using the following configurable parameters: | `replicaCount` | Aerospike Brokers | `1` | | `command` | Custom command (Docker Entrypoint) | `[]` | | `args` | Custom args (Docker Cmd) | `[]` | -| `persistentVolume` | config of persistent volumes for storage-engine | `{}` | -| `confFile` | config filename. This file should be included in the chart path | `aerospike.conf` | -| `resources` | resource requests and limits | `{}` | +| `persistentVolume` | Config of persistent volumes for storage-engine | `{}` | +| `confFile` | Config filename. This file should be included in the chart path | `aerospike.conf` | +| `resources` | Resource requests and limits | `{}` | | `nodeSelector` | Labels for pod assignment | `{}` | -| `terminationGracePeriodSeconds` | wit time before forcefully terminating container | `30` | +| `terminationGracePeriodSeconds` | Wait time before forcefully terminating container | `30` | Specify parameters using `--set key=value[,key=value]` argument to `helm install` From 065c0bbf6c2fc7aca2d51e55c5d68700f9e936f2 Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Mon, 17 Dec 2018 16:18:42 -0500 Subject: [PATCH 016/136] [stable/dmarc2logstash] Upgrade dmarc2logstash to 1.0.3 - includes improved error handling (#9653) * Upgrade dmarc2logstash to 1.0.3 - includes improved error handling Signed-off-by: Jason Ertel * version bump should be a minor Signed-off-by: Paul Czarkowski Signed-off-by: Melissa Palmer --- stable/dmarc2logstash/Chart.yaml | 4 ++-- stable/dmarc2logstash/README.md | 3 ++- stable/dmarc2logstash/templates/deployment.yaml | 2 ++ stable/dmarc2logstash/values.yaml | 3 ++- 4 files changed, 8 insertions(+), 4 deletions(-) diff --git a/stable/dmarc2logstash/Chart.yaml b/stable/dmarc2logstash/Chart.yaml index 527e10e76dc9..fbd1770472c8 100644 --- a/stable/dmarc2logstash/Chart.yaml +++ b/stable/dmarc2logstash/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "1.0.2" +appVersion: "1.0.3" description: Provides a POP3-polled DMARC XML report injector into Elasticsearch via Logstash and Filebeat name: dmarc2logstash -version: 1.0.2 +version: 1.1.0 home: https://github.com/jertel/dmarc2logstash sources: - https://github.com/jertel/dmarc2logstash diff --git a/stable/dmarc2logstash/README.md b/stable/dmarc2logstash/README.md index b5cd3821996e..6e4bea61e403 100644 --- a/stable/dmarc2logstash/README.md +++ b/stable/dmarc2logstash/README.md @@ -27,8 +27,9 @@ The command removes all the Kubernetes components associated with the chart and setting | description | default ----------------------------------|-----------------------------------------------------------------------------------------------------------------------|---------- dmarc2logstash.image.repository | dmarc2logstash Docker image repository | jertel/dmarc2logstash -dmarc2logstash.image.tag | dmarc2logstash image tag, typically the version, of the Docker image | 1.0.2 +dmarc2logstash.image.tag | dmarc2logstash image tag, typically the version, of the Docker image | 1.0.3 dmarc2logstash.image.pullPolicy | dmarc2logstash Kubernetes image pull policy | IfNotPresent +delete_messages | Set to 1 to delete messages or 0 to preserve messages (useful for debugging) | 1 filebeat.image.repository | Elastic filebeat Docker image repository | docker.elastic.co/beats/filebeat filebeat.image.tag | Elastic filebeat tag, typically the version, of the Docker image | 6.2.4 filebeat.image.pullPolicy | Elastic filebeat Kubernetes image pull policy | IfNotPresent diff --git a/stable/dmarc2logstash/templates/deployment.yaml b/stable/dmarc2logstash/templates/deployment.yaml index ba95b14894ac..b3163c271ced 100644 --- a/stable/dmarc2logstash/templates/deployment.yaml +++ b/stable/dmarc2logstash/templates/deployment.yaml @@ -62,6 +62,8 @@ spec: secretKeyRef: name: {{ template "dmarc2logstash.name" . }}-secrets key: pop3_password + - name: DELETE_MESSAGES + value: "{{ .Values.dmarc2logstash.deleteMessages }}" volumeMounts: - name: shared-log mountPath: /opt/dmarc2logstash/output diff --git a/stable/dmarc2logstash/values.yaml b/stable/dmarc2logstash/values.yaml index 95e718df127b..fcbc30faa064 100644 --- a/stable/dmarc2logstash/values.yaml +++ b/stable/dmarc2logstash/values.yaml @@ -1,8 +1,9 @@ dmarc2logstash: image: repository: jertel/dmarc2logstash - tag: 1.0.2 + tag: 1.0.3 pullPolicy: IfNotPresent + deleteMessages: 1 resources: {} nodeSelector: {} tolerations: [] From 704711f765a788e96a0c3c47a9430d768fbe2b15 Mon Sep 17 00:00:00 2001 From: Fabrizio Fortino Date: Mon, 17 Dec 2018 22:27:33 +0100 Subject: [PATCH 017/136] [stable/logstash] update to version 6.5.3 (#10083) Signed-off-by: Fabrizio Fortino Signed-off-by: Melissa Palmer --- stable/logstash/Chart.yaml | 4 ++-- stable/logstash/README.md | 2 +- stable/logstash/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/logstash/Chart.yaml b/stable/logstash/Chart.yaml index db60ec81eb31..106a40ed8c6b 100644 --- a/stable/logstash/Chart.yaml +++ b/stable/logstash/Chart.yaml @@ -3,8 +3,8 @@ description: Logstash is an open source, server-side data processing pipeline icon: https://www.elastic.co/assets/blt86e4472872eed314/logo-elastic-logstash-lt.svg home: https://www.elastic.co/products/logstash name: logstash -version: 1.4.0 -appVersion: 6.5.0 +version: 1.4.1 +appVersion: 6.5.3 sources: - https://www.docker.elastic.co - https://www.elastic.co/guide/en/logstash/current/index.html diff --git a/stable/logstash/README.md b/stable/logstash/README.md index 9c770b114fca..78bd71d4b419 100644 --- a/stable/logstash/README.md +++ b/stable/logstash/README.md @@ -75,7 +75,7 @@ The following table lists the configurable parameters of the chart and its defau | `podDisruptionBudget` | Pod disruption budget | `maxUnavailable: 1` | | `updateStrategy` | Update strategy | `type: RollingUpdate` | | `image.repository` | Container image name | `docker.elastic.co/logstash/logstash-oss` | -| `image.tag` | Container image tag | `6.5.0` | +| `image.tag` | Container image tag | `6.5.3` | | `image.pullPolicy` | Container image pull policy | `IfNotPresent` | | `service.type` | Service type (ClusterIP, NodePort or LoadBalancer) | `ClusterIP` | | `service.annotations` | Service annotations | `{}` | diff --git a/stable/logstash/values.yaml b/stable/logstash/values.yaml index 6de189095e53..0645fdc4fa0c 100644 --- a/stable/logstash/values.yaml +++ b/stable/logstash/values.yaml @@ -10,7 +10,7 @@ terminationGracePeriodSeconds: 30 image: repository: docker.elastic.co/logstash/logstash-oss - tag: 6.5.0 + tag: 6.5.3 pullPolicy: IfNotPresent ## Add secrets manually via kubectl on kubernetes cluster and reference here # pullSecrets: From e59607aa3ef2aed11f1fb991eb52c04158d3bdd1 Mon Sep 17 00:00:00 2001 From: Kevin Pullin Date: Mon, 17 Dec 2018 15:21:35 -0800 Subject: [PATCH 018/136] Update postgres-exporter to app v0.4.7 (#10079) Update to the latest postgres-exporter app release: 0.4.7 Merge in the new pg_statio_user_tables config: https://raw.githubusercontent.com/wrouesnel/postgres_exporter/42f9de480a8ab6f391d1cf85eb3dfe4261a14459/queries.yaml Signed-off-by: Kevin Pullin Signed-off-by: Melissa Palmer --- .../prometheus-postgres-exporter/Chart.yaml | 4 +-- .../prometheus-postgres-exporter/values.yaml | 36 ++++++++++++++++++- 2 files changed, 37 insertions(+), 3 deletions(-) diff --git a/stable/prometheus-postgres-exporter/Chart.yaml b/stable/prometheus-postgres-exporter/Chart.yaml index b6c6889621ea..d3f66c4f6219 100644 --- a/stable/prometheus-postgres-exporter/Chart.yaml +++ b/stable/prometheus-postgres-exporter/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "0.4.6" +appVersion: "0.4.7" description: A Helm chart for prometheus postgres-exporter name: prometheus-postgres-exporter -version: 0.6.0 +version: 0.6.1 home: https://github.com/wrouesnel/postgres_exporter sources: - https://github.com/wrouesnel/postgres_exporter diff --git a/stable/prometheus-postgres-exporter/values.yaml b/stable/prometheus-postgres-exporter/values.yaml index 14f11a55a3de..3373cf556874 100644 --- a/stable/prometheus-postgres-exporter/values.yaml +++ b/stable/prometheus-postgres-exporter/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 image: repository: wrouesnel/postgres_exporter - tag: v0.4.6 + tag: v0.4.7 pullPolicy: IfNotPresent service: @@ -133,6 +133,40 @@ config: usage: "COUNTER" description: "Number of times this table has been analyzed by the autovacuum daemon" + pg_statio_user_tables: + query: "SELECT schemaname, relname, heap_blks_read, heap_blks_hit, idx_blks_read, idx_blks_hit, toast_blks_read, toast_blks_hit, tidx_blks_read, tidx_blks_hit FROM pg_statio_user_tables" + metrics: + - schemaname: + usage: "LABEL" + description: "Name of the schema that this table is in" + - relname: + usage: "LABEL" + description: "Name of this table" + - heap_blks_read: + usage: "COUNTER" + description: "Number of disk blocks read from this table" + - heap_blks_hit: + usage: "COUNTER" + description: "Number of buffer hits in this table" + - idx_blks_read: + usage: "COUNTER" + description: "Number of disk blocks read from all indexes on this table" + - idx_blks_hit: + usage: "COUNTER" + description: "Number of buffer hits in all indexes on this table" + - toast_blks_read: + usage: "COUNTER" + description: "Number of disk blocks read from this table's TOAST table (if any)" + - toast_blks_hit: + usage: "COUNTER" + description: "Number of buffer hits in this table's TOAST table (if any)" + - tidx_blks_read: + usage: "COUNTER" + description: "Number of disk blocks read from this table's TOAST table indexes (if any)" + - tidx_blks_hit: + usage: "COUNTER" + description: "Number of buffer hits in this table's TOAST table indexes (if any)" + pg_database: query: " SELECT pg_database.datname, pg_database_size(pg_database.datname) as size FROM pg_database" metrics: From 95ca38145f27fa7d707973bb5c978cb94927f726 Mon Sep 17 00:00:00 2001 From: Mikhail Advani Date: Tue, 18 Dec 2018 00:34:20 +0100 Subject: [PATCH 019/136] [stable/kibana] Ability to mount additional configmaps (#9997) * [stable/kibana] Ability to mount additional configmaps Signed-off-by: Mikhail Advani * [stable/kibana] Test addition and version correction Signed-off-by: Mikhail Advani Signed-off-by: Melissa Palmer --- stable/kibana/Chart.yaml | 2 +- stable/kibana/README.md | 1 + stable/kibana/ci/extra-configmap-mounts.yaml | 6 ++++++ stable/kibana/templates/deployment.yaml | 10 ++++++++++ stable/kibana/values.yaml | 6 ++++++ 5 files changed, 24 insertions(+), 1 deletion(-) create mode 100644 stable/kibana/ci/extra-configmap-mounts.yaml diff --git a/stable/kibana/Chart.yaml b/stable/kibana/Chart.yaml index c22ed75dea7f..8abb96a146a0 100644 --- a/stable/kibana/Chart.yaml +++ b/stable/kibana/Chart.yaml @@ -1,5 +1,5 @@ name: kibana -version: 1.0.3 +version: 1.1.0 appVersion: 6.5.3 description: Kibana is an open source data visualization plugin for Elasticsearch icon: https://raw.githubusercontent.com/elastic/kibana/master/src/ui/public/icons/kibana-color.svg diff --git a/stable/kibana/README.md b/stable/kibana/README.md index 0abd37e66746..c947ae55f542 100644 --- a/stable/kibana/README.md +++ b/stable/kibana/README.md @@ -100,6 +100,7 @@ The following table lists the configurable parameters of the kibana chart and th | `securityContext.allowPrivilegeEscalation` | Allow privilege escalation | `false` | | `securityContext.runAsUser` | User id to run in pods | `1000` | | `securityContext.fsGroup` | fsGroup id to run in pods | `2000` | +| `extraConfigMapMounts` | Additional configmaps to be mounted | `[]` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/kibana/ci/extra-configmap-mounts.yaml b/stable/kibana/ci/extra-configmap-mounts.yaml new file mode 100644 index 000000000000..c4ccd5729111 --- /dev/null +++ b/stable/kibana/ci/extra-configmap-mounts.yaml @@ -0,0 +1,6 @@ +--- +extraConfigMapMounts: + - name: logtrail-configs + configMap: kibana-logtrail + mountPath: /usr/share/kibana/plugins/logtrail/logtrail.json + subPath: logtrail.json diff --git a/stable/kibana/templates/deployment.yaml b/stable/kibana/templates/deployment.yaml index 2054059d98ab..56e31341dcd0 100644 --- a/stable/kibana/templates/deployment.yaml +++ b/stable/kibana/templates/deployment.yaml @@ -173,6 +173,11 @@ spec: {{- end }} {{- with .Values.extraContainers }} {{ tpl . $ | indent 6 }} +{{- end }} +{{- range .Values.extraConfigMapMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath }} {{- end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: @@ -215,3 +220,8 @@ spec: name: {{ template "kibana.fullname" . }}-importscript defaultMode: 0777 {{- end }} +{{- range .Values.extraConfigMapMounts }} + - name: {{ .name }} + configMap: + name: {{ .configMap }} +{{- end }} diff --git a/stable/kibana/values.yaml b/stable/kibana/values.yaml index 4263828ab102..d0b132abaa28 100644 --- a/stable/kibana/values.yaml +++ b/stable/kibana/values.yaml @@ -177,3 +177,9 @@ securityContext: allowPrivilegeEscalation: false runAsUser: 1000 fsGroup: 2000 + +extraConfigMapMounts: [] + # - name: logtrail-configs + # configMap: kibana-logtrail + # mountPath: /usr/share/kibana/plugins/logtrail/logtrail.json + # subPath: logtrail.json From ad0f1ae99e2d5591d4863a4e830ba92cafbb5a68 Mon Sep 17 00:00:00 2001 From: Fabrizio Fortino Date: Tue, 18 Dec 2018 00:42:49 +0100 Subject: [PATCH 020/136] [stable/filebeat] update to version 6.5.3 (#10085) Signed-off-by: Fabrizio Fortino Signed-off-by: Melissa Palmer --- stable/filebeat/Chart.yaml | 4 ++-- stable/filebeat/README.md | 2 +- stable/filebeat/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/filebeat/Chart.yaml b/stable/filebeat/Chart.yaml index 868ca81f300b..23f4e388609e 100644 --- a/stable/filebeat/Chart.yaml +++ b/stable/filebeat/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v1 description: A Helm chart to collect Kubernetes logs with filebeat icon: https://www.elastic.co/assets/blt47799dcdcf08438d/logo-elastic-beats-lt.svg name: filebeat -version: 1.1.0 -appVersion: 6.5.1 +version: 1.1.1 +appVersion: 6.5.3 home: https://www.elastic.co/products/beats/filebeat sources: - https://www.elastic.co/guide/en/beats/filebeat/current/index.html diff --git a/stable/filebeat/README.md b/stable/filebeat/README.md index 40c9016b2d45..8cc7eb8160a2 100644 --- a/stable/filebeat/README.md +++ b/stable/filebeat/README.md @@ -25,7 +25,7 @@ The following table lists the configurable parameters of the filebeat chart and | Parameter | Description | Default | | -------------------------------------------------------- | -------------------------------------------------------------------------------------------------------- | -------------------------------------------------- | | `image.repository` | Docker image repo | `docker.elastic.co/beats/filebeat-oss` | -| `image.tag` | Docker image tag | `6.5.1` | +| `image.tag` | Docker image tag | `6.5.3` | | `image.pullPolicy` | Docker image pull policy | `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `nil` | | `config.filebeat.config.prospectors.path` | Mounted `filebeat-prospectors` configmap | `${path.config}/prospectors.d/*.yml` | diff --git a/stable/filebeat/values.yaml b/stable/filebeat/values.yaml index 97dec9c8ec94..e765cfe927b3 100644 --- a/stable/filebeat/values.yaml +++ b/stable/filebeat/values.yaml @@ -1,6 +1,6 @@ image: repository: docker.elastic.co/beats/filebeat-oss - tag: 6.5.1 + tag: 6.5.3 pullPolicy: IfNotPresent config: From 72cc7a0a8b96827b62c90c99d4517a0aa8b395a9 Mon Sep 17 00:00:00 2001 From: Maor Friedman Date: Tue, 18 Dec 2018 10:19:50 +0200 Subject: [PATCH 021/136] [incubator/cassandra] minor issue fixes (#9894) * [incubator/cassandra] add extraArgs for backup, fixes helm/charts#9819 Signed-off-by: Maor * [incubator/cassandra] fix serviceAccountName in CronJob, fixes helm/charts#9818 Signed-off-by: Maor * [incubator/cassandra] add maorfr as a maintainer Signed-off-by: Maor * [incubator/cassandra] bump chart version Signed-off-by: Maor * [incubator/cassandra] update maintainers Signed-off-by: Maor * [incubator/cassandra] backup extraArgs from object to array Signed-off-by: Maor * [incubator/cassandra] update maintainers and owners Signed-off-by: Maor Signed-off-by: Melissa Palmer --- incubator/cassandra/Chart.yaml | 2 +- incubator/cassandra/OWNERS | 1 + incubator/cassandra/README.md | 1 + incubator/cassandra/templates/backup/cronjob.yaml | 5 ++++- incubator/cassandra/values.yaml | 4 ++++ 5 files changed, 11 insertions(+), 2 deletions(-) diff --git a/incubator/cassandra/Chart.yaml b/incubator/cassandra/Chart.yaml index c6a500b9aec1..000bf0afbb70 100644 --- a/incubator/cassandra/Chart.yaml +++ b/incubator/cassandra/Chart.yaml @@ -1,5 +1,5 @@ name: cassandra -version: 0.9.4 +version: 0.9.5 appVersion: 3.11.3 description: Apache Cassandra is a free and open-source distributed database management system designed to handle large amounts of data across many commodity servers, providing diff --git a/incubator/cassandra/OWNERS b/incubator/cassandra/OWNERS index 03f4df4011c4..b8103167037f 100644 --- a/incubator/cassandra/OWNERS +++ b/incubator/cassandra/OWNERS @@ -4,3 +4,4 @@ approvers: reviewers: - KongZ - maver1ck +- maorfr diff --git a/incubator/cassandra/README.md b/incubator/cassandra/README.md index 559fa60633fe..a6f89d16ba3b 100644 --- a/incubator/cassandra/README.md +++ b/incubator/cassandra/README.md @@ -127,6 +127,7 @@ The following table lists the configurable parameters of the Cassandra chart and | `backup.annotations` | Backup pod annotations | iam.amazonaws.com/role: `cain` | | `backup.image.repo` | Backup image repository | `nuvo/cain` | | `backup.image.tag` | Backup image tag | `0.3.0` | +| `backup.extraArgs` | Additional arguments for cain | `[]` | | `backup.env` | Backup environment variables | AWS_REGION: `us-east-1` | | `backup.resources` | Backup CPU/Memory resource requests/limits | Memory: `1Gi`, CPU: `1` | | `backup.destination` | Destination to store backup artifacts | `s3://bucket/cassandra` | diff --git a/incubator/cassandra/templates/backup/cronjob.yaml b/incubator/cassandra/templates/backup/cronjob.yaml index 921217dcc1a3..d2e1af118043 100644 --- a/incubator/cassandra/templates/backup/cronjob.yaml +++ b/incubator/cassandra/templates/backup/cronjob.yaml @@ -25,7 +25,7 @@ spec: {{ toYaml $backup.annotations }} spec: restartPolicy: OnFailure - serviceAccountName: {{ template "cassandra.fullname" $ }}-backup + serviceAccountName: {{ template "cassandra.serviceAccountName" $ }} containers: - name: cassandra-backup image: "{{ $backup.image.repos }}:{{ $backup.image.tag }}" @@ -40,6 +40,9 @@ spec: - {{ $schedule.keyspace }} - --dst - {{ $backup.destination }} + {{- with $backup.extraArgs }} +{{ toYaml . | indent 12 }} + {{- end }} {{- with $backup.env }} env: {{ toYaml . | indent 12 }} diff --git a/incubator/cassandra/values.yaml b/incubator/cassandra/values.yaml index fd7a5feb4c20..9beb181b68e6 100644 --- a/incubator/cassandra/values.yaml +++ b/incubator/cassandra/values.yaml @@ -161,6 +161,10 @@ backup: repos: nuvo/cain tag: 0.3.0 + # Additional arguments for cain + # Ref: https://github.com/nuvo/cain#usage + extraArgs: [] + # Add additional environment variables env: # Example environment variable required for AWS credentials chain From 4654cce4cfc7825ae0eb88fd832b3018e7b09c4b Mon Sep 17 00:00:00 2001 From: Axel Bock Date: Tue, 18 Dec 2018 09:28:01 +0100 Subject: [PATCH 022/136] [stable/postgresql] fix broken usage of existing PVC (#9832) (#9834) * fix broken behavior of persistence.existingClaim (#9832) Signed-off-by: Axel Bock * bump version to 3.1.4 Signed-off-by: Axel Bock * add emptyDir mount for disbaled persistency Signed-off-by: Axel Bock * fix duplicate updateStrategy key Signed-off-by: Axel Bock Signed-off-by: Melissa Palmer --- stable/postgresql/Chart.yaml | 2 +- .../templates/statefulset-slaves.yaml | 2 -- stable/postgresql/templates/statefulset.yaml | 23 ++++++++----------- 3 files changed, 10 insertions(+), 17 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index d15cca68d2fd..4c1a34087115 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.1.3 +version: 3.1.4 appVersion: 10.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml index 53bf84857c82..8f1372113112 100644 --- a/stable/postgresql/templates/statefulset-slaves.yaml +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -11,8 +11,6 @@ metadata: spec: serviceName: {{ template "postgresql.fullname" . }}-headless replicas: {{ .Values.replication.slaveReplicas }} - updateStrategy: - type: RollingUpdate selector: matchLabels: app: {{ template "postgresql.name" . }} diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index 63ca41e920e4..1a2904705627 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -11,7 +11,7 @@ spec: serviceName: {{ template "postgresql.fullname" . }}-headless replicas: 1 updateStrategy: - type: RollingUpdate + type: {{ .Values.updateStrategy.type }} selector: matchLabels: app: {{ template "postgresql.name" . }} @@ -151,10 +151,8 @@ spec: volumeMounts: - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d - {{- if .Values.persistence.enabled }} - name: data mountPath: {{ .Values.persistence.mountPath }} - {{ end }} {{ if or (.Files.Glob "files/postgresql.conf") .Values.postgresqlConfiguration }} - name: postgresql-config mountPath: /opt/bitnami/postgresql/conf/postgresql.conf @@ -213,11 +211,6 @@ spec: {{ toYaml .Values.metrics.resources | indent 10 }} {{- end }} volumes: - {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - - name: {{ .Values.persistence.existingClaim }} - persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim }} - {{- end }} {{ if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration }} - name: postgresql-config configMap: @@ -226,7 +219,14 @@ spec: - name: custom-init-scripts configMap: name: {{ template "postgresql.fullname" . }}-init-scripts -{{- if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} +{{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} + - name: data + persistentVolumeClaim: + claimName: {{ .Values.persistence.existingClaim }} +{{- else if not .Values.persistence.enabled }} + - name: data + emptyDir: {} +{{- else if and .Values.persistence.enabled (not .Values.persistence.existingClaim) }} volumeClaimTemplates: - metadata: name: data @@ -251,9 +251,4 @@ spec: storageClassName: "{{ .Values.persistence.storageClass }}" {{- end }} {{- end }} -{{- else }} - - name: data - emptyDir: {} {{- end }} - updateStrategy: - type: {{ .Values.updateStrategy.type }} From 988739588b79878f3433cf997742a3caca20c391 Mon Sep 17 00:00:00 2001 From: Xavier Vello Date: Tue, 18 Dec 2018 14:55:05 +0100 Subject: [PATCH 023/136] Fix log pointer path in container + make it configurable on the host side (#10097) Signed-off-by: Xavier Vello Signed-off-by: Melissa Palmer --- stable/datadog/Chart.yaml | 2 +- stable/datadog/README.md | 1 + stable/datadog/templates/daemonset.yaml | 4 ++-- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/stable/datadog/Chart.yaml b/stable/datadog/Chart.yaml index 2146300f57e2..d91936c89152 100755 --- a/stable/datadog/Chart.yaml +++ b/stable/datadog/Chart.yaml @@ -1,5 +1,5 @@ name: datadog -version: 1.13.0 +version: 1.14.0 appVersion: 6.6.0 description: DataDog Agent keywords: diff --git a/stable/datadog/README.md b/stable/datadog/README.md index f664cf19d525..989332821352 100644 --- a/stable/datadog/README.md +++ b/stable/datadog/README.md @@ -74,6 +74,7 @@ The following table lists the configurable parameters of the Datadog chart and t | `datadog.env` | Additional Datadog environment variables | `nil` | | `datadog.logsEnabled` | Enable log collection | `nil` | | `datadog.logsConfigContainerCollectAll` | Collect logs from all containers | `nil` | +| `datadog.logsPointerHostPath` | Host path to store the log tailing state in | `/var/lib/datadog-agent/logs` | | `datadog.apmEnabled` | Enable tracing from the host | `nil` | | `datadog.processAgentEnabled` | Enable live process monitoring | `nil` | | `datadog.checksd` | Additional custom checks as python code | `nil` | diff --git a/stable/datadog/templates/daemonset.yaml b/stable/datadog/templates/daemonset.yaml index dad2401d8179..9843f8644e2a 100644 --- a/stable/datadog/templates/daemonset.yaml +++ b/stable/datadog/templates/daemonset.yaml @@ -173,7 +173,7 @@ spec: {{- end }} {{- if .Values.datadog.logsEnabled }} - name: pointerdir - mountPath: /var/lib/datadog-agent/logs + mountPath: /opt/datadog-agent/run {{- end }} {{- if .Values.datadog.processAgentEnabled }} - name: passwd @@ -221,7 +221,7 @@ spec: {{- end }} {{- if .Values.datadog.logsEnabled }} - hostPath: - path: /var/lib/datadog-agent/logs + path: {{ default "/var/lib/datadog-agent/logs" .Values.datadog.logsPointerHostPath | quote }} name: pointerdir {{- end }} {{- if .Values.datadog.processAgentEnabled }} From 08261b216bb0d93292211efc3425738a0e447725 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Tue, 18 Dec 2018 17:00:19 +0100 Subject: [PATCH 024/136] [stable/postgresql] Allow mounting secrets as files (#10090) * [stable/postgresql] Allow mounting secrets as files Signed-off-by: Javier J. Salmeron Garcia * Add mounting logic to the metrics container Signed-off-by: Javier J. Salmeron Garcia * Lint Signed-off-by: Javier J. Salmeron Garcia Signed-off-by: Melissa Palmer --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 1 + stable/postgresql/templates/_helpers.tpl | 12 +++++ .../templates/statefulset-slaves.yaml | 20 ++++++--- stable/postgresql/templates/statefulset.yaml | 45 ++++++++++++++----- stable/postgresql/values-production.yaml | 6 +++ stable/postgresql/values.yaml | 6 +++ 7 files changed, 75 insertions(+), 17 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 4c1a34087115..2f227ade4327 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.1.4 +version: 3.2.0 appVersion: 10.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index 94d841f1a0e2..b7be851a7bd1 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -59,6 +59,7 @@ The following tables lists the configurable parameters of the PostgreSQL chart a | `volumePermissions.image.tag` | Init container volume-permissions image tag | `latest` | | `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | | `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | +| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | | `replication.enabled` | Would you like to enable replication | `false` | | `replication.user` | Replication user | `repl_user` | | `replication.password` | Replication user password | `repl_password` | diff --git a/stable/postgresql/templates/_helpers.tpl b/stable/postgresql/templates/_helpers.tpl index 4447c9955550..ef27a0582ff6 100644 --- a/stable/postgresql/templates/_helpers.tpl +++ b/stable/postgresql/templates/_helpers.tpl @@ -106,3 +106,15 @@ Return the proper PostgreSQL metrics image name {{- $tag := default "latest" .Values.metrics.image.tag | toString -}} {{- printf "%s/%s:%s" $registryName .Values.metrics.image.repository $tag -}} {{- end -}} + +{{/* +Get the password secret. +*/}} +{{- define "postgresql.secretName" -}} +{{- $secretName := include "postgresql.fullname" . -}} +{{- if .Values.existingSecret -}} +{{ $secretName := .Values.existingSecret -}} +{{- else -}} +{{- printf "%s" $secretName -}} +{{- end -}} +{{- end -}} diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml index 8f1372113112..5f5e0a9d369d 100644 --- a/stable/postgresql/templates/statefulset-slaves.yaml +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -88,15 +88,16 @@ spec: value: "slave" - name: POSTGRESQL_REPLICATION_USER value: {{ .Values.replication.user | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRESQL_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} - name: POSTGRESQL_REPLICATION_PASSWORD valueFrom: secretKeyRef: - {{- if .Values.existingSecret }} - name: {{ .Values.existingSecret }} - {{- else }} - name: {{ template "postgresql.fullname" . }} - {{- end }} + name: {{ template "postgresql.secretName" . }} key: postgresql-replication-password + {{- end }} - name: POSTGRESQL_MASTER_HOST value: {{ template "postgresql.fullname" . }} - name: POSTGRESQL_MASTER_PORT_NUMBER @@ -133,6 +134,10 @@ spec: failureThreshold: {{ .Values.readinessProbe.failureThreshold }} {{- end }} volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets + {{ end }} {{- if .Values.persistence.enabled }} - name: data mountPath: /bitnami/postgresql @@ -148,6 +153,11 @@ spec: subPath: pg_hba.conf {{ end }} volumes: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{ end }} {{ if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration }} - name: postgresql-config configMap: diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index 1a2904705627..66c7a237c283 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -93,23 +93,29 @@ spec: value: "master" - name: POSTGRESQL_REPLICATION_USER value: {{ .Values.replication.user | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRESQL_REPLICATION_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" + {{- else }} - name: POSTGRESQL_REPLICATION_PASSWORD valueFrom: secretKeyRef: - name: {{ template "postgresql.fullname" . }} + name: {{ template "postgresql.secretName" . }} key: postgresql-replication-password {{- end }} + {{- end }} - name: POSTGRESQL_USERNAME value: {{ .Values.postgresqlUsername | quote }} + {{- if .Values.usePasswordFile }} + - name: POSTGRESQL_PASSWORD_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: - {{- if .Values.existingSecret }} - name: {{ .Values.existingSecret }} - {{- else }} - name: {{ template "postgresql.fullname" . }} - {{- end }} + name: {{ template "postgresql.secretName" . }} key: postgresql-password + {{- end }} {{- if .Values.postgresqlDatabase }} - name: POSTGRESQL_DATABASE value: {{ .Values.postgresqlDatabase | quote }} @@ -151,8 +157,14 @@ spec: volumeMounts: - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{ end }} + {{- if .Values.persistence.enabled }} - name: data mountPath: {{ .Values.persistence.mountPath }} + {{- end }} {{ if or (.Files.Glob "files/postgresql.conf") .Values.postgresqlConfiguration }} - name: postgresql-config mountPath: /opt/bitnami/postgresql/conf/postgresql.conf @@ -171,15 +183,16 @@ spec: {{- $database := required "In order to enable metrics you need to specify a database (.Values.postgresqlDatabase)" .Values.postgresqlDatabase }} - name: DATA_SOURCE_URI value: {{ printf "localhost:%d/%s?sslmode=disable" (int .Values.service.port) $database | quote }} + {{- if .Values.usePasswordFile }} + - name: DATA_SOURCE_PASS_FILE + value: "/opt/bitnami/postgresql/secrets/postgresql-password" + {{- else }} - name: DATA_SOURCE_PASS valueFrom: secretKeyRef: - {{- if .Values.existingSecret }} - name: {{ .Values.existingSecret }} - {{- else }} - name: {{ template "postgresql.fullname" . }} - {{- end }} + name: {{ template "postgresql.secretName" . }} key: postgresql-password + {{- end }} - name: DATA_SOURCE_USER value: {{ .Values.postgresqlUsername }} {{- if .Values.livenessProbe.enabled }} @@ -204,6 +217,11 @@ spec: successThreshold: {{ .Values.readinessProbe.successThreshold }} failureThreshold: {{ .Values.readinessProbe.failureThreshold }} {{- end }} + volumeMounts: + {{- if .Values.usePasswordFile }} + - name: postgresql-password + mountPath: /opt/bitnami/postgresql/secrets/ + {{ end }} ports: - name: metrics containerPort: 9187 @@ -216,6 +234,11 @@ spec: configMap: name: {{ template "postgresql.fullname" . }}-configuration {{ end }} + {{- if .Values.usePasswordFile }} + - name: postgresql-password + secret: + secretName: {{ template "postgresql.secretName" . }} + {{ end }} - name: custom-init-scripts configMap: name: {{ template "postgresql.fullname" . }}-init-scripts diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index d0ec03587da1..492ff594bd7d 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -70,6 +70,12 @@ postgresqlUsername: postgres ## # postgresqlDatabase: +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + ## PostgreSQL configuration ## Specify runtime configuration parameters as a dict, using camelCase, e.g. ## {"sharedBuffers": "500MB"} diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index 1eb90acd9caa..3e384f3a92e8 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -65,6 +65,12 @@ postgresqlUsername: postgres ## # postgresqlPassword: +## PostgreSQL password using existing secret +## existingSecret: secret + +## Mount PostgreSQL secret as a file instead of passing environment variable +# usePasswordFile: false + ## Create a database ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#creating-a-database-on-first-run ## From 070e46376c99486fee0283c75a2ce4eb55352437 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Bry=C5=84ski?= Date: Tue, 18 Dec 2018 19:06:34 +0100 Subject: [PATCH 025/136] [incubator/cassandra] Ability to override Cassandra configuration files and docker command (#8376) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Fix Statefulset definition Signed-off-by: Maciej Bryński * Ability to overrides config files and docker command Signed-off-by: Maciej Bryński * Bump Chart version Signed-off-by: Maciej Bryński * Fix newline Signed-off-by: Maciej Bryński * Fix Signed-off-by: Maciej Bryński Signed-off-by: Melissa Palmer --- incubator/cassandra/Chart.yaml | 2 +- incubator/cassandra/README.md | 3 +++ incubator/cassandra/templates/configmap.yaml | 14 +++++++++++++ .../cassandra/templates/statefulset.yaml | 20 ++++++++++++++++++- incubator/cassandra/values.yaml | 9 +++++++++ 5 files changed, 46 insertions(+), 2 deletions(-) create mode 100644 incubator/cassandra/templates/configmap.yaml diff --git a/incubator/cassandra/Chart.yaml b/incubator/cassandra/Chart.yaml index 000bf0afbb70..2ab671bd09c8 100644 --- a/incubator/cassandra/Chart.yaml +++ b/incubator/cassandra/Chart.yaml @@ -1,5 +1,5 @@ name: cassandra -version: 0.9.5 +version: 0.10.0 appVersion: 3.11.3 description: Apache Cassandra is a free and open-source distributed database management system designed to handle large amounts of data across many commodity servers, providing diff --git a/incubator/cassandra/README.md b/incubator/cassandra/README.md index a6f89d16ba3b..bba89615b2c3 100644 --- a/incubator/cassandra/README.md +++ b/incubator/cassandra/README.md @@ -98,6 +98,9 @@ The following table lists the configurable parameters of the Cassandra chart and | `config.ports.thrift` | Initdb Arguments | `9160` | | `config.ports.agent` | The port of the JVM Agent (if any) | `nil` | | `config.start_rpc` | Initdb Arguments | `false` | +| `configOverrides` | Overrides config files in /etc/cassandra dir | `{}` | +| `commandOverrides` | Overrides default docker command | `[]` | +| `argsOverrides` | Overrides default docker args | `[]` | | `env` | Custom env variables | `{}` | | `persistence.enabled` | Use a PVC to persist data | `true` | | `persistence.storageClass` | Storage class of backing PVC | `nil` (uses alpha storage class annotation) | diff --git a/incubator/cassandra/templates/configmap.yaml b/incubator/cassandra/templates/configmap.yaml new file mode 100644 index 000000000000..4e5ab76d6cdb --- /dev/null +++ b/incubator/cassandra/templates/configmap.yaml @@ -0,0 +1,14 @@ +{{- if .Values.configOverrides }} +kind: ConfigMap +apiVersion: v1 +metadata: + name: {{ template "cassandra.name" . }} + namespace: {{ .Release.Namespace }} + labels: + app: {{ template "cassandra.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: +{{ toYaml .Values.configOverrides | indent 2 }} +{{- end }} diff --git a/incubator/cassandra/templates/statefulset.yaml b/incubator/cassandra/templates/statefulset.yaml index a447ba34bfaf..412a4cbcf215 100644 --- a/incubator/cassandra/templates/statefulset.yaml +++ b/incubator/cassandra/templates/statefulset.yaml @@ -74,6 +74,12 @@ spec: - name: {{ template "cassandra.fullname" . }} image: "{{ .Values.image.repo }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} +{{- if .Values.commandOverrides }} + command: {{ .Values.commandOverrides }} +{{- end }} +{{- if .Values.argsOverrides }} + args: {{ .Values.argsOverrides }} +{{- end }} resources: {{ toYaml .Values.resources | indent 10 }} env: @@ -137,6 +143,11 @@ spec: volumeMounts: - name: data mountPath: /var/lib/cassandra +{{- range $key, $value := .Values.configOverrides }} + - name: cassandra-config-{{ $key | replace "." "-" }} + mountPath: /etc/cassandra/{{ $key }} + subPath: {{ $key }} +{{- end }} {{- if not .Values.persistence.enabled }} lifecycle: preStop: @@ -148,8 +159,15 @@ spec: imagePullSecrets: - name: {{ .Values.image.pullSecrets }} {{- end }} -{{- if not .Values.persistence.enabled }} +{{- if or .Values.configOverrides (not .Values.persistence.enabled) }} volumes: +{{- end }} +{{- range $key, $value := .Values.configOverrides }} + - configMap: + name: cassandra + name: cassandra-config-{{ $key | replace "." "-" }} +{{- end }} +{{- if not .Values.persistence.enabled }} - name: data emptyDir: {} {{- else }} diff --git a/incubator/cassandra/values.yaml b/incubator/cassandra/values.yaml index 9beb181b68e6..7caaaa128e67 100644 --- a/incubator/cassandra/values.yaml +++ b/incubator/cassandra/values.yaml @@ -67,6 +67,15 @@ config: # If a JVM Agent is in place # agent: 61621 +## Cassandra config files overrides +configOverrides: {} + +## Cassandra docker command overrides +commandOverrides: [] + +## Cassandra docker args overrides +argsOverrides: [] + ## Custom env variables. ## ref: https://hub.docker.com/_/cassandra/ env: {} From c196dfec59622a30d03bee7b0b3d3c532b41743e Mon Sep 17 00:00:00 2001 From: Beruben Daniel Date: Tue, 18 Dec 2018 13:53:04 -0500 Subject: [PATCH 026/136] Update exemple (#10104) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * update correct exemple Signed-off-by: Daniel BERUBEN * Signed-off-by: Daniel BERUBEN * bump chart version Signed-off-by: Daniel BERUBEN * update CHANGELOG Signed-off-by: Daniel BERUBEN * update space Signed-off-by: Daniel BERUBEN :q! * remove space Signed-off-by: Daniel BERUBEN :x * space Signed-off-by: Daniel BERUBEN :x Signed-off-by: Melissa Palmer --- stable/falco/CHANGELOG.md | 4 ++++ stable/falco/Chart.yaml | 2 +- stable/falco/templates/configmap.yaml | 2 +- stable/falco/values.yaml | 6 +++--- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/stable/falco/CHANGELOG.md b/stable/falco/CHANGELOG.md index 4d676981760c..e5901e746002 100644 --- a/stable/falco/CHANGELOG.md +++ b/stable/falco/CHANGELOG.md @@ -3,6 +3,10 @@ This file documents all notable changes to Sysdig Falco Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v0.5.5 + +* Update correct slack example + ## v0.5.4 * Using Falco version 0.13.0 instead of latest. diff --git a/stable/falco/Chart.yaml b/stable/falco/Chart.yaml index 36b3e3fde5d0..1a4148cb0d68 100644 --- a/stable/falco/Chart.yaml +++ b/stable/falco/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: falco -version: 0.5.4 +version: 0.5.5 appVersion: 0.13.0 description: Sysdig Falco keywords: diff --git a/stable/falco/templates/configmap.yaml b/stable/falco/templates/configmap.yaml index c9bd1f0166a0..60732f44eb08 100644 --- a/stable/falco/templates/configmap.yaml +++ b/stable/falco/templates/configmap.yaml @@ -110,7 +110,7 @@ data: # Possible additional things you might want to do with program output: # - send to a slack webhook: - # program: "jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/XXX" + # program: "\"jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/XXX\"" # - logging (alternate method than syslog): # program: logger -t falco-test # - send over a network connection: diff --git a/stable/falco/values.yaml b/stable/falco/values.yaml index 0b748ea600c9..646ed1c43d3b 100644 --- a/stable/falco/values.yaml +++ b/stable/falco/values.yaml @@ -130,11 +130,11 @@ falco: # Possible additional things you might want to do with program output: # - send to a slack webhook: - # program: "jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/XXX" + # program: "\"jq '{text: .output}' | curl -d @- -X POST https://hooks.slack.com/services/XXX\"" # - logging (alternate method than syslog): - # program: logger -t falco-test + # program: logger -t falco-test # - send over a network connection: - # program: nc host.example.com 80 + # program: nc host.example.com 80 # If keep_alive is set to true, the program will be started once and # continuously written to, with each output message on its own From 48e5d2785d576a51434d0508e5f7eee8de4572d9 Mon Sep 17 00:00:00 2001 From: Boris Kurktchiev Date: Tue, 18 Dec 2018 14:01:28 -0500 Subject: [PATCH 027/136] Add support for image pull secrets and headless services (#9783) * Add support for image pull secrets and headless services Signed-off-by: Boris Kurktchiev * resolve test failures Signed-off-by: Boris Kurktchiev Signed-off-by: Melissa Palmer --- stable/mssql-linux/Chart.yaml | 2 +- stable/mssql-linux/README.md | 2 ++ stable/mssql-linux/templates/deployment.yaml | 4 ++++ stable/mssql-linux/templates/service.yaml | 5 +++++ stable/mssql-linux/values.yaml | 7 +++++++ 5 files changed, 19 insertions(+), 1 deletion(-) diff --git a/stable/mssql-linux/Chart.yaml b/stable/mssql-linux/Chart.yaml index 95f745b56eed..7c31a0343ab6 100644 --- a/stable/mssql-linux/Chart.yaml +++ b/stable/mssql-linux/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: SQL Server 2017 Linux Helm Chart name: mssql-linux -version: 0.6.3 +version: 0.6.4 appVersion: 14.0.3023.8 home: https://hub.docker.com/r/microsoft/mssql-server-linux/ icon: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1I4Dx diff --git a/stable/mssql-linux/README.md b/stable/mssql-linux/README.md index 39904e30d52c..07900ea142e5 100644 --- a/stable/mssql-linux/README.md +++ b/stable/mssql-linux/README.md @@ -93,7 +93,9 @@ The configuration parameters in this section control the resources requested and | image.repository | The docker hub repo for SQL Server | `microsoft/mssql-server-linux` | | image.tag | The tag for the image | `2017-CU5` | | image.pullPolicy | The pull policy for the deployment | `IfNotPresent` | +| image.pullSecrets | Specify an image pull secret if needed | `Commented Out` | | nodeSelector | Node labels for pod assignment | `{}` | +| service.headless | Allows you to setup a headless service | `false` | | service.type | Service Type | `ClusterIP` | | service.port | Service Port | `1433` | | service.annotations | Kubernetes service annotations | `{}` | diff --git a/stable/mssql-linux/templates/deployment.yaml b/stable/mssql-linux/templates/deployment.yaml index 955c6a3049d7..c72ca334fa8d 100644 --- a/stable/mssql-linux/templates/deployment.yaml +++ b/stable/mssql-linux/templates/deployment.yaml @@ -26,6 +26,10 @@ spec: containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{ toYaml .Values.image.pullSecrets | indent 10 }} + {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} env: - name: ACCEPT_EULA diff --git a/stable/mssql-linux/templates/service.yaml b/stable/mssql-linux/templates/service.yaml index 1b9f4b1633a7..a00c1d366092 100644 --- a/stable/mssql-linux/templates/service.yaml +++ b/stable/mssql-linux/templates/service.yaml @@ -12,7 +12,12 @@ metadata: {{ toYaml .Values.service.annotations | indent 4 }} {{- end }} spec: + {{- if .Values.service.headless }} + type: clusterIP + clusterIP: None + {{- else }} type: {{ .Values.service.type }} + {{- end }} ports: - name: mssql port: {{ .Values.service.port }} diff --git a/stable/mssql-linux/values.yaml b/stable/mssql-linux/values.yaml index 9740655cef34..22882a57cc6e 100644 --- a/stable/mssql-linux/values.yaml +++ b/stable/mssql-linux/values.yaml @@ -11,7 +11,14 @@ image: repository: microsoft/mssql-server-linux tag: 2017-CU5 pullPolicy: IfNotPresent + ## It is possible to specify docker registry credentials + ## See https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod + # pullSecrets: + # - name: regsecret + service: + # If headless is set to TRUE then the service type is ignored + headless: false type: ClusterIP port: 1433 annotations: {} From 6bd6a18254978e503f38c07ab27e5e168680fc83 Mon Sep 17 00:00:00 2001 From: Torin Sandall Date: Tue, 18 Dec 2018 12:48:16 -0800 Subject: [PATCH 028/136] Add Open Policy Agent chart (#8915) * Add Open Policy Agent chart Signed-off-by: Torin Sandall * Update chart with example to kick the tires Signed-off-by: Torin Sandall * Update chart per review feedback - Set app version to OPA vresion per convention - Prefer user facing chart name to local in install guide - Refactor standard labels into helper template Signed-off-by: Torin Sandall * Add configuration table to README Signed-off-by: Torin Sandall Signed-off-by: Melissa Palmer --- stable/opa/Chart.yaml | 16 ++++ stable/opa/README.md | 74 +++++++++++++++++ stable/opa/templates/NOTES.txt | 55 +++++++++++++ stable/opa/templates/_helpers.tpl | 42 ++++++++++ stable/opa/templates/deployment.yaml | 51 ++++++++++++ stable/opa/templates/secrets.yaml | 9 +++ stable/opa/templates/service.yaml | 14 ++++ .../opa/templates/webhookconfiguration.yaml | 43 ++++++++++ stable/opa/values.yaml | 81 +++++++++++++++++++ 9 files changed, 385 insertions(+) create mode 100644 stable/opa/Chart.yaml create mode 100644 stable/opa/README.md create mode 100644 stable/opa/templates/NOTES.txt create mode 100644 stable/opa/templates/_helpers.tpl create mode 100644 stable/opa/templates/deployment.yaml create mode 100644 stable/opa/templates/secrets.yaml create mode 100644 stable/opa/templates/service.yaml create mode 100644 stable/opa/templates/webhookconfiguration.yaml create mode 100644 stable/opa/values.yaml diff --git a/stable/opa/Chart.yaml b/stable/opa/Chart.yaml new file mode 100644 index 000000000000..7880c60fa23c --- /dev/null +++ b/stable/opa/Chart.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +appVersion: 0.10.1 +description: Open source, general-purpose policy engine. Enforce fine-grained invariants over arbitrary Kubernetes resources. +name: opa +keywords: +- opa +- admission control +- policy +version: 0.1.0 +home: https://www.openpolicyagent.org +icon: https://raw.githubusercontent.com/open-policy-agent/opa/master/logo/logo.png +sources: +- https://github.com/open-policy-agent/opa +maintainers: +- name: tsandall + email: torinsandall@gmail.com diff --git a/stable/opa/README.md b/stable/opa/README.md new file mode 100644 index 000000000000..17d69535cd8d --- /dev/null +++ b/stable/opa/README.md @@ -0,0 +1,74 @@ +# OPA + +[OPA](https://www.openpolicyagent.org) is an open source general-purpose policy +engine designed for cloud-native environments. + +## Prerequisites + +- Kubernetes 1.9 (or newer) for validating and mutating webhook admission + controller support. + +## Overview + +This helm chart installs OPA as a [Kubernetes admission +controller](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/). +Using OPA, you can enforce fine-grained invariants over arbitrary resources in +your Kubernetes cluster. + +## Kick the tires + +If you just want to see something run, install the chart without any +configuration. + +```bash +helm install stable/opa +``` + +Once installed, the OPA will download a sample bundle from +https://www.openpolicyagent.org. The sample bundle contains a simple policy that +restricts the hostnames that can be specified on Ingress objects created in the +`opa-example` namespace. You can download the bundle and inspect it yourself: + +```bash +mkdir example && cd example +curl -s -L https://www.openpolicyagent.org/bundles/kubernetes/admission | tar xzv +``` + +See the [NOTES.txt](./templates/NOTES.txt) file for examples of how to exercise +the admission controller. + +## Configuration + +All configuration settings are contained and described in +[values.yaml](values.yaml). + +You should set the URL and credentials for the OPA to use to download policies. +The URL should identify an HTTP endpoint that implements the [OPA Bundle +API](https://www.openpolicyagent.org/docs/bundles.html). + +- `opa.services.controller.url` specifies the base URL of the OPA control plane. + +- `opa.services.controller.credentials.bearer.token` specifies a bearer token + for the OPA to use to authenticate with the control plane. + +For more information on OPA-specific configuration see the [OPA Configuration +Reference](https://www.openpolicyagent.org/docs/configuration.html). + +| Parameter | Description | Default | +| --- | --- | --- | +| `admissionControllerKind` | Type of admission controller to install. | `ValidatingWebhookConfiguration` | +| `admissionControllerFailurePolicy` | Fail-open (`Ignore`) or fail-closed (`Fail`)? | `Ignore` | +| `admissionControllerRules` | Types of operations resources to check. | `*` | +| `generateAdmissionControllerCerts` | Auto-generate TLS certificates for admission controller. | `true` | +| `admissionControllerCA` | Manually set admission controller certificate CA. | Unset | +| `admissionControllerCert` | Manually set admission controller certificate. | Unset | +| `admissionControllerKey` | Manually set admission controller key. | Unset | +| `image` | OPA image to deploy. | `openpolicyagent/opa` | +| `imageTag` | OPA image tag to deploy. | See [values.yaml](values.yaml) | +| `replicas` | Number of admission controller replicas to deploy. | `1` | +| `tolerations` | List of node taint tolerations. | `[]` | +| `nodeSelector` | Node labels for pod assignment. | `{}` | +| `resources` | CPU and memory limits for OPA Pod. | `{}` | +| `readinessProbe` | HTTP readiness probe for OPA container. | See [values.yaml](values.yaml) | +| `livenessProbe` | HTTP liveness probe for OPA container. | See [values.yaml](values.yaml) | +| `opa` | OPA configuration. | See [values.yaml](values.yaml) | diff --git a/stable/opa/templates/NOTES.txt b/stable/opa/templates/NOTES.txt new file mode 100644 index 000000000000..1264bb6da2c8 --- /dev/null +++ b/stable/opa/templates/NOTES.txt @@ -0,0 +1,55 @@ +Please wait while the OPA is deployed on your cluster. + +For example policies that you can enforce with OPA see https://www.openpolicyagent.org. + +You can query OPA to see the policies it has loaded: + +export OPA_POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "opa.fullname" . }}" -o jsonpath="{.items[0].metadata.name}") + +kubectl port-forward $OPA_POD_NAME 8080:443 + +curl -k -s https://localhost:8080/v1/policies | jq -r '.result[].raw' + +If you installed this chart with the default values, you can exercise the sample policy. + +# 1. Create a namespace called "opa-example" + +kubectl create namespace opa-example + +# 2. Create an Ingress in the "opa-example" namespace that complies with the policy. + +cat > ingress-ok.yaml < ingress-bad.yaml < Date: Tue, 18 Dec 2018 21:16:28 +0000 Subject: [PATCH 029/136] [stable/etcd-operator] Fix table in readme (#9639) * Fix formatting error in table * Made capitalisation consistent in table * Update default values in README Signed-off-by: Dean Coakley Signed-off-by: Melissa Palmer --- stable/etcd-operator/Chart.yaml | 2 +- stable/etcd-operator/README.md | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/etcd-operator/Chart.yaml b/stable/etcd-operator/Chart.yaml index 8f1bdfb056d5..f8aaac923e39 100755 --- a/stable/etcd-operator/Chart.yaml +++ b/stable/etcd-operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: CoreOS etcd-operator Helm chart for Kubernetes name: etcd-operator -version: 0.8.1 +version: 0.8.2 appVersion: 0.9.3 home: https://github.com/coreos/etcd-operator icon: https://raw.githubusercontent.com/coreos/etcd/master/logos/etcd-horizontal-color.png diff --git a/stable/etcd-operator/README.md b/stable/etcd-operator/README.md index 97465230a169..e8fa9c518e2c 100644 --- a/stable/etcd-operator/README.md +++ b/stable/etcd-operator/README.md @@ -51,8 +51,8 @@ The following table lists the configurable parameters of the etcd-operator chart | Parameter | Description | Default | | ------------------------------------------------- | -------------------------------------------------------------------- | ---------------------------------------------- | -| `rbac.create` | install required RBAC service account, roles and rolebindings | `true` | -| `rbac.apiVersion` | RBAC api version `v1alpha1|v1beta1` | `v1beta1` | +| `rbac.create` | Install required RBAC service account, roles and rolebindings | `true` | +| `rbac.apiVersion` | RBAC api version `v1alpha1\|v1beta1` | `v1beta1` | | `rbac.etcdOperatorServiceAccountName` | Name of the service account resource when RBAC is enabled | `etcd-operator-sa` | | `rbac.backupOperatorServiceAccountName` | Name of the service account resource when RBAC is enabled | `etcd-backup-operator-sa` | | `rbac.restoreOperatorServiceAccountName` | Name of the service account resource when RBAC is enabled | `etcd-restore-operator-sa` | @@ -109,7 +109,7 @@ The following table lists the configurable parameters of the etcd-operator chart | `etcdCluster.pod.resources.limits.memory` | Memory limit per etcd cluster pod | `128Mi` | | `etcdCluster.pod.resources.requests.cpu` | CPU request per etcd cluster pod | `100m` | | `etcdCluster.pod.resources.requests.memory` | Memory request per etcd cluster pod | `128Mi` | -| `etcdCluster.pod.nodeSelector` | node labels for etcd cluster pod assignment | `{}` | +| `etcdCluster.pod.nodeSelector` | Node labels for etcd cluster pod assignment | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example: From 05f161a226ef1812a5cc31a0c3552b5740ee9203 Mon Sep 17 00:00:00 2001 From: fakarakas Date: Tue, 18 Dec 2018 23:50:13 +0100 Subject: [PATCH 030/136] Allow the override of the preconfigure command (#10081) Goal When deploying gocd in a kubernetes cluster, we would like to preconfigure the server with custom settings. This can be done by a script shell or by a python script. Before we could only specify if we want the server to be preconfigured but there was no way to override the configuration script. With this change, one can write a script, put it in a configmap, mount this configmap on the pod and override the preconfigure command using 'preconfigureCommand'. For example : preconfigureCommand: - "/usr/bin/python" - "/preconfigure.py" Signed-off-by: Fatih KARAKAS Signed-off-by: Melissa Palmer --- stable/gocd/CHANGELOG.md | 4 ++++ stable/gocd/Chart.yaml | 2 +- stable/gocd/README.md | 1 + stable/gocd/templates/gocd-server-deployment.yaml | 3 ++- stable/gocd/values.yaml | 3 +++ 5 files changed, 11 insertions(+), 2 deletions(-) diff --git a/stable/gocd/CHANGELOG.md b/stable/gocd/CHANGELOG.md index 67f4a622ea8f..b158a9f958c6 100644 --- a/stable/gocd/CHANGELOG.md +++ b/stable/gocd/CHANGELOG.md @@ -1,3 +1,7 @@ +### 1.5.10 +* [87b3a755](https://github.com/kubernetes/charts/commit/87b3a755): + - Allow the override of the preconfigure command + ### 1.5.9 * [6547ba84](https://github.com/kubernetes/charts/commit/6547ba84): - Introduces the ability to configure agent service accounts diff --git a/stable/gocd/Chart.yaml b/stable/gocd/Chart.yaml index 7d8fe1fa43d1..49724bb1acbf 100644 --- a/stable/gocd/Chart.yaml +++ b/stable/gocd/Chart.yaml @@ -1,6 +1,6 @@ name: gocd home: https://www.gocd.org/ -version: 1.5.9 +version: 1.5.10 appVersion: 18.11.0 description: GoCD is an open-source continuous delivery server to model and visualize complex workflows with ease. icon: https://gocd.github.io/assets/images/go-icon-black-192x192.png diff --git a/stable/gocd/README.md b/stable/gocd/README.md index 377d8fb31d33..df15fe8536aa 100644 --- a/stable/gocd/README.md +++ b/stable/gocd/README.md @@ -71,6 +71,7 @@ The following tables list the configurable parameters of the GoCD chart and thei | ------------------------------------------ | ------------------------------------------------------------------------------------------------------------- | ------------------- | | `server.enabled` | Enable GoCD Server. Supported values are `true`, `false`. When enabled, the GoCD server deployment is done on helm install. | `true` | | `server.shouldPreconfigure` | Preconfigure GoCD Server to have a default elastic agent profile and Kubernetes elastic agent plugin settings. Supported values are `true`, `false`. | `true` | +| `server.preconfigureCommand` | Preconfigure GOCD Server with a custom command (shell,python, etc ...). Supported value is a list. | `["/bin/bash", "/preconfigure_server.sh"]`| | `server.image.repository` | GoCD server image | `gocd/gocd-server` | | `server.image.tag` | GoCD server image tag | `.Chart.appVersion` | | `server.image.pullPolicy` | Image pull policy | `IfNotPresent` | diff --git a/stable/gocd/templates/gocd-server-deployment.yaml b/stable/gocd/templates/gocd-server-deployment.yaml index ec6a49d66ecf..6ade390be4c9 100644 --- a/stable/gocd/templates/gocd-server-deployment.yaml +++ b/stable/gocd/templates/gocd-server-deployment.yaml @@ -111,7 +111,8 @@ spec: lifecycle: postStart: exec: - command: ["/bin/bash","/preconfigure_server.sh"] + command: +{{ toYaml .Values.server.preconfigureCommand | indent 18 }} {{- end }} resources: {{ toYaml .Values.server.resources | indent 12 }} diff --git a/stable/gocd/values.yaml b/stable/gocd/values.yaml index db1d430069f5..b1731b3afc90 100644 --- a/stable/gocd/values.yaml +++ b/stable/gocd/values.yaml @@ -25,6 +25,9 @@ server: # Note: If this value is set to true, then, the serviceAccount.name is configured for the GoCD server pod. The service account token is mounted as a secret and is used in the lifecycle hook. # Note: An attempt to preconfigure the GoCD server is made. There are cases where the pre-configuration can fail and the GoCD server starts with an empty config. shouldPreconfigure: true + preconfigureCommand: + - "/bin/bash" + - "/preconfigure_server.sh" image: # server.image.repository is the GoCD Server image name repository: "gocd/gocd-server" From bbcc6f1590bdaa424e04c1ca5a390c6c6da71930 Mon Sep 17 00:00:00 2001 From: Brady Todhunter Date: Tue, 18 Dec 2018 15:16:59 -0800 Subject: [PATCH 031/136] service config changes (#9765) * initial service config changes update readiness & liveness probes update chart app version. update redis chart version. update readme/notes. Signed-off-by: Brady Todhunter * Update ingress resource to work directly with NGINX ingress controller Signed-off-by: Brady Todhunter * Update readme Signed-off-by: Brady Todhunter * revert default ports in values.yaml back to original chart values. Signed-off-by: Brady Todhunter Signed-off-by: Melissa Palmer --- stable/anchore-engine/Chart.yaml | 6 +- stable/anchore-engine/README.md | 79 +++++++++++++++-- stable/anchore-engine/requirements.lock | 6 +- stable/anchore-engine/requirements.yaml | 2 +- stable/anchore-engine/templates/NOTES.txt | 8 +- .../templates/analyzer_deployment.yaml | 16 ++-- .../templates/api_deployment.yaml | 77 ++++++++-------- .../templates/catalog_deployment.yaml | 26 +++--- .../templates/engine_configmap.yaml | 14 +-- .../enterprise_feeds_deployment.yaml | 29 ++++--- .../templates/enterprise_ui_deployment.yaml | 31 ++++--- .../templates/feeds_configmap.yaml | 2 +- stable/anchore-engine/templates/ingress.yaml | 8 +- .../templates/policy_engine_deployment.yaml | 33 ++++--- .../templates/rbac_configmap.yaml | 6 +- .../templates/simplequeue_deployment.yaml | 26 +++--- stable/anchore-engine/values.yaml | 87 ++++++++++++++----- 17 files changed, 297 insertions(+), 159 deletions(-) diff --git a/stable/anchore-engine/Chart.yaml b/stable/anchore-engine/Chart.yaml index 429dd32f6d1e..86bfc2239a2c 100644 --- a/stable/anchore-engine/Chart.yaml +++ b/stable/anchore-engine/Chart.yaml @@ -1,6 +1,6 @@ name: anchore-engine -version: 0.9.0 -appVersion: 0.3.0 +version: 0.10.0 +appVersion: 0.3.1 description: Anchore container analysis and policy evaluation engine service keywords: - analysis @@ -9,7 +9,7 @@ keywords: - "anchore-engine" - image - security -home: https://anchore.io +home: https://anchore.com sources: - https://github.com/anchore/anchore-engine maintainers: diff --git a/stable/anchore-engine/README.md b/stable/anchore-engine/README.md index aae402fa0e0c..b8afabf5d4b8 100644 --- a/stable/anchore-engine/README.md +++ b/stable/anchore-engine/README.md @@ -8,7 +8,6 @@ Each of these services can be scaled and configured independently. See [Anchore Engine](https://github.com/anchore/anchore-engine) for more project details. - ## Chart Details The chart is split into global and service specific configurations for the OSS Anchore Engine, as well as global and services specific configurations for the Enterprise components. @@ -22,11 +21,14 @@ For a description of each component, view the official documentation at: [Anchor ## Installing the Anchore Engine OSS Chart TL;DR - `helm install stable/anchore-engine` +Anchore Engine will take approximately 3 minutes to bootstrap. After the initial bootstrap period, Anchore Engine will begin a vulnerability feed sync. During this time, image analysis will show zero vulnerabilities until the sync is completed. This sync can take multiple hours depending on which feeds are enabled. The following anchore-cli command is available to poll the system and report back when the engine is bootstrapped and the vulnerability feeds are all synced up. `anchore-cli system wait` + + The recommended way to install the Anchore Engine Chart is with a customized values file and a custom release name. Create a new file named `anchore_values.yaml` and add all desired custom values (examples below); then run the following command: `helm install --name -f anchore_values.yaml stable/anchore-engine` -Note: It is highly recommended to set non-default passwords when deploying. All passwords are set to defaults specified in the chart. +*Note: It is highly recommended to set non-default passwords when deploying. All passwords are set to defaults specified in the chart.* ##### Install using chart managed PostgreSQL service with custom passwords. ``` @@ -42,6 +44,30 @@ Note: It is highly recommended to set non-default passwords when deploying. All defaultAdminEmail: ``` +## Upgrading to Chart version 0.10.0 + +Ingress resources have been changed to work natively with NGINX ingress controllers. If you're using a different ingress controller, update your values.yaml file accordingly. See the __Using Ingress__ configuration section for examples of NGINX & GCE ingress controller configurations. + +Service configs have been moved from the anchoreGlobal section, to individual component sections in the values.yaml file. +If you're upgrading from a previous install and are using custom ports or serviceTypes, be sure to update your values.yaml file accordingly. + +##### v0.9.0 service config + +``` +anchoreGlobal: + service: + type: ClusterIP + apiPort: 8228 +``` + +##### v0.10.0 service config +``` +anchoreApi: + service: + type: ClusterIP + port: 8228 +``` + ## Upgrading to Chart version 0.9.0 Version 0.9.0 of the anchore-engine helm chart includes major changes to the architecture, values.yaml file, as well as introduced Anchore Enterprise components. Due to these changes, it is highly recommended that upgrades are handled with caution. Any custom values.yaml files will also need to be adjusted to match the new structure. Version upgrades have only been validated when upgrading from 0.2.6 -> 0.9.0. @@ -61,23 +87,51 @@ Engine Code Version: 0.3.0 All configurations should be appended to your custom `anchore_values.yaml` file and utilized when installing the chart. While the configuration options of Anchore Engine are extensive, the options provided by the chart are: -#### Exposing the service outside the cluster: +### Exposing the service outside the cluster: + +#### Using Ingress -Use ingress, which enables SSL termination at the LB: +This configuration allows SSL termination at the LB. + +*Note: Ingress controllers can use custom hosts or paths for routing requests. Custom paths or hosts should be set in the corresponding component configuration - anchoreEnterpriseUI.ingress or anchoreApi.ingress* + +##### NGINX Ingress Controller +``` +anchoreGlobal: + ingress: + enabled: true +``` + +##### GCE Ingress Controller ``` anchoreGlobal: ingress: enabled: true + annotations: null + + anchoreApi: + ingress: + path: /v1/* + service: + type: NodePort + + anchoreEnterpriseUi: + ingress: + path: /* + service + type: NodePort ``` -Use a LoadBalancer service type: +##### Using Service Type ``` - anchoreGlobal: + anchoreApi: service: type: LoadBalancer ``` -#### Install using an existing/external PostgreSQL service: +### Install using an existing/external PostgreSQL instance +*Note: it is recommended to use an external Postgresql instance for production installs* + ``` postgresql: postgresPassword: @@ -92,6 +146,7 @@ Use a LoadBalancer service type: ``` ### Archive Driver +*Note: it is recommended to use an external archive driver for production installs.* The archive subsystem of Anchore Engine is what stores large json documents and can consume quite a lot of storage if you analyze a lot of images. A general rule for storage provisioning is 10MB per image analyzed, so with thousands of @@ -238,7 +293,7 @@ To configure the events: ### Scaling Individual Components -As of Anchore Engine v0.3.0, all services can now be scaled-out by increasing the replica counts. The chart now supports +As of Chart version 0.9.0, all services can now be scaled-out by increasing the replica counts. The chart now supports this configuration. To set a specific number of service containers: @@ -258,6 +313,11 @@ To update the number in a running configuration: The following features are available to Anchore Enterprise customers. Please contact the Anchore team for more information about getting a license for the enterprise features. [Anchore Enterprise Demo](https://anchore.com/demo/) + * Role based access control + * Graphical User Interface + * On-prem feeds service + * Snyk vulnerability data + ### Enabling Enterprise Services Enterprise services require an Anchore Enterprise license, as well as credentials with permission to the private docker repositories that contain the enterprise images. @@ -277,7 +337,8 @@ To use this Helm chart with the enterprise services enabled, perform these steps `helm install --name -f /path/to/anchore_values.yaml stable/anchore-engine` ##### Example anchore_values.yaml file for installing Anchore Enterprise -Note: This installs with chart managed PostgreSQL & Redis databases. +*Note: This installs with chart managed PostgreSQL & Redis databases. This is not a production ready config.* + ``` ## anchore_values.yaml diff --git a/stable/anchore-engine/requirements.lock b/stable/anchore-engine/requirements.lock index 0a2924d9a412..82c75c6a50ba 100644 --- a/stable/anchore-engine/requirements.lock +++ b/stable/anchore-engine/requirements.lock @@ -7,6 +7,6 @@ dependencies: version: 1.0.0 - name: redis repository: https://kubernetes-charts.storage.googleapis.com - version: 4.2.7 -digest: sha256:7a15cbf9e0bb350d68491b7e85fec2885c1407009290cc52ee612a181942f921 -generated: 2018-11-14T21:22:15.107839-08:00 + version: 5.1.0 +digest: sha256:c72be0f60c6cb3d764e444e77a51eae11beb0b782bde8c528cb61783dab18e67 +generated: 2018-12-05T18:50:35.229545-08:00 diff --git a/stable/anchore-engine/requirements.yaml b/stable/anchore-engine/requirements.yaml index 0098f002cac4..2d06c9fdcbed 100644 --- a/stable/anchore-engine/requirements.yaml +++ b/stable/anchore-engine/requirements.yaml @@ -11,7 +11,7 @@ dependencies: alias: anchore-feeds-db - name: redis - version: "4.2.7" + version: "*" repository: "alias:stable" condition: anchore-ui-redis.enabled,anchoreEnterpriseGlobal.enabled alias: anchore-ui-redis diff --git a/stable/anchore-engine/templates/NOTES.txt b/stable/anchore-engine/templates/NOTES.txt index b0646b1781ac..9f893e65c565 100644 --- a/stable/anchore-engine/templates/NOTES.txt +++ b/stable/anchore-engine/templates/NOTES.txt @@ -1,6 +1,6 @@ To use Anchore Engine you need the URL, username, and password to access the API. -Anchore Engine can be accessed via port {{ .Values.anchoreGlobal.service.ports.extApi }} on the following DNS name from within the cluster: +Anchore Engine can be accessed via port {{ .Values.anchoreApi.service.port }} on the following DNS name from within the cluster: {{ template "anchore-engine.api.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local Here are the steps to configure the anchore-cli (`pip install anchorecli`). Use these same values for direct API access as well. @@ -10,15 +10,15 @@ To configure your anchore-cli run: ANCHORE_CLI_USER=admin ANCHORE_CLI_PASS=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ template "anchore-engine.fullname" . }} -o jsonpath="{.data.ANCHORE_ADMIN_PASSWORD}" | base64 --decode; echo) {{ if .Values.anchoreApi.ingress.enabled }} - ANCHORE_CLI_URL=http://$(kubectl get ingress --namespace {{ .Release.Namespace }} {{ template "anchore-engine.api.fullname" . }} -o jsonpath="{.status.loadBalancer.ingress[0].ip}") + ANCHORE_CLI_URL=http://$(kubectl get ingress --namespace {{ .Release.Namespace }} {{ template "anchore-engine.api.fullname" . }} -o jsonpath="{.status.loadBalancer.ingress[0].ip}")/v1/ {{ else }} Using the service endpoint from within the cluster you can use: - ANCHORE_CLI_URL=http://{{ template "anchore-engine.api.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.anchoreGlobal.service.ports.extApi}}/v1/ + ANCHORE_CLI_URL=http://{{ template "anchore-engine.api.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.anchoreApi.service.port}}/v1/ {{ end }} To verify the service is up and running, you can run container for the Anchore Engine CLI: - kubectl run -i --tty anchore-cli --restart=Always --image anchore/engine-cli --env ANCHORE_CLI_USER=admin --env ANCHORE_CLI_PASS=${ANCHORE_CLI_PASS} --env ANCHORE_CLI_URL=http://{{ template "anchore-engine.api.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.anchoreGlobal.service.ports.extApi}}/v1/ + kubectl run -i --tty anchore-cli --restart=Always --image anchore/engine-cli --env ANCHORE_CLI_USER=admin --env ANCHORE_CLI_PASS=${ANCHORE_CLI_PASS} --env ANCHORE_CLI_URL=http://{{ template "anchore-engine.api.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.anchoreApi.service.port}}/v1/ from within the container you can use 'anchore-cli' commands. diff --git a/stable/anchore-engine/templates/analyzer_deployment.yaml b/stable/anchore-engine/templates/analyzer_deployment.yaml index 21373990825e..0e7daaa957c8 100644 --- a/stable/anchore-engine/templates/analyzer_deployment.yaml +++ b/stable/anchore-engine/templates/analyzer_deployment.yaml @@ -43,7 +43,7 @@ spec: fieldPath: metadata.name ports: - name: analyzer-api - containerPort: {{ .Values.anchoreGlobal.service.ports.analyzer }} + containerPort: {{ .Values.anchoreAnalyzer.containerPort }} volumeMounts: - name: config-volume mountPath: /config/config.yaml @@ -59,17 +59,19 @@ spec: httpGet: path: /health port: analyzer-api - initialDelaySeconds: 10 - periodSeconds: 60 - failureThreshold: 5 + initialDelaySeconds: 120 + timeoutSeconds: 10 + periodSeconds: 10 + failureThreshold: 6 + successThreshold: 1 readinessProbe: httpGet: path: /health port: analyzer-api - initialDelaySeconds: 5 - periodSeconds: 10 timeoutSeconds: 10 - failureThreshold: 10 + periodSeconds: 10 + failureThreshold: 3 + successThreshold: 1 resources: {{ toYaml .Values.anchoreAnalyzer.resources | indent 10 }} volumes: diff --git a/stable/anchore-engine/templates/api_deployment.yaml b/stable/anchore-engine/templates/api_deployment.yaml index 398346332ca8..6cbba1f9e853 100644 --- a/stable/anchore-engine/templates/api_deployment.yaml +++ b/stable/anchore-engine/templates/api_deployment.yaml @@ -59,7 +59,7 @@ spec: fieldRef: fieldPath: metadata.name ports: - - containerPort: {{ .Values.anchoreGlobal.service.ports.extApi }} + - containerPort: {{ .Values.anchoreApi.service.port }} name: external-api volumeMounts: - name: config-volume @@ -70,22 +70,23 @@ spec: mountPath: {{ default "/certs" .Values.anchoreGlobal.internalServicesSsl.certDir }} readOnly: true {{- end }} - readinessProbe: + livenessProbe: httpGet: path: /health port: external-api - initialDelaySeconds: 60 - periodSeconds: 10 + initialDelaySeconds: 120 timeoutSeconds: 10 - failureThreshold: 10 - livenessProbe: + periodSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: httpGet: path: /health port: external-api timeoutSeconds: 10 - initialDelaySeconds: 60 - periodSeconds: 30 - failureThreshold: 10 + periodSeconds: 10 + failureThreshold: 3 + successThreshold: 1 resources: {{ toYaml .Values.anchoreApi.resources | indent 10 }} @@ -106,7 +107,7 @@ spec: fieldRef: fieldPath: metadata.name ports: - - containerPort: {{ .Values.anchoreGlobal.service.ports.rbacApi }} + - containerPort: {{ .Values.anchoreEnterpriseRbac.service.apiPort }} name: rbac-manager volumeMounts: - name: anchore-license @@ -120,22 +121,23 @@ spec: mountPath: {{ default "/certs" .Values.anchoreGlobal.internalServicesSsl.certDir }} readOnly: true {{- end }} - readinessProbe: + livenessProbe: httpGet: path: /health port: rbac-manager - initialDelaySeconds: 60 - periodSeconds: 10 + initialDelaySeconds: 120 timeoutSeconds: 10 - failureThreshold: 10 - livenessProbe: + periodSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: httpGet: path: /health port: rbac-manager timeoutSeconds: 10 - initialDelaySeconds: 60 - periodSeconds: 30 - failureThreshold: 10 + periodSeconds: 10 + failureThreshold: 3 + successThreshold: 1 resources: {{ toYaml .Values.anchoreEnterpriseRbac.managerResources | indent 10 }} @@ -155,7 +157,7 @@ spec: fieldRef: fieldPath: metadata.name ports: - - containerPort: {{ .Values.anchoreGlobal.service.ports.rbacAuth }} + - containerPort: {{ .Values.anchoreEnterpriseRbac.service.authPort }} name: rbac-auth volumeMounts: - name: anchore-license @@ -169,24 +171,27 @@ spec: mountPath: {{ default "/certs" .Values.anchoreGlobal.internalServicesSsl.certDir }} readOnly: true {{- end }} - readinessProbe: + livenessProbe: exec: command: - curl - - 'localhost:{{ .Values.anchoreGlobal.service.ports.rbacAuth }}/health' - initialDelaySeconds: 60 - periodSeconds: 10 + - -f + - 'localhost:{{ .Values.anchoreEnterpriseRbac.service.authPort }}/health' + initialDelaySeconds: 120 timeoutSeconds: 10 - failureThreshold: 10 - livenessProbe: + periodSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: exec: command: - curl - - 'localhost:{{ .Values.anchoreGlobal.service.ports.rbacAuth }}/health' + - -f + - 'localhost:{{ .Values.anchoreEnterpriseRbac.service.authPort }}/health' timeoutSeconds: 10 - initialDelaySeconds: 60 - periodSeconds: 30 - failureThreshold: 10 + periodSeconds: 10 + failureThreshold: 3 + successThreshold: 1 resources: {{ toYaml .Values.anchoreEnterpriseRbac.authResources | indent 10 }} @@ -218,17 +223,21 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: {{ $component }} + {{- if .Values.anchoreApi.service.annotations }} + annotations: +{{ toYaml .Values.anchoreApi.service.annotations | indent 4 }} + {{- end }} spec: - type: {{ .Values.anchoreGlobal.service.type }} + type: {{ .Values.anchoreApi.service.type }} ports: - name: anchore-external-api - port: {{ .Values.anchoreGlobal.service.ports.extApi }} - targetPort: {{ .Values.anchoreGlobal.service.ports.extApi }} + port: {{ .Values.anchoreApi.service.port }} + targetPort: {{ .Values.anchoreApi.service.port }} protocol: TCP {{- if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseRbac.enabled }} - name: anchore-rbac-manager - port: {{ .Values.anchoreGlobal.service.ports.rbacApi }} - targetPort: {{ .Values.anchoreGlobal.service.ports.rbacApi }} + port: {{ .Values.anchoreEnterpriseRbac.service.apiPort }} + targetPort: {{ .Values.anchoreEnterpriseRbac.service.apiPort }} protocol: TCP {{- end }} selector: diff --git a/stable/anchore-engine/templates/catalog_deployment.yaml b/stable/anchore-engine/templates/catalog_deployment.yaml index c5ac88fd3cb5..b48dd4dc3934 100644 --- a/stable/anchore-engine/templates/catalog_deployment.yaml +++ b/stable/anchore-engine/templates/catalog_deployment.yaml @@ -43,7 +43,7 @@ spec: fieldPath: metadata.name ports: - name: catalog - containerPort: {{ .Values.anchoreGlobal.service.ports.catalog }} + containerPort: {{ .Values.anchoreCatalog.service.port }} volumeMounts: - name: config-volume mountPath: /config/config.yaml @@ -57,17 +57,19 @@ spec: httpGet: path: /health port: catalog - initialDelaySeconds: 10 - periodSeconds: 60 - failureThreshold: 5 + initialDelaySeconds: 120 + timeoutSeconds: 10 + periodSeconds: 10 + failureThreshold: 6 + successThreshold: 1 readinessProbe: httpGet: path: /health port: catalog - initialDelaySeconds: 5 - periodSeconds: 10 timeoutSeconds: 10 - failureThreshold: 10 + periodSeconds: 10 + failureThreshold: 3 + successThreshold: 1 resources: {{ toYaml .Values.anchoreCatalog.resources | indent 10 }} volumes: @@ -103,12 +105,16 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: {{ $component }} + {{- if .Values.anchoreCatalog.service.annotations }} + annotations: +{{ toYaml .Values.anchoreCatalog.service.annotations | indent 4 }} + {{- end }} spec: - type: {{ .Values.anchoreGlobal.service.type }} + type: {{ .Values.anchoreCatalog.service.type }} ports: - name: anchore-catalog-api - port: {{ .Values.anchoreGlobal.service.ports.catalog }} - targetPort: {{ .Values.anchoreGlobal.service.ports.catalog }} + port: {{ .Values.anchoreCatalog.service.port }} + targetPort: {{ .Values.anchoreCatalog.service.port }} protocol: TCP selector: app: {{ template "anchore-engine.fullname" . }} diff --git a/stable/anchore-engine/templates/engine_configmap.yaml b/stable/anchore-engine/templates/engine_configmap.yaml index 571542156766..9d177af1eb37 100644 --- a/stable/anchore-engine/templates/engine_configmap.yaml +++ b/stable/anchore-engine/templates/engine_configmap.yaml @@ -68,7 +68,7 @@ data: snyk: false {{- end }} {{- if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseFeeds.enabled }} - url: 'http://{{ template "anchore-engine.enterprise-feeds.fullname" . }}:{{ .Values.anchoreGlobal.service.ports.feedsApi }}/v1/feeds' + url: 'http://{{ template "anchore-engine.enterprise-feeds.fullname" . }}:{{ .Values.anchoreEnterpriseFeeds.service.port }}/v1/feeds' client_url: token_url: {{- else }} @@ -98,11 +98,11 @@ data: require_auth: true endpoint_hostname: {{ template "anchore-engine.api.fullname" . }} listen: '0.0.0.0' - port: {{ .Values.anchoreGlobal.service.ports.extApi }} + port: {{ .Values.anchoreApi.service.port }} {{- if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseRbac.enabled }} authorization_handler: external authorization_handler_config: - endpoint: "http://localhost:{{ .Values.anchoreGlobal.service.ports.rbacAuth }}" + endpoint: "http://localhost:{{ .Values.anchoreEnterpriseRbac.service.authPort }}" {{- end }} ssl_enable: {{ .Values.anchoreGlobal.internalServicesSslEnabled }} ssl_cert: {{ .Values.anchoreGlobal.internalServicesSsl.certDir -}}/{{- .Values.anchoreGlobal.internalServicesSsl.certSecretCertName }} @@ -112,7 +112,7 @@ data: require_auth: true endpoint_hostname: {{ template "anchore-engine.analyzer.fullname" . }} listen: '0.0.0.0' - port: {{ .Values.anchoreGlobal.service.ports.analyzer }} + port: {{ .Values.anchoreAnalyzer.containerPort }} cycle_timer_seconds: 1 cycle_timers: {{ toYaml .Values.anchoreAnalyzer.cycleTimers | indent 10 }} @@ -126,7 +126,7 @@ data: require_auth: true endpoint_hostname: {{ template "anchore-engine.catalog.fullname" . }} listen: '0.0.0.0' - port: {{ .Values.anchoreGlobal.service.ports.catalog }} + port: {{ .Values.anchoreCatalog.service.port }} cycle_timer_seconds: '1' cycle_timers: {{ toYaml .Values.anchoreCatalog.cycleTimers | indent 10 }} @@ -142,7 +142,7 @@ data: require_auth: true endpoint_hostname: {{ template "anchore-engine.simplequeue.fullname" . }} listen: '0.0.0.0' - port: {{ .Values.anchoreGlobal.service.ports.simplequeue }} + port: {{ .Values.anchoreSimpleQueue.service.port }} ssl_enable: {{ .Values.anchoreGlobal.internalServicesSslEnabled }} ssl_cert: {{ .Values.anchoreGlobal.internalServicesSsl.certDir -}}/{{- .Values.anchoreGlobal.internalServicesSsl.certSecretCertName }} ssl_key: {{ .Values.anchoreGlobal.internalServicesSsl.certDir -}}/{{- .Values.anchoreGlobal.internalServicesSsl.certSecretKeyName }} @@ -151,7 +151,7 @@ data: require_auth: true endpoint_hostname: {{ template "anchore-engine.policy-engine.fullname" . }} listen: '0.0.0.0' - port: {{ .Values.anchoreGlobal.service.ports.policyEngine }} + port: {{ .Values.anchorePolicyEngine.service.port }} cycle_timer_seconds: 1 cycle_timers: {{ toYaml .Values.anchorePolicyEngine.cycleTimers | indent 10 }} diff --git a/stable/anchore-engine/templates/enterprise_feeds_deployment.yaml b/stable/anchore-engine/templates/enterprise_feeds_deployment.yaml index bebe015dc20c..75b1f23885a4 100644 --- a/stable/anchore-engine/templates/enterprise_feeds_deployment.yaml +++ b/stable/anchore-engine/templates/enterprise_feeds_deployment.yaml @@ -44,7 +44,7 @@ spec: command: ["/usr/local/bin/anchore-enterprise-manager"] args: ["service", "start", "feeds"] ports: - - containerPort: {{ .Values.anchoreGlobal.service.ports.feedsApi }} + - containerPort: {{ .Values.anchoreEnterpriseFeeds.service.port }} name: feeds-api envFrom: - secretRef: @@ -79,22 +79,23 @@ spec: - name: anchore-license mountPath: /license.yaml subPath: license.yaml - readinessProbe: + livenessProbe: httpGet: path: /health port: feeds-api - initialDelaySeconds: 60 - periodSeconds: 10 + initialDelaySeconds: 120 timeoutSeconds: 10 - failureThreshold: 10 - livenessProbe: + periodSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: httpGet: path: /health port: feeds-api timeoutSeconds: 10 - initialDelaySeconds: 60 - periodSeconds: 30 - failureThreshold: 10 + periodSeconds: 10 + failureThreshold: 3 + successThreshold: 1 resources: {{ toYaml .Values.anchoreEnterpriseFeeds.resources | indent 10 }} {{- if .Values.anchoreEnterpriseFeeds.nodeSelector }} @@ -121,12 +122,16 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: {{ $component }} + {{- if .Values.anchoreEnterpriseFeeds.service.annotations }} + annotations: +{{ toYaml .Values.anchoreEnterpriseFeeds.service.annotations | indent 4 }} + {{- end }} spec: - type: {{ .Values.anchoreGlobal.service.type }} + type: {{ .Values.anchoreEnterpriseFeeds.service.type }} ports: - name: feeds-api - port: {{ .Values.anchoreGlobal.service.ports.feedsApi }} - targetPort: {{ .Values.anchoreGlobal.service.ports.feedsApi }} + port: {{ .Values.anchoreEnterpriseFeeds.service.port }} + targetPort: {{ .Values.anchoreEnterpriseFeeds.service.port }} protocol: TCP selector: app: {{ template "anchore-engine.fullname" . }} diff --git a/stable/anchore-engine/templates/enterprise_ui_deployment.yaml b/stable/anchore-engine/templates/enterprise_ui_deployment.yaml index 3d6c9317631f..dbcf1837e5ef 100644 --- a/stable/anchore-engine/templates/enterprise_ui_deployment.yaml +++ b/stable/anchore-engine/templates/enterprise_ui_deployment.yaml @@ -54,12 +54,12 @@ spec: value: {{ printf "redis://:$(REDIS_PASSWORD)@%s-master:6379" ( include "redis.fullname" . ) }} {{- end }} - name: ANCHORE_ENGINE_URI - value: 'http://{{ template "anchore-engine.api.fullname" . }}:{{ .Values.anchoreGlobal.service.ports.extApi }}/v1' + value: 'http://{{ template "anchore-engine.api.fullname" . }}:{{ .Values.anchoreApi.service.port }}/v1' - name: ANCHORE_LICENSE_PATH value: '/' {{- if .Values.anchoreEnterpriseRbac.enabled }} - name: ANCHORE_RBAC_URI - value: 'http://{{ template "anchore-engine.api.fullname" . }}:{{ .Values.anchoreGlobal.service.ports.rbacApi }}/v1' + value: 'http://{{ template "anchore-engine.api.fullname" . }}:{{ .Values.anchoreEnterpriseRbac.service.apiPort }}/v1' {{- end }} - name: ANCHORE_ENABLE_SSL value: '{{ .Values.anchoreEnterpriseUi.enableSsl }}' @@ -75,22 +75,21 @@ spec: - name: anchore-license mountPath: "/license.yaml" subPath: license.yaml - readinessProbe: + livenessProbe: httpGet: - path: /service/health + path: / port: enterprise-ui - initialDelaySeconds: 60 + initialDelaySeconds: 120 periodSeconds: 10 - timeoutSeconds: 10 - failureThreshold: 10 - livenessProbe: + failureThreshold: 6 + successThreshold: 1 + readinessProbe: httpGet: path: /service/health port: enterprise-ui - timeoutSeconds: 10 - initialDelaySeconds: 60 - periodSeconds: 30 - failureThreshold: 10 + periodSeconds: 10 + failureThreshold: 3 + successThreshold: 1 resources: {{ toYaml .Values.anchoreEnterpriseUi.resources | indent 10 }} {{- if .Values.anchoreEnterpriseUi.nodeSelector }} @@ -117,12 +116,16 @@ metadata: chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" release: "{{ .Release.Name }}" heritage: "{{ .Release.Service }}" + {{- if .Values.anchoreEnterpriseUi.service.annotations }} + annotations: +{{ toYaml .Values.anchoreEnterpriseUi.service.annotations | indent 4 }} + {{- end }} spec: sessionAffinity: ClientIP - type: {{ .Values.anchoreGlobal.service.type }} + type: {{ .Values.anchoreEnterpriseUi.service.type }} ports: - name: enterprise-ui - port: {{ .Values.anchoreGlobal.service.ports.uiHttp }} + port: {{ .Values.anchoreEnterpriseUi.service.port }} protocol: TCP targetPort: 3000 selector: diff --git a/stable/anchore-engine/templates/feeds_configmap.yaml b/stable/anchore-engine/templates/feeds_configmap.yaml index b971deafe583..a8f7d9366ef4 100644 --- a/stable/anchore-engine/templates/feeds_configmap.yaml +++ b/stable/anchore-engine/templates/feeds_configmap.yaml @@ -45,7 +45,7 @@ data: require_auth: true endpoint_hostname: {{ template "anchore-engine.enterprise-feeds.fullname" . }} listen: '0.0.0.0' - port: {{ .Values.anchoreGlobal.service.ports.feedsApi }} + port: {{ .Values.anchoreEnterpriseFeeds.service.port }} # Time delay in seconds between consecutive driver runs for processing data cycle_timers: {{ toYaml .Values.anchoreEnterpriseFeeds.cycleTimers | indent 10 }} diff --git a/stable/anchore-engine/templates/ingress.yaml b/stable/anchore-engine/templates/ingress.yaml index ef8ae3c62e30..7b91d023cf9f 100644 --- a/stable/anchore-engine/templates/ingress.yaml +++ b/stable/anchore-engine/templates/ingress.yaml @@ -32,7 +32,7 @@ spec: - path: {{ $.Values.anchoreApi.ingress.path }} backend: serviceName: "{{ template "anchore-engine.api.fullname" $ }}" - servicePort: {{ $.Values.anchoreGlobal.service.ports.extApi }} + servicePort: {{ $.Values.anchoreApi.service.port }} {{- end }} {{- if and (and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseUi.enabled) .Values.anchoreEnterpriseUi.ingress.hosts }} {{- range .Values.anchoreEnterpriseUi.ingress.hosts }} @@ -42,7 +42,7 @@ spec: - path: {{ $.Values.anchoreEnterpriseUi.ingress.path }} backend: serviceName: "{{ template "anchore-engine.enterprise-ui.fullname" $ }}" - servicePort: {{ $.Values.anchoreGlobal.service.ports.uiHttp }} + servicePort: {{ $.Values.anchoreEnterpriseUi.service.port }} {{- end }} {{- end }} {{- else }} @@ -51,12 +51,12 @@ spec: - path: {{ $.Values.anchoreApi.ingress.path }} backend: serviceName: "{{ template "anchore-engine.api.fullname" $ }}" - servicePort: {{ $.Values.anchoreGlobal.service.ports.extApi }} + servicePort: {{ $.Values.anchoreApi.service.port }} {{- if and .Values.anchoreEnterpriseGlobal.enabled .Values.anchoreEnterpriseUi.enabled }} - path: {{ $.Values.anchoreEnterpriseUi.ingress.path }} backend: serviceName: "{{ template "anchore-engine.enterprise-ui.fullname" $ }}" - servicePort: {{ $.Values.anchoreGlobal.service.ports.uiHttp }} + servicePort: {{ $.Values.anchoreEnterpriseUi.service.port }} {{- end }} {{- end }} {{- end -}} diff --git a/stable/anchore-engine/templates/policy_engine_deployment.yaml b/stable/anchore-engine/templates/policy_engine_deployment.yaml index 6e44e74e72cc..a5da658f53cd 100644 --- a/stable/anchore-engine/templates/policy_engine_deployment.yaml +++ b/stable/anchore-engine/templates/policy_engine_deployment.yaml @@ -43,7 +43,7 @@ spec: fieldPath: metadata.name ports: - name: policy - containerPort: {{ .Values.anchoreGlobal.service.ports.policyEngine }} + containerPort: {{ .Values.anchorePolicyEngine.service.port }} volumeMounts: - name: config-volume mountPath: /config/config.yaml @@ -54,21 +54,22 @@ spec: readOnly: true {{- end }} livenessProbe: - exec: - command: - - pgrep - - twistd - initialDelaySeconds: 10 - periodSeconds: 60 - failureThreshold: 5 - readinessProbe: httpGet: path: /health port: policy - initialDelaySeconds: 5 + initialDelaySeconds: 120 + timeoutSeconds: 10 periodSeconds: 10 + failureThreshold: 6 + successThreshold: 1 + readinessProbe: + httpGet: + path: /health + port: policy timeoutSeconds: 10 - failureThreshold: 10 + periodSeconds: 10 + failureThreshold: 3 + successThreshold: 1 resources: {{ toYaml .Values.anchorePolicyEngine.resources | indent 10 }} volumes: @@ -104,12 +105,16 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: {{ $component }} + {{- if .Values.anchorePolicyEngine.service.annotations }} + annotations: +{{ toYaml .Values.anchorePolicyEngine.service.annotations | indent 4 }} + {{- end }} spec: - type: {{ .Values.anchoreGlobal.service.type }} + type: {{ .Values.anchorePolicyEngine.service.type }} ports: - name: anchore-policy-api - port: {{ .Values.anchoreGlobal.service.ports.policyEngine }} - targetPort: {{ .Values.anchoreGlobal.service.ports.policyEngine }} + port: {{ .Values.anchorePolicyEngine.service.port }} + targetPort: {{ .Values.anchorePolicyEngine.service.port }} protocol: TCP selector: app: {{ template "anchore-engine.fullname" . }} diff --git a/stable/anchore-engine/templates/rbac_configmap.yaml b/stable/anchore-engine/templates/rbac_configmap.yaml index 556dfadbb0a4..47f9982ae3af 100644 --- a/stable/anchore-engine/templates/rbac_configmap.yaml +++ b/stable/anchore-engine/templates/rbac_configmap.yaml @@ -47,7 +47,7 @@ data: require_auth: True endpoint_hostname: localhost listen: '127.0.0.1' - port: {{ .Values.anchoreGlobal.service.ports.rbacAuth }} + port: {{ .Values.anchoreEnterpriseRbac.service.authPort }} ssl_cert: {{ .Values.anchoreGlobal.internalServicesSsl.certDir -}}/{{- .Values.anchoreGlobal.internalServicesSsl.certSecretCertName }} ssl_key: {{ .Values.anchoreGlobal.internalServicesSsl.certDir -}}/{{- .Values.anchoreGlobal.internalServicesSsl.certSecretKeyName }} ssl_enable: {{ .Values.anchoreGlobal.internalServicesSslEnabled }} @@ -56,10 +56,10 @@ data: require_auth: True endpoint_hostname: {{ template "anchore-engine.api.fullname" . }} listen: '0.0.0.0' - port: {{ .Values.anchoreGlobal.service.ports.rbacApi }} + port: {{ .Values.anchoreEnterpriseRbac.service.apiPort }} authorization_handler: external authorization_handler_config: - endpoint: 'http://localhost:{{ .Values.anchoreGlobal.service.ports.rbacAuth }}' + endpoint: 'http://localhost:{{ .Values.anchoreEnterpriseRbac.service.authPort }}' ssl_cert: {{ .Values.anchoreGlobal.internalServicesSsl.certDir -}}/{{- .Values.anchoreGlobal.internalServicesSsl.certSecretCertName }} ssl_key: {{ .Values.anchoreGlobal.internalServicesSsl.certDir -}}/{{- .Values.anchoreGlobal.internalServicesSsl.certSecretKeyName }} ssl_enable: {{ .Values.anchoreGlobal.internalServicesSslEnabled }} diff --git a/stable/anchore-engine/templates/simplequeue_deployment.yaml b/stable/anchore-engine/templates/simplequeue_deployment.yaml index bcea6fa33077..993f328c8c08 100644 --- a/stable/anchore-engine/templates/simplequeue_deployment.yaml +++ b/stable/anchore-engine/templates/simplequeue_deployment.yaml @@ -43,7 +43,7 @@ spec: fieldPath: metadata.name ports: - name: simplequeue - containerPort: {{ .Values.anchoreGlobal.service.ports.simplequeue }} + containerPort: {{ .Values.anchoreSimpleQueue.service.port }} volumeMounts: - name: config-volume mountPath: /config/config.yaml @@ -57,17 +57,19 @@ spec: httpGet: path: /health port: simplequeue - initialDelaySeconds: 10 - periodSeconds: 60 - failureThreshold: 5 + initialDelaySeconds: 120 + timeoutSeconds: 10 + periodSeconds: 10 + failureThreshold: 6 + successThreshold: 1 readinessProbe: httpGet: path: /health port: simplequeue - initialDelaySeconds: 5 - periodSeconds: 10 timeoutSeconds: 10 - failureThreshold: 10 + periodSeconds: 10 + failureThreshold: 3 + successThreshold: 1 resources: {{ toYaml .Values.anchoreSimpleQueue.resources | indent 10 }} volumes: @@ -103,12 +105,16 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: {{ $component }} + {{- if .Values.anchoreSimpleQueue.service.annotations }} + annotations: +{{ toYaml .Values.anchoreSimpleQueue.service.annotations | indent 4 }} + {{- end }} spec: - type: {{ .Values.anchoreGlobal.service.type }} + type: {{ .Values.anchoreSimpleQueue.service.type }} ports: - name: anchore-simplequeue-api - port: {{ .Values.anchoreGlobal.service.ports.simplequeue }} - targetPort: {{ .Values.anchoreGlobal.service.ports.simplequeue }} + port: {{ .Values.anchoreSimpleQueue.service.port }} + targetPort: {{ .Values.anchoreSimpleQueue.service.port }} protocol: TCP selector: app: {{ template "anchore-engine.fullname" . }} diff --git a/stable/anchore-engine/values.yaml b/stable/anchore-engine/values.yaml index 2d527027f89e..71bb36c8c489 100644 --- a/stable/anchore-engine/values.yaml +++ b/stable/anchore-engine/values.yaml @@ -24,32 +24,19 @@ anchoreGlobal: image: # Can use 'latest' tag but not recommended repository: docker.io/anchore/anchore-engine - tag: v0.3.0 + tag: v0.3.1 pullPolicy: IfNotPresent - # K8s service configuration for all anchore engine APIs, must be reachable inside the cluster by all other services and users - service: - type: ClusterIP - ports: - analyzer: 8084 - extApi: 8228 - simplequeue: 8083 - catalog: 8082 - policyEngine: 8087 - kubernetesWebhook: 8338 - # For enterprise customers only - feedsApi: 8448 - uiHttp: 80 - rbacApi: 8229 - rbacAuth: 8089 - # Create an ingress resource for all external anchore engine services. + # By default this chart is setup to use the NGINX ingress controller which needs to be installed & configured on your cluster. + # To utilize a GCE ingress controller comment out the annotations below, also edit path configurion the UI & Api configs as per the comments. # Ingress paths/hosts can be setup for the anchoreApi & anchoreEnterpriseUi deployments in the corresponding values sections. ingress: enabled: false - annotations: {} + annotations: + kubernetes.io/ingress.class: nginx + # nginx.ingress.kubernetes.io/ssl-redirect: "false" # kubernetes.io/ingress.allow-http: false - # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: true tls: [] # Secrets must be manually created in the namespace. @@ -57,6 +44,9 @@ anchoreGlobal: # hosts: # - chart-example.local + ### + # Start of General Anchore Engine Configurations (populates config.yaml) + ### # Set where default configs are placed at startup. This must be a writable location for the pod. serviceDir: /anchore_service_config logLevel: INFO @@ -109,6 +99,7 @@ anchoreGlobal: # is very IO intensive. Use of affinity/anti-affinity rules for scheduling the analyzers is future work. anchoreAnalyzer: replicaCount: 1 + containerPort: 8084 # The cycle timer is the interval between checks to the work queue for new jobs cycleTimers: @@ -144,10 +135,19 @@ anchoreAnalyzer: anchoreApi: replicaCount: 1 + # kubernetes service configuration for anchore external API + service: + type: ClusterIP + port: 8228 + annotations: {} + # Used to create Ingress record for the anchore engine external API (api service) # (should used with service.type: ClusterIP or NodePort depending on platform) ingress: - path: /v1/* + # For GCE ingress controllers use the following path + # path: /v1/* + # By default this is configured to use an NGINX ingress controller. + path: /v1/ # You can bound on specific hostnames # hosts: # - anchore-api.local @@ -242,6 +242,12 @@ anchoreCatalog: # # Create the container if it is not already present # create_container: false + # kubernetes service configuration for anchore catalog api + service: + type: ClusterIP + port: 8082 + annotations: {} + # resources: # limits: # cpu: 100m @@ -259,12 +265,19 @@ anchoreCatalog: anchorePolicyEngine: replicaCount: 1 + # Intervals to run specific events on (seconds) cycleTimers: # Interval to run a feed sync to get latest cve data feed_sync: 14400 # Interval between checks to see if there needs to be a task queued feed_sync_checker: 3600 + # kubernetes service configuration for anchore policy engine api + service: + type: ClusterIP + port: 8087 + annotations: {} + # resources: # limits: # cpu: 100m @@ -282,6 +295,12 @@ anchorePolicyEngine: anchoreSimpleQueue: replicaCount: 1 + # kubernetes service configuration for anchore simplequeue api + service: + type: ClusterIP + port: 8083 + annotations: {} + # resources: # limits: # cpu: 100m @@ -307,7 +326,7 @@ anchoreEnterpriseGlobal: image: repository: docker.io/anchore/enterprise - tag: v0.3.0 + tag: v0.3.1 pullPolicy: IfNotPresent # Configure the second postgres database instance for the enterprise feeds service. @@ -346,6 +365,12 @@ anchoreEnterpriseFeeds: connectionPoolSize: 30 connectionPoolMaxOverflow: 100 + # kubernetes service configuration for anchore feeds service api + service: + type: ClusterIP + port: 8448 + annotations: {} + # Staging space for holding normalized output from drivers. scratchVolume: mountPath: /scratch @@ -370,6 +395,13 @@ anchoreEnterpriseFeeds: # This component consists of 2 containers that run as side-cars in the anchore engine api pod. anchoreEnterpriseRbac: enabled: true + + # Kubernetes service config - annotations & serviceType configs must be set in anchoreApi + # Due to RBAC sharing a service with the general API. + service: + apiPort: 8229 + authPort: 8089 + # authResources: # limits: # cpu: 100m @@ -404,11 +436,20 @@ anchoreEnterpriseUi: image: repository: docker.io/anchore/enterprise-ui - tag: v0.3.0 + tag: v0.3.1 pullPolicy: IfNotPresent + # kubernetes service configuration for anchore UI + service: + type: ClusterIP + port: 80 + annotations: {} + ingress: - path: /* + # For GCE ingress controllers use the following path + # path: /* + # By default this is configured to use an NGINX ingress controller. + path: / # You can bound on specific hostnames # hosts: # - anchore-ui.local From 2c44bbd79edacd4e3ce1e5270b1d0a4ba2a9bc43 Mon Sep 17 00:00:00 2001 From: Vishwanath Date: Tue, 18 Dec 2018 16:11:31 -0800 Subject: [PATCH 032/136] Fixing readme feedbacks (#9158) * Fix readme Signed-off-by: Vishwanath Narasimhan * updating readme Signed-off-by: Vishwanath Narasimhan * readme more updates Signed-off-by: Vishwanath Narasimhan * fixing some formatting in readme Signed-off-by: Vishwanath Narasimhan * fix bulleting in readme Signed-off-by: Vishwanath Narasimhan * fix typo Signed-off-by: Vishwanath Narasimhan * fix readme again. Signed-off-by: Vishwanath Narasimhan * Bumping version Signed-off-by: Vishwanath Narasimhan * Dummy change to trigger circleci again Signed-off-by: Vishwanath Narasimhan * Fixing trailing white space Signed-off-by: Vishwanath Narasimhan * updating agent version Signed-off-by: Vishwanath Narasimhan * fix Signed-off-by: Vishwanath Narasimhan * fix newlinw Signed-off-by: Vishwanath Narasimhan * fix newline Signed-off-by: Vishwanath Narasimhan * fix new line Signed-off-by: Vishwanath Narasimhan * fix chart.yaml Signed-off-by: Vishwanath Narasimhan * fix name Signed-off-by: Vishwanath Narasimhan Signed-off-by: Melissa Palmer --- incubator/azuremonitor-containers/Chart.yaml | 10 +++++----- incubator/azuremonitor-containers/README.md | 12 +++++------- incubator/azuremonitor-containers/values.yaml | 4 ++-- 3 files changed, 12 insertions(+), 14 deletions(-) diff --git a/incubator/azuremonitor-containers/Chart.yaml b/incubator/azuremonitor-containers/Chart.yaml index 8322450e91ca..883914225e8b 100644 --- a/incubator/azuremonitor-containers/Chart.yaml +++ b/incubator/azuremonitor-containers/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 2.0.0-3 description: Helm chart for deploying Azure Monitor container monitoring agent in Kubernetes name: azuremonitor-containers -version: 0.3.0 +version: 0.4.0 keywords: - monitoring - azuremonitor @@ -11,12 +11,12 @@ keywords: - logs - containerhealth - kubernetesmonitoring + - acs-engine + - aks-engine home: https://docs.microsoft.com/en-us/azure/monitoring/monitoring-container-health icon: https://raw.githubusercontent.com/Microsoft/OMS-docker/ci_feature/img/azuremonitor-containers.svg sources: - https://github.com/Microsoft/OMS-docker/tree/ci_feature_prod -maintainer: - - name: Vishwanath Narasimhan +maintainers: + - name: vishiy email: visnara@microsoft.com - - name: Keiko Harada - email: keikhara@microsoft.com diff --git a/incubator/azuremonitor-containers/README.md b/incubator/azuremonitor-containers/README.md index a11829751c94..70d9d54b351f 100644 --- a/incubator/azuremonitor-containers/README.md +++ b/incubator/azuremonitor-containers/README.md @@ -6,8 +6,6 @@ This article describes how to set up and use [Azure Monitor - Containers](https://docs.microsoft.com/en-us/azure/monitoring/monitoring-container-health) to monitor the health and performance of your workloads deployed to Kubernetes environments. Monitoring your Kubernetes cluster and containers is critical, especially when running a production cluster, at scale, with multiple applications. -*This is a private preview. If you like to be part of the private preview, please fill in the form* [here]((https://forms.office.com/Pages/ResponsePage.aspx?id=v4j5cvGGr0GRqy180BHbR5SUgbotTSlNh-jO0uLfw51UOVBTMzFCMVIyWVEzT09NWVpDOTc0UFhENC4u)). - --- ## Pre-requisites @@ -16,7 +14,7 @@ This article describes how to set up and use [Azure Monitor - Containers](https: - You will need to create a location to store your monitoring data. -1. [Create Azure Log Analytics Workspace](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-create-workspace)) +1. [Create Azure Log Analytics Workspace](https://docs.microsoft.com/en-us/azure/log-analytics/log-analytics-quick-create-workspace) - You will need to add AzureMonitor-Containers solution to your workspace from #1 above @@ -37,11 +35,11 @@ $ helm install --name myrelease-1 \ ## Uninstalling the Chart -To uninstall/delete the `azuremonitorcontainers` release: +To uninstall/delete the `myrelease-1` release: ```bash -$ helm del --purge azuremonitorcontainers +$ helm del --purge myrelease-1 ``` @@ -60,7 +58,7 @@ The following table lists the configurable parameters of the MSOMS chart and the | `omsagent.secret.wsid` | Azure Log analytics workspace id | Does not have a default value, needs to be provided | | `omsagent.secret.key` | Azure Log analytics workspace key | Does not have a default value, needs to be provided | | `omsagent.domain` | Azure Log analytics cloud domain (public / govt) | opinsights.azure.com (Public cloud as default), opinsights.azure.us (Govt Cloud) | -| `omsagent.env.clusterName` | Name of your cluster | Does not have a default value, needs to be provided. If ACS-engine cluster, recommended to provide Azure Resource group resource ID of ACS-Engine cluster, to be able to use Azure Container monitoring User experience (aka.ms/azmon-containers) | +| `omsagent.env.clusterName` | Name of your cluster | Does not have a default value, needs to be provided. If ACS-engine cluster, it is recommended to provide either one of the below as cluster name, to be able to use Azure Container monitoring User experience (aka.ms/azmon-containers)

- Azure Resource group resource ID of ACS-Engine cluster
- Provide a friendly name here and ensure this name is used to 'tag' the cluster master node(s) - see step-3 in pre-requisites above | |`omsagent.env.doNotCollectKubeSystemLogs`| Disable collecting logs from containers in 'kube-system' namespace | true| | `omsagent.rbac` | rbac enabled/disabled | true (i.e enabled) | @@ -79,7 +77,7 @@ Alternatively, a YAML file that specifies the values for the parameters can be p ```bash -$ helm install --name omsagent -f values.yaml incubator/azuremonitor-containers +$ helm install --name myrelease-1 -f values.yaml incubator/azuremonitor-containers ``` diff --git a/incubator/azuremonitor-containers/values.yaml b/incubator/azuremonitor-containers/values.yaml index 70f282cf47e0..6cf3e4c253f0 100644 --- a/incubator/azuremonitor-containers/values.yaml +++ b/incubator/azuremonitor-containers/values.yaml @@ -6,9 +6,9 @@ ## ref: https://github.com/Microsoft/OMS-docker/tree/ci_feature_prod omsagent: image: - tag: "ciprod10162018-2" + tag: "ciprod11292018" pullPolicy: IfNotPresent - dockerProviderVersion: "3.0.0-1" + dockerProviderVersion: "3.0.0-2" agentVersion: "1.6.0-163" ## To get your workspace id and key do the following ## You can create a Azure Loganalytics workspace from portal.azure.com and get its ID & PRIMARY KEY from 'Advanced Settings' tab in the Ux. From 6e8149f73998f8dffdf3829d6905423c43a18039 Mon Sep 17 00:00:00 2001 From: Ben Darnell Date: Tue, 18 Dec 2018 21:51:29 -0500 Subject: [PATCH 033/136] cockroachdb: Update to 2.1.3 (#10086) Signed-off-by: Ben Darnell Signed-off-by: Melissa Palmer --- stable/cockroachdb/Chart.yaml | 4 ++-- stable/cockroachdb/README.md | 2 +- stable/cockroachdb/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/cockroachdb/Chart.yaml b/stable/cockroachdb/Chart.yaml index 22755a878362..9392a0e8eb6a 100755 --- a/stable/cockroachdb/Chart.yaml +++ b/stable/cockroachdb/Chart.yaml @@ -1,7 +1,7 @@ name: cockroachdb home: https://www.cockroachlabs.com -version: 2.0.8 -appVersion: 2.1.2 +version: 2.0.9 +appVersion: 2.1.3 description: CockroachDB is a scalable, survivable, strongly-consistent SQL database. icon: https://raw.githubusercontent.com/cockroachdb/cockroach/master/docs/media/cockroach_db.png sources: diff --git a/stable/cockroachdb/README.md b/stable/cockroachdb/README.md index 4001fd23b7ad..a351e00679c1 100644 --- a/stable/cockroachdb/README.md +++ b/stable/cockroachdb/README.md @@ -69,7 +69,7 @@ The following table lists the configurable parameters of the CockroachDB chart a | ------------------------------ | ------------------------------------------------ | ----------------------------------------- | | `Name` | Chart name | `cockroachdb` | | `Image` | Container image name | `cockroachdb/cockroach` | -| `ImageTag` | Container image tag | `v2.1.2` | +| `ImageTag` | Container image tag | `v2.1.3` | | `ImagePullPolicy` | Container pull policy | `Always` | | `Replicas` | k8s statefulset replicas | `3` | | `MaxUnavailable` | k8s PodDisruptionBudget parameter | `1` | diff --git a/stable/cockroachdb/values.yaml b/stable/cockroachdb/values.yaml index c05a0ba1226f..9cbff4a6d164 100644 --- a/stable/cockroachdb/values.yaml +++ b/stable/cockroachdb/values.yaml @@ -5,7 +5,7 @@ Name: "cockroachdb" Image: "cockroachdb/cockroach" -ImageTag: "v2.1.2" +ImageTag: "v2.1.3" ImagePullPolicy: "Always" Replicas: 3 MaxUnavailable: 1 From 87de2faeec521a137131db7698fc0d111005a87d Mon Sep 17 00:00:00 2001 From: Kirill Kuznetsov Date: Wed, 19 Dec 2018 10:33:02 +0700 Subject: [PATCH 034/136] Metricbeat: Configurations for tolerations and nodeSelector (#9948) * Configurations for tolerations and nodeSelector for pods from both daemonset & deployment Signed-off-by: Kirill Kouznetsov * [stable/metricbeat] bump the chart version to 0.4.2 Signed-off-by: Kirill Kouznetsov Signed-off-by: Melissa Palmer --- stable/metricbeat/Chart.yaml | 2 +- stable/metricbeat/README.md | 4 ++++ stable/metricbeat/templates/daemonset.yaml | 10 +++++++--- stable/metricbeat/templates/deployment.yaml | 8 ++++++++ stable/metricbeat/values.yaml | 7 +++++++ 5 files changed, 27 insertions(+), 4 deletions(-) diff --git a/stable/metricbeat/Chart.yaml b/stable/metricbeat/Chart.yaml index d3d088fe4fb0..28e62d803d50 100644 --- a/stable/metricbeat/Chart.yaml +++ b/stable/metricbeat/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: A Helm chart to collect Kubernetes logs with metricbeat icon: https://www.elastic.co/assets/blt47799dcdcf08438d/logo-elastic-beats-lt.svg name: metricbeat -version: 0.4.1 +version: 0.4.2 appVersion: 6.5.1 home: https://www.elastic.co/products/beats/metricbeat sources: diff --git a/stable/metricbeat/README.md b/stable/metricbeat/README.md index 40aeb601e22e..cb29a8250d7e 100644 --- a/stable/metricbeat/README.md +++ b/stable/metricbeat/README.md @@ -49,9 +49,13 @@ The following table lists the configurable parameters of the metricbeat chart an | `daemonset.modules..config` | The content of the modules configuration file consumed by metricbeat deployed as daemonset, which is assumed to collect metrics in each nodes. See the [metricbeat.reference.yml](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-reference-yml.html) for full details | | `daemonset.modules..enabled` | If true, enable configuration | | | `daemonset.podAnnotations` | Pod annotations for daemonset | | +| `daemonset.nodeSelector` | Pod node selector for daemonset | `{}` | +| `daemonset.tolerations` | Pod taint tolerations for daemonset | `[{"key": "node-role.kubernetes.io/master", "operator": "Exists", "effect": "NoSchedule"}]` | | `deployment.modules..config` | The content of the modules configuration file consumed by metricbeat deployed as deployment, which is assumed to collect cluster-level metrics. See the [metricbeat.reference.yml](https://www.elastic.co/guide/en/beats/metricbeat/current/metricbeat-reference-yml.html) for full details || | `deployment.modules..enabled` | If true, enable configuration || | `deployment.podAnnotations` | Pod annotations for deployment | | +| `deployment.nodeSelector` | Pod node selector for deployment | `{}` | +| `deployment.tolerations` | Pod taint tolerations for deployment | `[]` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/metricbeat/templates/daemonset.yaml b/stable/metricbeat/templates/daemonset.yaml index 9122de91d9d2..4abcdcb69f7f 100644 --- a/stable/metricbeat/templates/daemonset.yaml +++ b/stable/metricbeat/templates/daemonset.yaml @@ -110,10 +110,14 @@ spec: serviceAccountName: {{ template "metricbeat.serviceAccountName" . }} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet +{{- if .Values.daemonset.tolerations }} tolerations: - - key: node-role.kubernetes.io/master - operator: Exists - effect: NoSchedule +{{ toYaml .Values.daemonset.tolerations | indent 6 }} +{{- end }} +{{- if .Values.daemonset.nodeSelector }} + nodeSelector: +{{ toYaml .Values.daemonset.nodeSelector | indent 8 }} +{{- end }} {{- if .Values.nodeSelector }} nodeSelector: {{ toYaml .Values.nodeSelector | indent 8 }} diff --git a/stable/metricbeat/templates/deployment.yaml b/stable/metricbeat/templates/deployment.yaml index 55061925f37a..07fecc24adac 100644 --- a/stable/metricbeat/templates/deployment.yaml +++ b/stable/metricbeat/templates/deployment.yaml @@ -68,6 +68,14 @@ spec: readOnly: true {{- if .Values.extraVolumeMounts }} {{ toYaml .Values.extraVolumeMounts | indent 8 }} +{{- end }} +{{- if .Values.deployment.tolerations }} + tolerations: +{{ toYaml .Values.deployment.tolerations | indent 6 }} +{{- end }} +{{- if .Values.deployment.nodeSelector }} + nodeSelector: +{{ toYaml .Values.deployment.nodeSelector | indent 8 }} {{- end }} volumes: - name: metricbeat-config diff --git a/stable/metricbeat/values.yaml b/stable/metricbeat/values.yaml index df05ede2946c..13d56da94f1d 100644 --- a/stable/metricbeat/values.yaml +++ b/stable/metricbeat/values.yaml @@ -6,6 +6,11 @@ image: # The instances created by daemonset retrieve most metrics from the host daemonset: podAnnotations: [] + tolerations: + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + nodeSelector: {} config: metricbeat.config: modules: @@ -61,6 +66,8 @@ daemonset: # The instance created by deployment retrieves metrics that are unique for the whole cluster, like Kubernetes events or kube-state-metrics deployment: podAnnotations: [] + tolerations: [] + nodeSelector: {} config: metricbeat.config: modules: From b00643200e46db1f7d9f7001dee8adb71ac158f7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maria=20Ni=C8=9B=C4=83?= Date: Wed, 19 Dec 2018 07:38:22 +0100 Subject: [PATCH 035/136] [stable/prometheus-operator] - Bump prometheus-node-exporter version to 0.6.2 (#10071) Signed-off-by: Maria Nita Signed-off-by: Melissa Palmer --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/requirements.lock | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index dcabda3fb889..f70388ba37d0 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 1.0.0 +version: 1.1.0 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/requirements.lock b/stable/prometheus-operator/requirements.lock index 657f6767d66b..7f7f059cdaa5 100644 --- a/stable/prometheus-operator/requirements.lock +++ b/stable/prometheus-operator/requirements.lock @@ -4,7 +4,7 @@ dependencies: version: 0.12.1 - name: prometheus-node-exporter repository: https://kubernetes-charts.storage.googleapis.com/ - version: 0.6.0 + version: 0.6.2 - name: grafana repository: https://kubernetes-charts.storage.googleapis.com/ version: 1.19.0 From 5ce2ba13d24fe276cf28474153fe1065ff25a4a3 Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Wed, 19 Dec 2018 09:23:26 +0100 Subject: [PATCH 036/136] [stable/mongodb] Fix chart not being upgradable when replicaset is enabled. (#10121) Signed-off-by: juan131 Signed-off-by: Melissa Palmer --- stable/mongodb/Chart.yaml | 2 +- stable/mongodb/README.md | 11 +++++++++++ stable/mongodb/templates/statefulset-arbiter-rs.yaml | 1 - stable/mongodb/templates/statefulset-primary-rs.yaml | 1 - .../mongodb/templates/statefulset-secondary-rs.yaml | 1 - 5 files changed, 12 insertions(+), 4 deletions(-) diff --git a/stable/mongodb/Chart.yaml b/stable/mongodb/Chart.yaml index db9532b181a4..9ecd86a4954e 100644 --- a/stable/mongodb/Chart.yaml +++ b/stable/mongodb/Chart.yaml @@ -1,5 +1,5 @@ name: mongodb -version: 4.10.1 +version: 5.0.0 appVersion: 4.0.3 description: NoSQL document-oriented database that stores JSON-like documents with dynamic schemas, simplifying the integration of data in content-driven applications. keywords: diff --git a/stable/mongodb/README.md b/stable/mongodb/README.md index 41b448a305d0..c719b80467e4 100644 --- a/stable/mongodb/README.md +++ b/stable/mongodb/README.md @@ -174,3 +174,14 @@ The allowed extensions are `.sh`, and `.js`. The [Bitnami MongoDB](https://github.com/bitnami/bitnami-docker-mongodb) image stores the MongoDB data and configurations at the `/bitnami/mongodb` path of the container. The chart mounts a [Persistent Volume](http://kubernetes.io/docs/user-guide/persistent-volumes/) at this location. The volume is created using dynamic volume provisioning. + +## Upgrading + +### To 5.0.0 + +When enabling replicaset configuration, backwards compatibility is not guaranteed unless you modify the labels used on the chart's statefulsets. +Use the workaround below to upgrade from versions previous to 5.0.0. The following example assumes that the release name is `my-release`: + +```consoloe +$ kubectl delete statefulset my-release-mongodb-arbiter my-release-mongodb-primary my-release-mongodb-secondary --cascade=false +``` diff --git a/stable/mongodb/templates/statefulset-arbiter-rs.yaml b/stable/mongodb/templates/statefulset-arbiter-rs.yaml index ac2840d24ef9..a0df69a98589 100644 --- a/stable/mongodb/templates/statefulset-arbiter-rs.yaml +++ b/stable/mongodb/templates/statefulset-arbiter-rs.yaml @@ -13,7 +13,6 @@ spec: matchLabels: app: {{ template "mongodb.name" . }} release: {{ .Release.Name }} - chart: {{ template "mongodb.chart" . }} component: arbiter serviceName: {{ template "mongodb.fullname" . }}-headless replicas: {{ .Values.replicaSet.replicas.arbiter }} diff --git a/stable/mongodb/templates/statefulset-primary-rs.yaml b/stable/mongodb/templates/statefulset-primary-rs.yaml index 6e003d3995c1..58d047db109c 100644 --- a/stable/mongodb/templates/statefulset-primary-rs.yaml +++ b/stable/mongodb/templates/statefulset-primary-rs.yaml @@ -14,7 +14,6 @@ spec: selector: matchLabels: app: {{ template "mongodb.name" . }} - chart: {{ template "mongodb.chart" . }} release: {{ .Release.Name }} component: primary template: diff --git a/stable/mongodb/templates/statefulset-secondary-rs.yaml b/stable/mongodb/templates/statefulset-secondary-rs.yaml index 5109fe3bd2d0..e529c8607e85 100644 --- a/stable/mongodb/templates/statefulset-secondary-rs.yaml +++ b/stable/mongodb/templates/statefulset-secondary-rs.yaml @@ -13,7 +13,6 @@ spec: matchLabels: app: {{ template "mongodb.name" . }} release: {{ .Release.Name }} - chart: {{ template "mongodb.chart" . }} component: secondary podManagementPolicy: "Parallel" serviceName: {{ template "mongodb.fullname" . }}-headless From 16aceb02284f725c23c9fcf00cfdb8b0166165aa Mon Sep 17 00:00:00 2001 From: Warren Fernandes Date: Wed, 19 Dec 2018 03:34:32 -0700 Subject: [PATCH 037/136] Removes path specification from ingress service (#6720) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Removes path specification from ingress service Fixes kubernetes/charts#6719 Bump vault chart version to 0.14.3 Signed-off-by: Warren Fernandes * Update Chart.yaml Signed-off-by: Reinhard Nägele Signed-off-by: Melissa Palmer --- incubator/vault/Chart.yaml | 2 +- incubator/vault/templates/ingress.yaml | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/incubator/vault/Chart.yaml b/incubator/vault/Chart.yaml index 54ec2757fe6c..baeb3d592ab5 100644 --- a/incubator/vault/Chart.yaml +++ b/incubator/vault/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart for Vault, a tool for managing secrets name: vault -version: 0.14.3 +version: 0.14.4 appVersion: 0.11.2 home: https://www.vaultproject.io/ icon: https://www.vaultproject.io/assets/images/mega-nav/logo-vault-0f83e3d2.svg diff --git a/incubator/vault/templates/ingress.yaml b/incubator/vault/templates/ingress.yaml index 2fef0771c758..d99bb1e1efd2 100644 --- a/incubator/vault/templates/ingress.yaml +++ b/incubator/vault/templates/ingress.yaml @@ -23,8 +23,7 @@ spec: - host: {{ $host }} http: paths: - - path: / - backend: + - backend: serviceName: {{ $serviceName }} servicePort: {{ $servicePort }} {{- end -}} From 0ac1591ce3a8ade1fc95ebd29deb3242d73be9e6 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Wed, 19 Dec 2018 11:44:17 +0100 Subject: [PATCH 038/136] [Documentation] update labels in the documentation (#10066) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * update labels in the documentation Signed-off-by: cpanato * update per feedback Signed-off-by: cpanato * Fix resource names Signed-off-by: Reinhard Nägele Signed-off-by: Melissa Palmer --- REVIEW_GUIDELINES.md | 80 ++++++++++++++++++++++---------------------- 1 file changed, 40 insertions(+), 40 deletions(-) diff --git a/REVIEW_GUIDELINES.md b/REVIEW_GUIDELINES.md index 6080bef78eb5..880cbf546a93 100644 --- a/REVIEW_GUIDELINES.md +++ b/REVIEW_GUIDELINES.md @@ -37,17 +37,17 @@ Stable charts should not depend on charts in incubator. Resources and labels should follow some conventions. The standard resource metadata (`metadata.labels` and `spec.template.metadata.labels`) should be this: ```yaml -name: {{ template "myapp.fullname" . }} +name: {{ include "myapp.fullname" . }} labels: - app: {{ template "myapp.name" . }} - chart: {{ template "myapp.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + app.kubernetes.io/name: {{ include "myapp.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "myapp.chart" . }} ``` -If a chart has multiple components, a `component` label should be added (e. g. `component: server`). The resource name should get the component as suffix (e. g. `name: {{ template "myapp.fullname" . }}-server`). +If a chart has multiple components, a `app.kubernetes.io/component` label should be added (e. g. `app.kubernetes.io/component: server`). The resource name should get the component as suffix (e. g. `name: {{ include "myapp.fullname" . }}-server`). -Note that templates have to be namespaced. With Helm 2.7+, `helm create` does this out-of-the-box. The `app` label should use the `name` template, not `fullname` as is still the case with older charts. +Note that templates have to be namespaced. With Helm 2.7+, `helm create` does this out-of-the-box. The `app.kubernetes.io/name` label should use the `name` template, not `fullname` as is still the case with older charts. ### Deployments, StatefulSets, DaemonSets Selectors @@ -56,13 +56,13 @@ Note that templates have to be namespaced. With Helm 2.7+, `helm create` does th ```yaml selector: matchLabels: - app: {{ template "myapp.name" . }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "myapp.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} ``` If a chart has multiple components, a `component` label should be added to the selector (see above). -`spec.selector.matchLabels` defined in `Deployments`/`StatefulSets`/`DaemonSets` `>=v1/beta2` **must not** contain `chart` label or any label containing a version of the chart, because the selector is immutable. +`spec.selector.matchLabels` defined in `Deployments`/`StatefulSets`/`DaemonSets` `>=v1/beta2` **must not** contain `helm.sh/chart` label or any label containing a version of the chart, because the selector is immutable. The chart label string contains the version, so if it is specified, whenever the the Chart.yaml version changes, Helm's attempt to change this immutable field would cause the upgrade to fail. #### Fixing Selectors @@ -70,39 +70,39 @@ The chart label string contains the version, so if it is specified, whenever the ##### For Deployments, StatefulSets, DaemonSets apps/v1beta1 or extensions/v1beta1 - If it does not specify `spec.selector.matchLabels`, set it -- Remove `chart` label in `spec.selector.matchLabels` if it exists +- Remove `helm.sh/chart` label in `spec.selector.matchLabels` if it exists - Bump patch version of the Chart ##### For Deployments, StatefulSets, DaemonSets >=apps/v1beta2 -- Remove `chart` label in `spec.selector.matchLabels` if it exists +- Remove `helm.sh/chart` label in `spec.selector.matchLabels` if it exists - Bump major version of the Chart as it is a breaking change ### Service Selectors -Label selectors for services must have both `app` and `release` labels. +Label selectors for services must have both `app.kubernetes.io/name` and `app.kubernetes.io/instance` labels. ```yaml selector: - app: {{ template "myapp.name" . }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "myapp.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} ``` -If a chart has multiple components, a `component` label should be added to the selector (see above). +If a chart has multiple components, a `app.kubernetes.io/component` label should be added to the selector (see above). ### Persistence Labels ### StatefulSet -In case of a `Statefulset`, `spec.volumeClaimTemplates.metadata.labels` must have both `app` and `release` labels, and **must not** contain `chart` label or any label containing a version of the chart, because `spec.volumeClaimTemplates` is immutable. +In case of a `Statefulset`, `spec.volumeClaimTemplates.metadata.labels` must have both `app.kubernetes.io/name` and `app.kubernetes.io/instance` labels, and **must not** contain `helm.sh/chart` label or any label containing a version of the chart, because `spec.volumeClaimTemplates` is immutable. ```yaml labels: - app: {{ template "myapp.name" . }} - release: {{ .Release.Name }} + app.kubernetes.io/name: {{ include "myapp.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} ``` -If a chart has multiple components, a `component` label should be added to the selector (see above). +If a chart has multiple components, a `app.kubernetes.io/component` label should be added to the selector (see above). ### PersistentVolumeClaim @@ -159,7 +159,7 @@ volumes: - name: data {{- if .Values.persistence.enabled }} persistentVolumeClaim: - claimName: {{ .Values.persistence.existingClaim | default (include "fullname" .) }} + claimName: {{ .Values.persistence.existingClaim | default (include "myapp.fullname" .) }} {{- else }} emptyDir: {} {{- end -}} @@ -172,12 +172,12 @@ volumes: kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ template "fullname" . }} + name: {{ include "myapp.fullname" . }} labels: - app: {{ template "name" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + app.kubernetes.io/name: {{ include "myapp.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "myapp.chart" . }} spec: accessModes: - {{ .Values.persistence.accessMode | quote }} @@ -217,18 +217,18 @@ autoscaling: apiVersion: autoscaling/v2beta1 kind: HorizontalPodAutoscaler metadata: + name: {{ include "myapp.fullname" . }} labels: - app: {{ template "helm-chart.name" . }} - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - component: "{{ .Values.name }}" - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} - name: {{ template "helm-chart.fullname" . }} + app.kubernetes.io/name: {{ include "myapp.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "myapp.chart" . }} + app.kubernetes.io/component: "{{ .Values.name }}" spec: scaleTargetRef: - apiVersion: apps/v1beta1 + apiVersion: apps/v1 kind: Deployment - name: {{ template "helm-chart.fullname" . }} + name: {{ include "myapp.fullname" . }} minReplicas: {{ .Values.autoscaling.minReplicas }} maxReplicas: {{ .Values.autoscaling.maxReplicas }} metrics: @@ -271,12 +271,12 @@ ingress: apiVersion: extensions/v1beta1 kind: Ingress metadata: - name: {{ include "fullname" }} + name: {{ include "myapp.fullname" }} labels: - app: {{ include "name" . }} - chart: {{ include "chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} + app.kubernetes.io/name: {{ include "myapp.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "myapp.chart" . }} {{- with .Values.ingress.annotations }} annotations: {{ toYaml . | indent 4 }} @@ -299,7 +299,7 @@ spec: paths: - path: {{ .Values.ingress.path }} backend: - serviceName: {{ include "fullname" }} + serviceName: {{ include "myapp.fullname" }} servicePort: http {{- end }} {{- end }} From 372d275508882a27aa35e39cf76947cab3390e98 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bauer?= Date: Wed, 19 Dec 2018 11:52:19 +0100 Subject: [PATCH 039/136] [stable/auditbeat] update to image 6.5.3 (#10087) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * updated auditbeat to 6.5.3 Signed-off-by: André Bauer * raised chart version Signed-off-by: André Bauer Signed-off-by: Melissa Palmer --- stable/auditbeat/Chart.yaml | 4 ++-- stable/auditbeat/README.md | 2 +- stable/auditbeat/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/auditbeat/Chart.yaml b/stable/auditbeat/Chart.yaml index 400ec0ff1fe7..cffb3815c894 100644 --- a/stable/auditbeat/Chart.yaml +++ b/stable/auditbeat/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v1 description: A lightweight shipper to audit the activities of users and processes on your systems icon: https://www.elastic.co/assets/blt27d1fd26b0862613/icon-auditbeat-bb.svg name: auditbeat -version: 0.4.0 -appVersion: 6.5.1 +version: 0.4.1 +appVersion: 6.5.3 home: https://www.elastic.co/products/beats/auditbeat sources: - https://www.elastic.co/guide/en/beats/auditbeat/current/index.html diff --git a/stable/auditbeat/README.md b/stable/auditbeat/README.md index b608e0fde9c2..dc036291b90e 100644 --- a/stable/auditbeat/README.md +++ b/stable/auditbeat/README.md @@ -41,7 +41,7 @@ The following table lists the configurable parameters of the auditbeat chart and | Parameter | Description | Default | |-------------------------------------|------------------------------------|-------------------------------------------| | `image.repository` | The image repository to pull from | `docker.elastic.co/beats/auditbeat` | -| `image.tag` | The image tag to pull | `6.5.1` | +| `image.tag` | The image tag to pull | `6.5.3` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `rbac.create` | If true, create & use RBAC resources | `true` | | `rbac.serviceAccount` | existing ServiceAccount to use (ignored if rbac.create=true) | `default` | diff --git a/stable/auditbeat/values.yaml b/stable/auditbeat/values.yaml index 0756d3178c3c..312443e74864 100644 --- a/stable/auditbeat/values.yaml +++ b/stable/auditbeat/values.yaml @@ -1,6 +1,6 @@ image: repository: docker.elastic.co/beats/auditbeat - tag: 6.5.1 + tag: 6.5.3 pullPolicy: IfNotPresent config: From d45a54d81e6926e716136c222e8cd8ecb4764211 Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Wed, 19 Dec 2018 12:00:11 +0100 Subject: [PATCH 040/136] [stable/mariadb] Allow including gzip files as initdb scripts (#10127) * [stable/mariadb] Allow including gzip files as initdb scripts Signed-off-by: juan131 * Increasing Prerequisites on README.md Signed-off-by: juan131 Signed-off-by: Melissa Palmer --- stable/mariadb/Chart.yaml | 2 +- stable/mariadb/README.md | 2 +- stable/mariadb/templates/initialization-configmap.yaml | 9 +++++++-- 3 files changed, 9 insertions(+), 4 deletions(-) diff --git a/stable/mariadb/Chart.yaml b/stable/mariadb/Chart.yaml index bf05a442fbd6..1a4fc2a7d14f 100644 --- a/stable/mariadb/Chart.yaml +++ b/stable/mariadb/Chart.yaml @@ -1,5 +1,5 @@ name: mariadb -version: 5.2.4 +version: 5.2.5 appVersion: 10.1.37 description: Fast, reliable, scalable, and easy to use open-source relational database system. MariaDB Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. Highly available MariaDB cluster. keywords: diff --git a/stable/mariadb/README.md b/stable/mariadb/README.md index 557de504e486..4f57f5d94e71 100644 --- a/stable/mariadb/README.md +++ b/stable/mariadb/README.md @@ -18,7 +18,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment ## Prerequisites -- Kubernetes 1.4+ with Beta APIs enabled +- Kubernetes 1.10+ - PV provisioner support in the underlying infrastructure ## Installing the Chart diff --git a/stable/mariadb/templates/initialization-configmap.yaml b/stable/mariadb/templates/initialization-configmap.yaml index f7f74e4344bf..7ce6711836cb 100644 --- a/stable/mariadb/templates/initialization-configmap.yaml +++ b/stable/mariadb/templates/initialization-configmap.yaml @@ -9,6 +9,11 @@ metadata: chart: {{ template "mariadb.chart" . }} release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} +binaryData: +{{- $root := . }} +{{- range $path, $bytes := .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} + {{ base $path }}: {{ $root.Files.Get $path | b64enc | quote }} +{{- end }} data: -{{ (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|sql|sql.gz]").AsConfig | indent 2 }} -{{ end }} \ No newline at end of file +{{ (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}").AsConfig | indent 2 }} +{{ end }} From 5c1fdc6c1239c9260807dd1b2061c925ddb8dbce Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Wed, 19 Dec 2018 12:09:47 +0100 Subject: [PATCH 041/136] [stable/postgresql] Allow including gzip files as initdb scripts (#10124) * [stable/postgresql] Allow including gzip files as initdb scripts Signed-off-by: juan131 * Increasing Prerequisites on README.md Signed-off-by: juan131 * Only create cm when there are init scripts Signed-off-by: juan131 * Only use init cm when there are init scripts Signed-off-by: juan131 * minor fixes Signed-off-by: juan131 Signed-off-by: Melissa Palmer --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 2 +- .../templates/initialization-configmap.yaml | 9 ++++++- stable/postgresql/templates/statefulset.yaml | 26 +++++++++++-------- 4 files changed, 25 insertions(+), 14 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 2f227ade4327..35584da96bc2 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.2.0 +version: 3.2.1 appVersion: 10.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index b7be851a7bd1..bb318ba33ab5 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -16,7 +16,7 @@ Bitnami charts can be used with [Kubeapps](https://kubeapps.com/) for deployment ## Prerequisites -- Kubernetes 1.4+ with Beta APIs enabled +- Kubernetes 1.10+ - PV provisioner support in the underlying infrastructure ## Installing the Chart diff --git a/stable/postgresql/templates/initialization-configmap.yaml b/stable/postgresql/templates/initialization-configmap.yaml index 078d508231c4..b54e6c3317c2 100644 --- a/stable/postgresql/templates/initialization-configmap.yaml +++ b/stable/postgresql/templates/initialization-configmap.yaml @@ -1,3 +1,4 @@ +{{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") }} apiVersion: v1 kind: ConfigMap metadata: @@ -7,8 +8,14 @@ metadata: chart: {{ template "postgresql.chart" . }} release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} +binaryData: +{{- $root := . }} +{{- range $path, $bytes := .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} + {{ base $path }}: {{ $root.Files.Get $path | b64enc | quote }} +{{- end }} data: -{{ (.Files.Glob "files/docker-entrypoint-initdb.d/*").AsConfig | indent 2 }} +{{ (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}").AsConfig | indent 2 }} {{- with .Values.initdbScripts }} {{ toYaml . | indent 2 }} {{- end }} +{{- end }} diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index 66c7a237c283..ed567a5f88a5 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -96,7 +96,7 @@ spec: {{- if .Values.usePasswordFile }} - name: POSTGRESQL_REPLICATION_PASSWORD_FILE value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} + {{- else }} - name: POSTGRESQL_REPLICATION_PASSWORD valueFrom: secretKeyRef: @@ -115,7 +115,7 @@ spec: secretKeyRef: name: {{ template "postgresql.secretName" . }} key: postgresql-password - {{- end }} + {{- end }} {{- if .Values.postgresqlDatabase }} - name: POSTGRESQL_DATABASE value: {{ .Values.postgresqlDatabase | quote }} @@ -155,26 +155,28 @@ spec: failureThreshold: {{ .Values.readinessProbe.failureThreshold }} {{- end }} volumeMounts: + {{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") }} - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d + {{- end }} {{- if .Values.usePasswordFile }} - name: postgresql-password mountPath: /opt/bitnami/postgresql/secrets/ - {{ end }} + {{- end }} {{- if .Values.persistence.enabled }} - name: data mountPath: {{ .Values.persistence.mountPath }} {{- end }} - {{ if or (.Files.Glob "files/postgresql.conf") .Values.postgresqlConfiguration }} + {{- if or (.Files.Glob "files/postgresql.conf") .Values.postgresqlConfiguration }} - name: postgresql-config mountPath: /opt/bitnami/postgresql/conf/postgresql.conf subPath: postgresql.conf - {{ end }} - {{ if or (.Files.Glob "files/pg_hba.conf") .Values.pgHbaConfiguration }} + {{- end }} + {{- if or (.Files.Glob "files/pg_hba.conf") .Values.pgHbaConfiguration }} - name: postgresql-config mountPath: /opt/bitnami/postgresql/conf/pg_hba.conf subPath: pg_hba.conf - {{ end }} + {{- end }} {{- if .Values.metrics.enabled }} - name: metrics image: {{ template "metrics.image" . }} @@ -221,7 +223,7 @@ spec: {{- if .Values.usePasswordFile }} - name: postgresql-password mountPath: /opt/bitnami/postgresql/secrets/ - {{ end }} + {{- end }} ports: - name: metrics containerPort: 9187 @@ -229,19 +231,21 @@ spec: {{ toYaml .Values.metrics.resources | indent 10 }} {{- end }} volumes: - {{ if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration }} - name: postgresql-config configMap: name: {{ template "postgresql.fullname" . }}-configuration - {{ end }} + {{- end }} {{- if .Values.usePasswordFile }} - name: postgresql-password secret: secretName: {{ template "postgresql.secretName" . }} - {{ end }} + {{- end }} + {{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") }} - name: custom-init-scripts configMap: name: {{ template "postgresql.fullname" . }}-init-scripts + {{- end }} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: data persistentVolumeClaim: From d81a91915e24afe03a75af6df63d574ed2752646 Mon Sep 17 00:00:00 2001 From: Cameron Attard Date: Wed, 19 Dec 2018 22:42:29 +1100 Subject: [PATCH 042/136] [stable/falco] add extraArgs (#9738) Signed-off-by: Cameron Attard Signed-off-by: Melissa Palmer --- stable/falco/CHANGELOG.md | 4 ++++ stable/falco/Chart.yaml | 2 +- stable/falco/README.md | 1 + stable/falco/templates/daemonset.yaml | 11 ++++++++++- stable/falco/values.yaml | 2 ++ 5 files changed, 18 insertions(+), 2 deletions(-) diff --git a/stable/falco/CHANGELOG.md b/stable/falco/CHANGELOG.md index e5901e746002..793f4a9ec3d8 100644 --- a/stable/falco/CHANGELOG.md +++ b/stable/falco/CHANGELOG.md @@ -3,6 +3,10 @@ This file documents all notable changes to Sysdig Falco Helm Chart. The release numbering uses [semantic versioning](http://semver.org). +## v0.5.6 + +* Allow extra container args + ## v0.5.5 * Update correct slack example diff --git a/stable/falco/Chart.yaml b/stable/falco/Chart.yaml index 1a4148cb0d68..6da3fc8df66a 100644 --- a/stable/falco/Chart.yaml +++ b/stable/falco/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: falco -version: 0.5.5 +version: 0.5.6 appVersion: 0.13.0 description: Sysdig Falco keywords: diff --git a/stable/falco/README.md b/stable/falco/README.md index 29ad3c310453..16e4b88e299b 100644 --- a/stable/falco/README.md +++ b/stable/falco/README.md @@ -49,6 +49,7 @@ The following table lists the configurable parameters of the Falco chart and the | `image.tag` | The image tag to pull | `0.13.0` | | `image.pullPolicy` | The image pull policy | `IfNotPresent` | | `resources` | Specify container resources | `{}` | +| `extraArgs` | Specify additional container args | `[]` | | `rbac.create` | If true, create & use RBAC resources | `true` | | `serviceAccount.create` | Create serviceAccount | `true` | | `serviceAccount.name` | Use this value as serviceAccountName | ` ` | diff --git a/stable/falco/templates/daemonset.yaml b/stable/falco/templates/daemonset.yaml index 79cff82af8a1..07dcca8129d1 100644 --- a/stable/falco/templates/daemonset.yaml +++ b/stable/falco/templates/daemonset.yaml @@ -30,7 +30,16 @@ spec: {{ toYaml .Values.resources | indent 12 }} securityContext: privileged: true - args: [ "/usr/bin/falco", "-K", "/var/run/secrets/kubernetes.io/serviceaccount/token", "-k", "https://kubernetes.default", "-pk"] + args: + - /usr/bin/falco + - -K + - /var/run/secrets/kubernetes.io/serviceaccount/token + - -k + - https://kubernetes.default + - -pk + {{- if .Values.extraArgs }} +{{ toYaml .Values.extraArgs | indent 12 }} + {{- end }} env: {{- if .Values.ebpf.enabled }} - name: SYSDIG_BPF_PROBE diff --git a/stable/falco/values.yaml b/stable/falco/values.yaml index 646ed1c43d3b..f259949f186f 100644 --- a/stable/falco/values.yaml +++ b/stable/falco/values.yaml @@ -17,6 +17,8 @@ resources: {} # cpu: 20m # memory: 128Mi +extraArgs: [] + rbac: # Create and use rbac resources create: true From 675c858b4592e55057f574d53163486e859e5970 Mon Sep 17 00:00:00 2001 From: Daniel Martins Date: Wed, 19 Dec 2018 09:52:05 -0200 Subject: [PATCH 043/136] Mesh setup for AlertManager StatefulSet (#9874) Automatically set up the --cluster.listen-address` and `--cluster.peer` flags for AlertManager StatefulSet when the meshPeer is enabled. Signed-off-by: Daniel Martins Signed-off-by: Melissa Palmer --- stable/prometheus/Chart.yaml | 2 +- stable/prometheus/templates/alertmanager-statefulset.yaml | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/stable/prometheus/Chart.yaml b/stable/prometheus/Chart.yaml index 75f725a1cd76..28543d2f73b7 100755 --- a/stable/prometheus/Chart.yaml +++ b/stable/prometheus/Chart.yaml @@ -1,5 +1,5 @@ name: prometheus -version: 8.1.2 +version: 8.2.0 appVersion: 2.5.0 description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ diff --git a/stable/prometheus/templates/alertmanager-statefulset.yaml b/stable/prometheus/templates/alertmanager-statefulset.yaml index 002a7fcf5efc..0748c5b45274 100644 --- a/stable/prometheus/templates/alertmanager-statefulset.yaml +++ b/stable/prometheus/templates/alertmanager-statefulset.yaml @@ -50,6 +50,12 @@ spec: - --config.file=/etc/config/alertmanager.yml - --storage.path={{ .Values.alertmanager.persistentVolume.mountPath }} - --cluster.advertise-address=$(POD_IP):6783 + {{- if .Values.alertmanager.statefulSet.headless.enableMeshPeer }} + - --cluster.listen-address=0.0.0.0:6783 + {{- range $n := until (.Values.alertmanager.replicaCount | int) }} + - --cluster.peer={{ template "prometheus.alertmanager.fullname" $ }}-{{ $n }}.{{ template "prometheus.alertmanager.fullname" $ }}-headless:6783 + {{- end }} + {{- end }} {{- range $key, $value := .Values.alertmanager.extraArgs }} - --{{ $key }}={{ $value }} {{- end }} From 6eab03ecf67012d940021eca8099a7d80e155c21 Mon Sep 17 00:00:00 2001 From: Emin Demirci Date: Wed, 19 Dec 2018 15:46:05 +0300 Subject: [PATCH 044/136] Add Hazelcast Jet Helm Chart (#9372) * Add Hazelcast Jet Helm Chart Signed-off-by: Emin Demirci * Fix linter errors around whitespaces Signed-off-by: Emin Demirci * Added graceful shutdown option Signed-off-by: Emin Demirci * Update stable/hazelcast-jet/README.md Co-Authored-By: eminn Signed-off-by: Emin Demirci Signed-off-by: Melissa Palmer --- stable/hazelcast-jet/.helmignore | 22 +++ stable/hazelcast-jet/Chart.yaml | 23 +++ stable/hazelcast-jet/OWNERS | 10 + stable/hazelcast-jet/README.md | 171 ++++++++++++++++++ stable/hazelcast-jet/templates/NOTES.txt | 61 +++++++ stable/hazelcast-jet/templates/_helpers.tpl | 43 +++++ stable/hazelcast-jet/templates/config.yaml | 16 ++ stable/hazelcast-jet/templates/role.yaml | 19 ++ .../hazelcast-jet/templates/rolebinding.yaml | 19 ++ stable/hazelcast-jet/templates/service.yaml | 22 +++ .../templates/serviceaccount.yaml | 11 ++ .../hazelcast-jet/templates/statefulset.yaml | 76 ++++++++ stable/hazelcast-jet/values.yaml | 161 +++++++++++++++++ 13 files changed, 654 insertions(+) create mode 100644 stable/hazelcast-jet/.helmignore create mode 100644 stable/hazelcast-jet/Chart.yaml create mode 100644 stable/hazelcast-jet/OWNERS create mode 100644 stable/hazelcast-jet/README.md create mode 100644 stable/hazelcast-jet/templates/NOTES.txt create mode 100644 stable/hazelcast-jet/templates/_helpers.tpl create mode 100644 stable/hazelcast-jet/templates/config.yaml create mode 100644 stable/hazelcast-jet/templates/role.yaml create mode 100644 stable/hazelcast-jet/templates/rolebinding.yaml create mode 100644 stable/hazelcast-jet/templates/service.yaml create mode 100644 stable/hazelcast-jet/templates/serviceaccount.yaml create mode 100644 stable/hazelcast-jet/templates/statefulset.yaml create mode 100644 stable/hazelcast-jet/values.yaml diff --git a/stable/hazelcast-jet/.helmignore b/stable/hazelcast-jet/.helmignore new file mode 100644 index 000000000000..06e1663c4db3 --- /dev/null +++ b/stable/hazelcast-jet/.helmignore @@ -0,0 +1,22 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj + diff --git a/stable/hazelcast-jet/Chart.yaml b/stable/hazelcast-jet/Chart.yaml new file mode 100644 index 000000000000..f7c5df6ed5a7 --- /dev/null +++ b/stable/hazelcast-jet/Chart.yaml @@ -0,0 +1,23 @@ +apiVersion: v1 +appVersion: "0.7" +description: Hazelcast Jet is an application embeddable, distributed computing engine built on top of Hazelcast In-Memory Data Grid (IMDG). With Hazelcast IMDG providing storage functionality, Hazelcast Jet performs parallel execution to enable data-intensive applications to operate in near real-time. +name: hazelcast-jet +version: 1.0.0 +keywords: +- hazelcast +- jet +- streaming +home: http://jet.hazelcast.org/ +icon: http://hazelcast.com/images/logos/Hazelcast-Jet-Logo-Blue_Light_Icon_200px.png +sources: +- https://github.com/hazelcast/hazelcast-jet +maintainers: +- name: emin + email: emin@hazelcast.com +- name: leszko + email: rafal@hazelcast.com +- name: googlielmo + email: guglielmo@hazelcast.com +- name: mesutcelik + email: mesut@hazelcast.com +engine: gotpl diff --git a/stable/hazelcast-jet/OWNERS b/stable/hazelcast-jet/OWNERS new file mode 100644 index 000000000000..0407af731865 --- /dev/null +++ b/stable/hazelcast-jet/OWNERS @@ -0,0 +1,10 @@ +approvers: +- eminn +- leszko +- mesutcelik +- googlielmo +reviewers: +- eminn +- leszko +- mesutcelik +- googlielmo diff --git a/stable/hazelcast-jet/README.md b/stable/hazelcast-jet/README.md new file mode 100644 index 000000000000..c86788f8e179 --- /dev/null +++ b/stable/hazelcast-jet/README.md @@ -0,0 +1,171 @@ +# Hazelcast Jet + +[Hazelcast Jet](http://jet.hazelcast.org) is a distributed computing +platform built for high-performance stream processing and fast batch +processing. It embeds Hazelcast In-Memory Data Grid (IMDG) to provide +a lightweight, simple-to-deploy package that includes scalable +in-memory storage. + +Visit [jet.hazelcast.org](http://jet.hazelcast.org) to learn more +about the architecture and use cases. + +## Quick Start + +```bash +$ helm install hazelcast/hazelcast-jet +``` + +## Introduction + +This chart bootstraps a [Hazelcast Jet](https://github.com/hazelcast/hazelcast-jet-docker) deployments on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. + +## Prerequisites + +- Kubernetes 1.9+ + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --name my-release hazelcast/hazelcast-jet +``` + +The command deploys Hazelcast Jet on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +> **Tip**: List all releases using `helm list` + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +The following table lists the configurable parameters of the Hazelcast chart and their default values. + +| Parameter | Description | Default | +|--------------------------------------------|----------------------------------------------------------------------------------------------------------------|------------------------------------------------------| +| `image.repository` | Hazelcast Jet Image name | `hazelcast/hazelcast-jet` | +| `image.tag` | Hazelcast Jet Image tag | `{VERSION}` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Specify docker-registry secret names as an array | `nil` | +| `cluster.memberCount` | Number of Hazelcast Jet members | 2 | +| `jet.rest` | Enable REST endpoints for Hazelcast Jet member | `true` | +| `jet.javaOpts` | Additional JAVA_OPTS properties for Hazelcast Jet member | `nil` | +| `jet.configurationFiles` | Hazelcast configuration files | `{DEFAULT_HAZELCAST_XML}` | +| `nodeSelector` | Hazelcast Node labels for pod assignment | `nil` | +| `gracefulShutdown.enabled` | Turn on and off Graceful Shutdown | `true` | +| `gracefulShutdown.maxWaitSeconds` | Maximum time to wait for the Hazelcast Jet POD to shut down | `600` | +| `livenessProbe.enabled` | Turn on and off liveness probe | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `30` | +| `livenessProbe.periodSeconds` | How often to perform the probe | `10` | +| `livenessProbe.timeoutSeconds` | When the probe times out | `5` | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | `1` | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `readinessProbe.enabled` | Turn on and off readiness probe | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | `30` | +| `readinessProbe.periodSeconds` | How often to perform the probe | `10` | +| `readinessProbe.timeoutSeconds` | When the probe times out | `1` | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | `1` | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | `3` | +| `resources` | CPU/Memory resource requests/limits | `nil` | +| `service.type` | Kubernetes service type ('ClusterIP', 'LoadBalancer', or 'NodePort') | `ClusterIP` | +| `service.port` | Kubernetes service port | `5701` | +| `rbac.create` | Enable installing RBAC Role authorization | `true` | +| `serviceAccount.create` | Enable installing Service Account | `true` | +| `serviceAccount.name` | Name of Service Account, if not set, the name is generated using the fullname template | `nil` | + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```bash +$ helm install --name my-release \ + --set cluster.memberCount=3,serviceAccount.create=false \ + stable/hazelcast-jet +``` + +The above command sets number of Hazelcast Jet members to 3 and disables REST endpoints. + +Alternatively, a YAML file that specifies the values for the parameters can be provided while installing the chart. For example, + +```bash +$ helm install --name my-release -f values.yaml hazelcast/hazelcast-jet +``` + +> **Tip**: You can use the default [values.yaml](values.yaml) + +## Custom Hazelcast IMDG and Jet configuration + +Custom Hazelcast IMDG and Hazelcast Jet configuration can be specified inside `values.yaml`, as the `jet.configurationFiles.hazelcast.xml` and `jet.configurationFiles.hazelcast-jet.xml` properties. + +```yaml +jet: + configurationFiles: + hazelcast.xml: |- + + + + + true + + + + + + + + + ${serviceName} + ${namespace} + + + + + + + + hazelcast-jet.xml: |- + + + + + 8 + + 100 + + 1 + + + + custom property + + + + 1024 + + 16384 + + 3 + + + + + 120 + + 5 + + false + + +``` diff --git a/stable/hazelcast-jet/templates/NOTES.txt b/stable/hazelcast-jet/templates/NOTES.txt new file mode 100644 index 000000000000..41ff67a54e83 --- /dev/null +++ b/stable/hazelcast-jet/templates/NOTES.txt @@ -0,0 +1,61 @@ +** Hazelcast Jet cluster is being deployed! ** + +------------------------------------------------------------------------------- +To access Hazelcast Jet within the Kubernetes cluster: + +- Use Hazelcast Client with Kubernetes Discovery Strategy pointing to DNS: {{ template "hazelcast-jet.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local. Read more at: https://github.com/hazelcast/hazelcast-kubernetes. + +{{- if .Values.jet.rest }} +- Use REST healtcheck endpoint: + $ curl http://{{ template "hazelcast-jet.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:5701/hazelcast/health +{{- end }} + +------------------------------------------------------------------------------- + +To access Hazelcast from outside the Kubernetes cluster: + +- Use Hazelcast Client with Smart Routing disabled: +{{- if contains "LoadBalancer" .Values.service.type }} + *) Check service external IP: + $ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "hazelcast-jet.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + *) In Hazelcast Client configuration: + clientConfig.getNetworkConfig().setSmartRouting(false); + clientConfig.getNetworkConfig().addAddress("$SERVICE_IP:{{ .Values.service.port }}"); +{{- else if contains "ClusterIP" .Values.service.type }} + *) Forward port from POD: + $ export POD=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "hazelcast-jet.name" . }}" -o jsonpath="{.items[0].metadata.name}") + $ kubectl port-forward --namespace {{ .Release.Namespace }} $POD 5701:5701 + *) In Hazelcast Client configure: + clientConfig.getNetworkConfig().setSmartRouting(false); + clientConfig.getNetworkConfig().addAddress("127.0.0.1:5701"); +{{- else if contains "NodePort" .Values.service.type }} + *) Check Node IP and Port: + $ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + $ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "hazelcast-jet.fullname" . }}) + *) In Hazelcast Client configure: + clientConfig.getNetworkConfig().setSmartRouting(false); + clientConfig.getNetworkConfig().addAddress("$NODE_IP:$NODE_PORT"); +{{- end }} + +{{- if .Values.jet.rest }} + +- Use REST healtcheck endpoint: +{{- if contains "LoadBalancer" .Values.service.type }} + *) Check service external IP: + $ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "hazelcast-jet.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + *) Get health info: + $ curl http://$SERVICE_IP:{{ .Values.service.port }}/hazelcast/health +{{- else if contains "ClusterIP" .Values.service.type }} + *) Forward port from POD: + $ export POD=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "hazelcast-jet.name" . }}" -o jsonpath="{.items[0].metadata.name}") + $ kubectl port-forward --namespace {{ .Release.Namespace }} $POD 5701:5701 + *) Get health info: + $ curl http://127.0.0.1:5701/hazelcast/health +{{- else if contains "NodePort" .Values.service.type }} + *) Check Node IP and Port: + $ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + $ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "hazelcast-jet.fullname" . }}) + *) Get health info: + $ curl http://$NODE_IP:$NODE_PORT/hazelcast/health +{{- end }} +{{- end }} \ No newline at end of file diff --git a/stable/hazelcast-jet/templates/_helpers.tpl b/stable/hazelcast-jet/templates/_helpers.tpl new file mode 100644 index 000000000000..54acdd2115ef --- /dev/null +++ b/stable/hazelcast-jet/templates/_helpers.tpl @@ -0,0 +1,43 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "hazelcast-jet.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "hazelcast-jet.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "hazelcast-jet.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "hazelcast-jet.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "hazelcast-jet.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/stable/hazelcast-jet/templates/config.yaml b/stable/hazelcast-jet/templates/config.yaml new file mode 100644 index 000000000000..d44e8abd7679 --- /dev/null +++ b/stable/hazelcast-jet/templates/config.yaml @@ -0,0 +1,16 @@ +{{- if .Values.jet.configurationFiles }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "hazelcast-jet.fullname" . }}-configuration + labels: + app: {{ template "hazelcast-jet.name" . }} + chart: {{ template "hazelcast-jet.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: +{{- range $key, $val := .Values.jet.configurationFiles }} + {{ $key }}: |- +{{ $val | indent 4}} +{{- end }} +{{- end -}} diff --git a/stable/hazelcast-jet/templates/role.yaml b/stable/hazelcast-jet/templates/role.yaml new file mode 100644 index 000000000000..ab7ea838950e --- /dev/null +++ b/stable/hazelcast-jet/templates/role.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ template "hazelcast-jet.fullname" . }} + labels: + app: {{ template "hazelcast-jet.name" . }} + chart: {{ template "hazelcast-jet.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +rules: +- apiGroups: + - "" + resources: + - endpoints + verbs: + - get + - list +{{- end -}} diff --git a/stable/hazelcast-jet/templates/rolebinding.yaml b/stable/hazelcast-jet/templates/rolebinding.yaml new file mode 100644 index 000000000000..0d9eafcbdb10 --- /dev/null +++ b/stable/hazelcast-jet/templates/rolebinding.yaml @@ -0,0 +1,19 @@ +{{- if .Values.rbac.create -}} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "hazelcast-jet.fullname" . }} + labels: + app: {{ template "hazelcast-jet.name" . }} + chart: {{ template "hazelcast-jet.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: {{ template "hazelcast-jet.fullname" . }} +subjects: +- kind: ServiceAccount + name: {{ template "hazelcast-jet.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{ end }} diff --git a/stable/hazelcast-jet/templates/service.yaml b/stable/hazelcast-jet/templates/service.yaml new file mode 100644 index 000000000000..807c91430d28 --- /dev/null +++ b/stable/hazelcast-jet/templates/service.yaml @@ -0,0 +1,22 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "hazelcast-jet.fullname" . }} + labels: + app: {{ template "hazelcast-jet.name" . }} + chart: {{ template "hazelcast-jet.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + type: {{ .Values.service.type }} + {{- if .Values.service.clusterIP }} + clusterIP: {{ .Values.service.clusterIP }} + {{- end }} + selector: + app: {{ template "hazelcast-jet.name" . }} + release: "{{ .Release.Name }}" + ports: + - protocol: TCP + port: {{ .Values.service.port }} + targetPort: hazelcast-jet + name: hzport diff --git a/stable/hazelcast-jet/templates/serviceaccount.yaml b/stable/hazelcast-jet/templates/serviceaccount.yaml new file mode 100644 index 000000000000..8b131ac523e1 --- /dev/null +++ b/stable/hazelcast-jet/templates/serviceaccount.yaml @@ -0,0 +1,11 @@ +{{- if .Values.serviceAccount.create -}} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "hazelcast-jet.serviceAccountName" . }} + labels: + app: {{ template "hazelcast-jet.name" . }} + chart: {{ template "hazelcast-jet.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +{{- end -}} diff --git a/stable/hazelcast-jet/templates/statefulset.yaml b/stable/hazelcast-jet/templates/statefulset.yaml new file mode 100644 index 000000000000..dfc9aa4c3dbb --- /dev/null +++ b/stable/hazelcast-jet/templates/statefulset.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ template "hazelcast-jet.fullname" . }} + labels: + app: {{ template "hazelcast-jet.name" . }} + chart: {{ template "hazelcast-jet.chart" . }} + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +spec: + replicas: {{ .Values.cluster.memberCount }} + selector: + matchLabels: + app: {{ template "hazelcast-jet.name" . }} + release: "{{ .Release.Name }}" + template: + metadata: + labels: + app: {{ template "hazelcast-jet.name" . }} + release: "{{ .Release.Name }}" + spec: + {{- if .Values.image.pullSecrets }} + imagePullSecrets: + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end}} + {{- end}} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.gracefulShutdown.enabled }} + terminationGracePeriodSeconds: {{ .Values.gracefulShutdown.maxWaitSeconds }} + {{- end }} + containers: + - name: {{ template "hazelcast-jet.fullname" . }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy | quote }} + resources: +{{ toYaml .Values.resources | indent 10 }} + ports: + - name: hazelcast-jet + containerPort: 5701 + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /hazelcast/health/node-state + port: 5701 + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /hazelcast/health/node-state + port: 5701 + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} + volumeMounts: + - name: hazelcast-jet-storage + mountPath: /data/hazelcast-jet + env: + - name: JAVA_OPTS + value: "-Dhazelcast.rest.enabled={{ .Values.jet.rest }} -Dhazelcast.config=/data/hazelcast-jet/hazelcast.xml -Dhazelcast.jet.config=/data/hazelcast-jet/hazelcast-jet.xml -DserviceName={{ template "hazelcast-jet.fullname" . }} -Dnamespace={{ .Release.Namespace }} {{ if .Values.gracefulShutdown.enabled }}-Dhazelcast.shutdownhook.policy=GRACEFUL -Dhazelcast.shutdownhook.enabled=true -Dhazelcast.graceful.shutdown.max.wait={{ .Values.gracefulShutdown.maxWaitSeconds }} {{ end }} {{ .Values.jet.javaOpts }}" + serviceAccountName: {{ template "hazelcast-jet.serviceAccountName" . }} + volumes: + - name: hazelcast-jet-storage + configMap: + name: {{ template "hazelcast-jet.fullname" . }}-configuration diff --git a/stable/hazelcast-jet/values.yaml b/stable/hazelcast-jet/values.yaml new file mode 100644 index 000000000000..e021b4ff9d43 --- /dev/null +++ b/stable/hazelcast-jet/values.yaml @@ -0,0 +1,161 @@ +## Hazelcast Jet image version +## ref: https://hub.docker.com/r/hazelcast/hazelcast-jet/tags/ +## +image: + # repository is the Hazelcast Jet image name + repository: "hazelcast/hazelcast-jet" + # tag is the Hazelcast Jet image tag + tag: "0.7" + # pullPolicy is the Docker image pull policy + # It's recommended to change this to 'Always' if the image tag is 'latest' + # ref: http://kubernetes.io/docs/user-guide/images/#updating-images + # + pullPolicy: IfNotPresent + # pullSecrets is an array of docker-registry secret names + # Secrets must be manually created in the namespace. + # ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ + # pullSecrets: + # - myRegistryKeySecretName + +# Cluster settings +cluster: + # memberCount is the number Hazelcast Jet members + memberCount: 2 + +# Hazelcast Jet properties +jet: + # rest is a flag used to enable REST endpoints for Hazelcast Jet member + rest: true + # javaOpts are additional JAVA_OPTS properties for Hazelcast Jet member + javaOpts: + # configurationFiles are Hazelcast Jet configuration files + configurationFiles: + hazelcast.xml: |- + + + + true + + + + + + + + + ${serviceName} + ${namespace} + + + + + + + hazelcast-jet.xml: |- + + + + + 8 + + 100 + + 1 + + + + custom property + + + + 1024 + + 16384 + + 3 + + + + + 120 + + 5 + + false + + + +# nodeSelector is an array of Hazelcast Node labels for POD assignments +# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector +nodeSelector: {} + +gracefulShutdown: + enabled: true + maxWaitSeconds: 600 + +# Hazelcast Liveness probe +livenessProbe: + # enabled is a flag to used to enable liveness probe + enabled: true + # initialDelaySeconds is a delay before liveness probe is initiated + initialDelaySeconds: 30 + # periodSeconds decides how often to perform the probe + periodSeconds: 10 + # timeoutSeconds decides when the probe times out + timeoutSeconds: 5 + # successThreshold is the minimum consecutive successes for the probe to be considered successful after having failed + successThreshold: 1 + # failureThreshold is the minimum consecutive failures for the probe to be considered failed after having succeeded + failureThreshold: 3 + +# Hazelcast Readiness probe +readinessProbe: + # enabled is a flag to used to enable readiness probe + enabled: true + # initialDelaySeconds is a delay before readiness probe is initiated + initialDelaySeconds: 30 + # periodSeconds decides how often to perform the probe + periodSeconds: 10 + # timeoutSeconds decides when the probe times out + timeoutSeconds: 1 + # successThreshold is the minimum consecutive successes for the probe to be considered successful after having failed + successThreshold: 1 + # failureThreshold is the minimum consecutive failures for the probe to be considered failed after having succeeded + failureThreshold: 3 + +# Configure resource requests and limits +# ref: http://kubernetes.io/docs/user-guide/compute-resources/ +# +# resources: +# requests: +# memory: 256Mi +# cpu: 100m + +# Hazelcast Service properties +service: + # type defines the Kubernetes service type ('ClusterIP', 'LoadBalancer', or 'NodePort') + type: ClusterIP + # port is the Kubernetes service port + port: 5701 + # clusterIP set to None makes the service headless + # It is required if DNS Lookup is used (https://github.com/hazelcast/hazelcast-kubernetes#dns-lookup) + # clusterIP: "None" + +# Role-based Access Control +rbac: + # Specifies whether RBAC resources should be created + # It is not required if DNS Lookup is used (https://github.com/hazelcast/hazelcast-kubernetes#dns-lookup) + create: true + +serviceAccount: + # Specifies whether a ServiceAccount should be created + create: true + # The name of the ServiceAccount to use. + # If not set and create is true, a name is generated using the fullname template + name: From 3bec26c24cd3155ca0ccf5abc32cb2be1b70717f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20de=20Saint=20Martin?= Date: Wed, 19 Dec 2018 13:53:58 +0100 Subject: [PATCH 045/136] [stable/kubernetes-dashboard] Upgrade to 1.10.1. (#10056) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Cédric de Saint Martin Signed-off-by: Melissa Palmer --- stable/kubernetes-dashboard/Chart.yaml | 4 ++-- stable/kubernetes-dashboard/README.md | 2 +- stable/kubernetes-dashboard/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/kubernetes-dashboard/Chart.yaml b/stable/kubernetes-dashboard/Chart.yaml index b5b6f0a80e9d..5fb366f59d71 100644 --- a/stable/kubernetes-dashboard/Chart.yaml +++ b/stable/kubernetes-dashboard/Chart.yaml @@ -1,6 +1,6 @@ name: kubernetes-dashboard -version: 0.10.0 -appVersion: 1.10.0 +version: 0.10.1 +appVersion: 1.10.1 description: General-purpose web UI for Kubernetes clusters keywords: - kubernetes diff --git a/stable/kubernetes-dashboard/README.md b/stable/kubernetes-dashboard/README.md index 7289484156de..01b9aa13f735 100644 --- a/stable/kubernetes-dashboard/README.md +++ b/stable/kubernetes-dashboard/README.md @@ -45,7 +45,7 @@ The following table lists the configurable parameters of the kubernetes-dashboar | Parameter | Description | Default | |-------------------------------------|-----------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------------------------| | `image.repository` | Repository for container image | `k8s.gcr.io/kubernetes-dashboard-amd64` | -| `image.tag` | Image tag | `v1.10.0` | +| `image.tag` | Image tag | `v1.10.1` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `annotations` | Annotations for deployment | `{}` | | `replicaCount` | Number of replicas | `1` | diff --git a/stable/kubernetes-dashboard/values.yaml b/stable/kubernetes-dashboard/values.yaml index d926b3ee4c08..6b56b443236a 100644 --- a/stable/kubernetes-dashboard/values.yaml +++ b/stable/kubernetes-dashboard/values.yaml @@ -5,7 +5,7 @@ image: repository: k8s.gcr.io/kubernetes-dashboard-amd64 - tag: v1.10.0 + tag: v1.10.1 pullPolicy: IfNotPresent replicaCount: 1 From c4d117d9c749061a217d2a791f8855c33b4e9caa Mon Sep 17 00:00:00 2001 From: Mahesh Panchaksharaiah Date: Wed, 19 Dec 2018 18:33:29 +0530 Subject: [PATCH 046/136] Gocd 18.12.0 (#10132) * Bump up GoCD version to 18.12.0 Signed-off-by: Mahesh Panchaksharaiah * Updated Changelog Signed-off-by: Mahesh Panchaksharaiah Signed-off-by: Melissa Palmer --- stable/gocd/CHANGELOG.md | 4 ++++ stable/gocd/Chart.yaml | 4 ++-- stable/gocd/values.yaml | 2 +- 3 files changed, 7 insertions(+), 3 deletions(-) diff --git a/stable/gocd/CHANGELOG.md b/stable/gocd/CHANGELOG.md index b158a9f958c6..f7daa15d4089 100644 --- a/stable/gocd/CHANGELOG.md +++ b/stable/gocd/CHANGELOG.md @@ -1,3 +1,7 @@ +### 1.5.11 +* [a8f4e6c9](https://github.com/kubernetes/charts/commit/a8f4e6c9): + - Bump up GoCD app version to 18.12.0 + ### 1.5.10 * [87b3a755](https://github.com/kubernetes/charts/commit/87b3a755): - Allow the override of the preconfigure command diff --git a/stable/gocd/Chart.yaml b/stable/gocd/Chart.yaml index 49724bb1acbf..24ad96d95fb3 100644 --- a/stable/gocd/Chart.yaml +++ b/stable/gocd/Chart.yaml @@ -1,7 +1,7 @@ name: gocd home: https://www.gocd.org/ -version: 1.5.10 -appVersion: 18.11.0 +version: 1.5.11 +appVersion: 18.12.0 description: GoCD is an open-source continuous delivery server to model and visualize complex workflows with ease. icon: https://gocd.github.io/assets/images/go-icon-black-192x192.png keywords: diff --git a/stable/gocd/values.yaml b/stable/gocd/values.yaml index b1731b3afc90..b9df12fd6a86 100644 --- a/stable/gocd/values.yaml +++ b/stable/gocd/values.yaml @@ -69,7 +69,7 @@ server: # server.env.extraEnvVars is the list of environment variables passed to GoCD Server extraEnvVars: - name: GOCD_PLUGIN_INSTALL_kubernetes-elastic-agents - value: https://github.com/gocd/kubernetes-elastic-agents/releases/download/v2.0.0/kubernetes-elastic-agent-2.0.0-113.jar + value: https://github.com/gocd/kubernetes-elastic-agents/releases/download/2.1.0-123/kubernetes-elastic-agent-2.1.0-123.jar - name: GOCD_PLUGIN_INSTALL_docker-registry-artifact-plugin value: https://github.com/gocd/docker-registry-artifact-plugin/releases/download/1.0.0/docker-registry-artifact-plugin-1.0.0-3.jar service: From e9f860161b870938b98535197e4ce5dcaac4c925 Mon Sep 17 00:00:00 2001 From: Frank Reno Date: Wed, 19 Dec 2018 06:22:41 -0700 Subject: [PATCH 047/136] =?UTF-8?q?Update=20to=20latest=20image,=20add=20O?= =?UTF-8?q?WNERS=20as=20well=20as=20add=20new=20owner=20to=20team,=20?= =?UTF-8?q?=E2=80=A6=20(#10107)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update to latest image, add OWNERS as well as add new owner to team, fix README, update Helm Charts root readme with incorrect text. Signed-off-by: Frank Reno freno@sumologic.com Signed-off-by: Frank Reno * add delete policy hook to fix issues when upgrading chart Signed-off-by: Frank Reno freno@sumologic.com Signed-off-by: Frank Reno Signed-off-by: Melissa Palmer --- README.md | 2 +- stable/sumologic-fluentd/Chart.yaml | 6 +++-- stable/sumologic-fluentd/OWNERS | 10 ++++++++ stable/sumologic-fluentd/README.md | 4 ++-- .../sumologic-fluentd/templates/.helmignore | 23 +++++++++++++++++++ .../sumologic-fluentd/templates/secrets.yaml | 1 + stable/sumologic-fluentd/values.yaml | 2 +- 7 files changed, 42 insertions(+), 6 deletions(-) create mode 100644 stable/sumologic-fluentd/OWNERS create mode 100644 stable/sumologic-fluentd/templates/.helmignore diff --git a/README.md b/README.md index c16e6f4690b6..469903e6dd75 100644 --- a/README.md +++ b/README.md @@ -66,7 +66,7 @@ Individual charts can be maintained by one or more users of GitHub. When someone 1. Be invited (and accept your invite) as a read-only collaborator on [this repo](https://github.com/helm/charts). This is required for @k8s-ci-robot [PR comment interaction](https://github.com/kubernetes/community/blob/master/contributors/guide/pull-requests.md). 1. An OWNERS file needs to be added to a chart. That OWNERS file should list the maintainers' GitHub login names for both the reviewers and approvers sections. For an example see the [Drupal chart](stable/drupal/OWNERS). The `OWNERS` file should also be appended to the `.helmignore` file. -Once these two steps are done a chart approver can merge pull requests following the directions in the [REVIEW_GUIDELINES.md](REVIEW_GUIDELINES.md) file. +Once these three steps are done a chart approver can merge pull requests following the directions in the [REVIEW_GUIDELINES.md](REVIEW_GUIDELINES.md) file. ## Trusted Collaborator diff --git a/stable/sumologic-fluentd/Chart.yaml b/stable/sumologic-fluentd/Chart.yaml index 66cef53c3c9b..baad9205d746 100755 --- a/stable/sumologic-fluentd/Chart.yaml +++ b/stable/sumologic-fluentd/Chart.yaml @@ -1,6 +1,6 @@ name: sumologic-fluentd -version: 0.7.0 -appVersion: 2.0.0 +version: 0.8.0 +appVersion: 2.1.0 description: Sumologic Log Collector keywords: - monitoring @@ -16,3 +16,5 @@ maintainers: email: freno@sumologic.com - name: darend email: darend@gmail.com + - name: bendrucker + email: ben@takescoop.com diff --git a/stable/sumologic-fluentd/OWNERS b/stable/sumologic-fluentd/OWNERS new file mode 100644 index 000000000000..347d5051f352 --- /dev/null +++ b/stable/sumologic-fluentd/OWNERS @@ -0,0 +1,10 @@ +approvers: +- frankreno +- flah00 +- darend +- bendrucker +reviewers: +- frankreno +- flah00 +- darend +- bendrucker diff --git a/stable/sumologic-fluentd/README.md b/stable/sumologic-fluentd/README.md index d09fd75d7f1d..3523ec34fb12 100644 --- a/stable/sumologic-fluentd/README.md +++ b/stable/sumologic-fluentd/README.md @@ -6,7 +6,7 @@ ## Introduction -This chart adds the Sumo Logic Collector to all nodes in your cluster as a +This chart adds the [Sumo Logic FluentD Plugin](https://github.com/SumoLogic/fluentd-kubernetes-sumologic) to all nodes in your cluster as a DaemonSet. The image supports fluentd `file` and `systemd` log sources. After you have installed the chart, each pod, deployment, etc. can be optionally @@ -94,7 +94,7 @@ The following table lists the configurable parameters of the sumologic-fluentd c | `sumologic.proxyUri` | Add the uri of the proxy environment if present. | `Nil` | `sumologic.enableStatWatcher` | Option to control the enabling of [stat_watcher](https://docs.fluentd.org/v1.0/articles/in_tail#enable_stat_watcher). | `true` | `image.name` | The image repository and name to pull from | `sumologic/fluentd-kubernetes-sumologic` | -| `image.tag` | The image tag to pull | `v1.16` | +| `image.tag` | The image tag to pull | `v2.1.0` | | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `persistence.enabled` | Boolean value, used to turn on or off fluentd position file persistence, on nodes (requires Kubernetes >= 1.8) | `false` | | `persistence.hostPath` | The path, on each node, to a directory for fluentd pos files. You must create the directory on each node first or set `persistence.createPath` (requires Kubernetes >= 1.8) | `/var/run/fluentd-pos` | diff --git a/stable/sumologic-fluentd/templates/.helmignore b/stable/sumologic-fluentd/templates/.helmignore new file mode 100644 index 000000000000..a9fe72788117 --- /dev/null +++ b/stable/sumologic-fluentd/templates/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +# OWNERS file for Kubernetes +OWNERS \ No newline at end of file diff --git a/stable/sumologic-fluentd/templates/secrets.yaml b/stable/sumologic-fluentd/templates/secrets.yaml index bf4a0bb95661..915a66022623 100644 --- a/stable/sumologic-fluentd/templates/secrets.yaml +++ b/stable/sumologic-fluentd/templates/secrets.yaml @@ -9,6 +9,7 @@ metadata: heritage: "{{ .Release.Service }}" annotations: "helm.sh/hook": pre-install,pre-upgrade + "helm.sh/hook-delete-policy": "before-hook-creation" type: Opaque data: collector-url: {{ default "MISSING" .Values.sumologic.collectorUrl | b64enc | quote }} diff --git a/stable/sumologic-fluentd/values.yaml b/stable/sumologic-fluentd/values.yaml index 37d063a3e259..494598d1ec2d 100644 --- a/stable/sumologic-fluentd/values.yaml +++ b/stable/sumologic-fluentd/values.yaml @@ -1,7 +1,7 @@ # Default values for sumologic-fluentd. image: name: sumologic/fluentd-kubernetes-sumologic - tag: v2.0.0 + tag: v2.1.0 pullPolicy: IfNotPresent ## Annotations to add to the DaemonSet's Pods From d98791b7a2d53eed83548fdc3dc4523ccc4997d8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Bauer?= Date: Wed, 19 Dec 2018 14:33:52 +0100 Subject: [PATCH 048/136] [stable/fluentd-elasticsearch] several chart updates (#9382) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * fixed matchlabels Signed-off-by: André Bauer * added scheme setting Signed-off-by: André Bauer * added axdotl to OWNERS file Signed-off-by: André Bauer * updated deamonset api version Signed-off-by: André Bauer * fixed mixed up logstash & scheme vars Signed-off-by: André Bauer * fixed lables in NOTES.txt Signed-off-by: André Bauer Signed-off-by: Melissa Palmer --- stable/fluentd-elasticsearch/Chart.yaml | 2 +- stable/fluentd-elasticsearch/OWNERS | 2 ++ stable/fluentd-elasticsearch/README.md | 5 ++-- .../fluentd-elasticsearch/templates/NOTES.txt | 22 +++++++++++++-- .../templates/_helpers.tpl | 17 +++++++++++- .../templates/clusterrole.yaml | 8 +++--- .../templates/clusterrolebinding.yaml | 10 +++---- .../templates/configmap.yaml | 9 ++++--- .../templates/daemonset.yaml | 27 +++++++++---------- .../templates/pod-security-policy.yaml | 8 +++--- .../fluentd-elasticsearch/templates/role.yaml | 8 +++--- .../templates/rolebinding.yaml | 8 +++--- .../templates/service-account.yaml | 8 +++--- .../templates/service.yaml | 16 ++++++----- stable/fluentd-elasticsearch/values.yaml | 4 ++- 15 files changed, 97 insertions(+), 57 deletions(-) diff --git a/stable/fluentd-elasticsearch/Chart.yaml b/stable/fluentd-elasticsearch/Chart.yaml index 91aeecf069ae..85d8491b0476 100644 --- a/stable/fluentd-elasticsearch/Chart.yaml +++ b/stable/fluentd-elasticsearch/Chart.yaml @@ -1,5 +1,5 @@ name: fluentd-elasticsearch -version: 1.5.0 +version: 2.0.0 appVersion: 2.3.2 home: https://www.fluentd.org/ description: A Fluentd Helm chart for Kubernetes with Elasticsearch output diff --git a/stable/fluentd-elasticsearch/OWNERS b/stable/fluentd-elasticsearch/OWNERS index 9375c95fd5ce..d2be9eee15d0 100644 --- a/stable/fluentd-elasticsearch/OWNERS +++ b/stable/fluentd-elasticsearch/OWNERS @@ -1,4 +1,6 @@ approvers: +- axdotl - monotek reviewers: +- axdotl - monotek diff --git a/stable/fluentd-elasticsearch/README.md b/stable/fluentd-elasticsearch/README.md index f85d3d55689a..b1a81b1a0b8b 100644 --- a/stable/fluentd-elasticsearch/README.md +++ b/stable/fluentd-elasticsearch/README.md @@ -47,11 +47,12 @@ The following table lists the configurable parameters of the Fluentd elasticsear | ---------------------------------- | ------------------------------------------ | ---------------------------------------------------------- | | `annotations` | Optional daemonset annotations | `NULL` | | `configMaps` | Fluentd configmaps | `default conf files` | -| `elasticsearch.host` | Elstaicsearch Host | `elasticsearch-client` | +| `elasticsearch.host` | Elasticsearch Host | `elasticsearch-client` | | `elasticsearch.port` | Elasticsearch Port | `9200` | | `elasticsearch.logstash_prefix` | Elasticsearch Logstash prefix | `logstash` | | `elasticsearch.buffer_chunk_limit` | Elasticsearch buffer chunk limit | `2M` | | `elasticsearch.buffer_queue_limit` | Elasticsearch buffer queue limit | `8` | +| `elasticsearch.scheme` | Elasticsearch scheme setting | `http` | | `env` | List of environment variables that are added to the fluentd pods | `{}` | | `extraVolumeMounts` | Mount an extra volume, required to mount ssl certificates when elasticsearch has tls enabled | | | `extraVolume` | Extra volume | | @@ -72,7 +73,7 @@ The following table lists the configurable parameters of the Fluentd elasticsear | `service.ports` | List of service ports dict [{name:...}...] | Not Set | | `service.ports[].name` | One of service ports name | Not Set | | `service.ports[].port` | Service port | Not Set | -| `service.ports[].nodePort` | NodePort port(when service.type is NodePort) | Not Set | +| `service.ports[].nodePort` | NodePort port (when service.type is NodePort) | Not Set | | `service.ports[].protocol` | Service protocol(optional, can be TCP/UDP) | Not Set | | `serviceAccount.create` | Specifies whether a service account should be created.| `true` | | `serviceAccount.name` | Name of the service account. | | diff --git a/stable/fluentd-elasticsearch/templates/NOTES.txt b/stable/fluentd-elasticsearch/templates/NOTES.txt index d0cf7656943c..977bc1066b85 100644 --- a/stable/fluentd-elasticsearch/templates/NOTES.txt +++ b/stable/fluentd-elasticsearch/templates/NOTES.txt @@ -1,6 +1,24 @@ -To verify that Fluentd has started, run: +1. To verify that Fluentd has started, run: - kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "fluentd-elasticsearch.name" . }},release={{ .Release.Name }}" + kubectl --namespace={{ .Release.Namespace }} get pods -l "app.kubernetes.io/name={{ include "fluentd-elasticsearch.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" THIS APPLICATION CAPTURES ALL CONSOLE OUTPUT AND FORWARDS IT TO elasticsearch . Anything that might be identifying, including things like IP addresses, container images, and object names will NOT be anonymized. + +{{- if .Values.service }} +2. Get the application URL by running these commands: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "fluentd-elasticsearch.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "fluentd-elasticsearch.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "fluentd-elasticsearch.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "fluentd-elasticsearch.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} +{{- end }} diff --git a/stable/fluentd-elasticsearch/templates/_helpers.tpl b/stable/fluentd-elasticsearch/templates/_helpers.tpl index 46b56b983456..96fc5bc7ccf3 100644 --- a/stable/fluentd-elasticsearch/templates/_helpers.tpl +++ b/stable/fluentd-elasticsearch/templates/_helpers.tpl @@ -9,11 +9,26 @@ Expand the name of the chart. {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. */}} {{- define "fluentd-elasticsearch.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} {{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{- end -}} +{{- end -}} +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "fluentd-elasticsearch.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} {{/* Create the name of the service account to use @@ -24,4 +39,4 @@ Create the name of the service account to use {{- else -}} {{ default "default" .Values.serviceAccount.name }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/fluentd-elasticsearch/templates/clusterrole.yaml b/stable/fluentd-elasticsearch/templates/clusterrole.yaml index 10eaa8de65ee..34e3569b7af8 100644 --- a/stable/fluentd-elasticsearch/templates/clusterrole.yaml +++ b/stable/fluentd-elasticsearch/templates/clusterrole.yaml @@ -4,12 +4,12 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ template "fluentd-elasticsearch.fullname" . }} labels: - app: {{ template "fluentd-elasticsearch.name" . }} + app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} + helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} rules: - apiGroups: - "" diff --git a/stable/fluentd-elasticsearch/templates/clusterrolebinding.yaml b/stable/fluentd-elasticsearch/templates/clusterrolebinding.yaml index ac5ba2342cad..d5d28b4753c4 100644 --- a/stable/fluentd-elasticsearch/templates/clusterrolebinding.yaml +++ b/stable/fluentd-elasticsearch/templates/clusterrolebinding.yaml @@ -4,15 +4,15 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: {{ template "fluentd-elasticsearch.fullname" . }} labels: - app: {{ template "fluentd-elasticsearch.name" . }} + app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} + helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} subjects: - kind: ServiceAccount - name: {{ template "fluentd-elasticsearch.fullname" . }} + name: {{ template "fluentd-elasticsearch.serviceAccountName" . }} namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole diff --git a/stable/fluentd-elasticsearch/templates/configmap.yaml b/stable/fluentd-elasticsearch/templates/configmap.yaml index 6fc1a19be9bc..6f26f83a69ca 100644 --- a/stable/fluentd-elasticsearch/templates/configmap.yaml +++ b/stable/fluentd-elasticsearch/templates/configmap.yaml @@ -3,10 +3,11 @@ kind: ConfigMap metadata: name: {{ template "fluentd-elasticsearch.fullname" . }} labels: - app: {{ template "fluentd-elasticsearch.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: {{ .Release.Service | quote }} - release: {{ .Release.Name | quote }} + app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} + helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile data: {{- range $key, $value := .Values.configMaps }} diff --git a/stable/fluentd-elasticsearch/templates/daemonset.yaml b/stable/fluentd-elasticsearch/templates/daemonset.yaml index b725dc6e866e..ea4fa5214d5b 100644 --- a/stable/fluentd-elasticsearch/templates/daemonset.yaml +++ b/stable/fluentd-elasticsearch/templates/daemonset.yaml @@ -1,32 +1,29 @@ -apiVersion: apps/v1beta2 +apiVersion: apps/v1 kind: DaemonSet metadata: name: {{ template "fluentd-elasticsearch.fullname" . }} labels: - app: {{ template "fluentd-elasticsearch.fullname" . }} - version: {{ .Values.image.tag }} + app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} + helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" spec: updateStrategy: {{ toYaml .Values.updateStrategy | indent 4 }} selector: matchLabels: - app: {{ template "fluentd-elasticsearch.fullname" . }} - release: "{{ .Release.Name }}" + app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: - app: {{ template "fluentd-elasticsearch.fullname" . }} - version: {{ .Values.image.tag }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: "{{ .Release.Service }}" + app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} + helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} kubernetes.io/cluster-service: "true" - version: {{ .Values.image.tag }} - release: "{{ .Release.Name }}" # This annotation ensures that fluentd does not get evicted if the node # supports critical pod annotation based priority scheme. # Note that this does not guarantee admission on the nodes (#40573). @@ -51,6 +48,8 @@ spec: value: {{ .Values.elasticsearch.port | quote }} - name: LOGSTASH_PREFIX value: {{ .Values.elasticsearch.logstash_prefix | quote }} + - name: OUTPUT_SCHEME + value: {{ .Values.elasticsearch.scheme | quote }} - name: OUTPUT_BUFFER_CHUNK_LIMIT value: {{ .Values.elasticsearch.buffer_chunk_limit | quote }} - name: OUTPUT_BUFFER_QUEUE_LIMIT diff --git a/stable/fluentd-elasticsearch/templates/pod-security-policy.yaml b/stable/fluentd-elasticsearch/templates/pod-security-policy.yaml index f9be3bc432da..2a74cad534ab 100644 --- a/stable/fluentd-elasticsearch/templates/pod-security-policy.yaml +++ b/stable/fluentd-elasticsearch/templates/pod-security-policy.yaml @@ -4,12 +4,12 @@ kind: PodSecurityPolicy metadata: name: {{ template "fluentd-elasticsearch.fullname" . }} labels: - app: {{ template "fluentd-elasticsearch.name" . }} + app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} + helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} annotations: {{- if .Values.podSecurityPolicy.annotations }} {{ toYaml .Values.podSecurityPolicy.annotations | indent 4 }} diff --git a/stable/fluentd-elasticsearch/templates/role.yaml b/stable/fluentd-elasticsearch/templates/role.yaml index 8bc4f8e41659..57ea3ddb2a24 100644 --- a/stable/fluentd-elasticsearch/templates/role.yaml +++ b/stable/fluentd-elasticsearch/templates/role.yaml @@ -4,12 +4,12 @@ kind: Role metadata: name: {{ template "fluentd-elasticsearch.fullname" . }} labels: - app: {{ template "fluentd-elasticsearch.name" . }} + app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} + helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} rules: - apiGroups: ['extensions'] resources: ['podsecuritypolicies'] diff --git a/stable/fluentd-elasticsearch/templates/rolebinding.yaml b/stable/fluentd-elasticsearch/templates/rolebinding.yaml index 0bf45585a341..29a341d8ab5f 100644 --- a/stable/fluentd-elasticsearch/templates/rolebinding.yaml +++ b/stable/fluentd-elasticsearch/templates/rolebinding.yaml @@ -5,12 +5,12 @@ kind: RoleBinding metadata: name: {{ template "fluentd-elasticsearch.fullname" . }} labels: - app: {{ template "fluentd-elasticsearch.name" . }} + app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} + helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} roleRef: kind: Role name: {{ template "fluentd-elasticsearch.fullname" . }} diff --git a/stable/fluentd-elasticsearch/templates/service-account.yaml b/stable/fluentd-elasticsearch/templates/service-account.yaml index 9bbc28f95152..91ace19bbcc0 100644 --- a/stable/fluentd-elasticsearch/templates/service-account.yaml +++ b/stable/fluentd-elasticsearch/templates/service-account.yaml @@ -4,10 +4,10 @@ kind: ServiceAccount metadata: name: {{ template "fluentd-elasticsearch.fullname" . }} labels: - app: {{ template "fluentd-elasticsearch.name" . }} + app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} + helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile - chart: {{ .Chart.Name }}-{{ .Chart.Version }} - heritage: {{ .Release.Service }} - release: {{ .Release.Name }} {{- end -}} diff --git a/stable/fluentd-elasticsearch/templates/service.yaml b/stable/fluentd-elasticsearch/templates/service.yaml index 9a00e336d255..a0fb53bba911 100644 --- a/stable/fluentd-elasticsearch/templates/service.yaml +++ b/stable/fluentd-elasticsearch/templates/service.yaml @@ -4,10 +4,12 @@ kind: Service metadata: name: {{ template "fluentd-elasticsearch.fullname" . }} labels: - app: {{ template "fluentd-elasticsearch.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - heritage: "{{ .Release.Service }}" - release: "{{ .Release.Name }}" + app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} + helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + kubernetes.io/cluster-service: "true" + addonmanager.kubernetes.io/mode: Reconcile spec: type: {{ .Values.service.type }} ports: @@ -23,6 +25,6 @@ spec: {{- end }} {{- end }} selector: - app: {{ template "fluentd-elasticsearch.fullname" . }} - release: {{ .Release.Name }} -{{- end }} \ No newline at end of file + app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/stable/fluentd-elasticsearch/values.yaml b/stable/fluentd-elasticsearch/values.yaml index 9236b0d18f34..bc6624161145 100644 --- a/stable/fluentd-elasticsearch/values.yaml +++ b/stable/fluentd-elasticsearch/values.yaml @@ -23,6 +23,7 @@ elasticsearch: buffer_chunk_limit: 2M buffer_queue_limit: 8 logstash_prefix: 'logstash' + scheme: 'http' # If you want to add custom environment variables, use the env dict # You can then reference these in your config file e.g.: @@ -447,9 +448,10 @@ configMaps: @type elasticsearch @log_level info include_tag_key true - type_name fluentd + type_name _doc host "#{ENV['OUTPUT_HOST']}" port "#{ENV['OUTPUT_PORT']}" + scheme "#{ENV['OUTPUT_SCHEME']}" logstash_format true logstash_prefix "#{ENV['LOGSTASH_PREFIX']}" From 6f15206fda7c516f690efcd12c2218c37960efdd Mon Sep 17 00:00:00 2001 From: sedpavel <45686153+sedpavel@users.noreply.github.com> Date: Wed, 19 Dec 2018 14:43:32 +0100 Subject: [PATCH 049/136] Neo4j configure discovery host (#9795) * Add config for initial members discovery domain sufix. Signed-off-by: Pavel Sedivy * bump MINOR version since new config is added Signed-off-by: Pavel Sedivy * rename specific initialMembersDiscoveryDomainSuffix config to general clusterDomain Signed-off-by: Pavel Sedivy Signed-off-by: Melissa Palmer --- stable/neo4j/Chart.yaml | 2 +- stable/neo4j/README.md | 37 ++++++++++--------- stable/neo4j/templates/core-statefulset.yaml | 2 +- .../templates/readreplicas-deployment.yaml | 2 +- stable/neo4j/values.yaml | 3 ++ 5 files changed, 25 insertions(+), 21 deletions(-) diff --git a/stable/neo4j/Chart.yaml b/stable/neo4j/Chart.yaml index 09c38ddec60c..8b492d81d74c 100644 --- a/stable/neo4j/Chart.yaml +++ b/stable/neo4j/Chart.yaml @@ -1,6 +1,6 @@ name: neo4j home: https://www.neo4j.com -version: 0.8.0 +version: 0.9.0 appVersion: 3.4.5 description: Neo4j is the world's leading graph database icon: http://info.neo4j.com/rs/773-GON-065/images/neo4j_logo.png diff --git a/stable/neo4j/README.md b/stable/neo4j/README.md index 36f3cc1362e2..e89e4ad3fcdc 100644 --- a/stable/neo4j/README.md +++ b/stable/neo4j/README.md @@ -56,24 +56,25 @@ deletes the release. The following table lists the configurable parameters of the Neo4j chart and their default values. -| Parameter | Description | Default | -| ------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | -| `image` | Neo4j image | `neo4j` | -| `imageTag` | Neo4j version | `{VERSION}` | -| `imagePullPolicy` | Image pull policy | `IfNotPresent` | -| `podDisruptionBudget` | Pod disruption budget | `{}` | -| `authEnabled` | Is login/password required? | `true` | -| `core.numberOfServers` | Number of machines in CORE mode | `3` | -| `core.sideCarContainers` | Sidecar containers to add to the core pod. Example use case is a sidecar which identifies and labels the leader when using the http API | `{}` | -| `core.initContainers` | Init containers to add to the core pod. Example use case is a script that installs the APOC library | `{}` | -| `core.persistentVolume.storageClass` | Storage class of backing PVC | `standard` (uses beta storage class annotation) | -| `core.persistentVolume.size` | Size of data volume | `10Gi` | -| `core.persistentVolume.mountPath` | Persistent Volume mount root path | `/data` | -| `core.persistentVolume.subPath` | Subdirectory of the volume to mount | `nil` | -| `core.persistentVolume.annotations` | Persistent Volume Claim annotations | `{}` | -| `readReplica.numberOfServers` | Number of machines in READ_REPLICA mode | `0` | -| `readReplica.initContainers` | Init containers to add to the replica pod. Example use case is a script that installs the APOC library | `{}` | -| `resources` | Resources required (e.g. CPU, memory) | `{}` | +| Parameter | Description | Default | +| ------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------- | +| `image` | Neo4j image | `neo4j` | +| `imageTag` | Neo4j version | `{VERSION}` | +| `imagePullPolicy` | Image pull policy | `IfNotPresent` | +| `podDisruptionBudget` | Pod disruption budget | `{}` | +| `authEnabled` | Is login/password required? | `true` | +| `core.numberOfServers` | Number of machines in CORE mode | `3` | +| `core.sideCarContainers` | Sidecar containers to add to the core pod. Example use case is a sidecar which identifies and labels the leader when using the http API | `{}` | +| `core.initContainers` | Init containers to add to the core pod. Example use case is a script that installs the APOC library | `{}` | +| `core.persistentVolume.storageClass` | Storage class of backing PVC | `standard` (uses beta storage class annotation) | +| `core.persistentVolume.size` | Size of data volume | `10Gi` | +| `core.persistentVolume.mountPath` | Persistent Volume mount root path | `/data` | +| `core.persistentVolume.subPath` | Subdirectory of the volume to mount | `nil` | +| `core.persistentVolume.annotations` | Persistent Volume Claim annotations | `{}` | +| `readReplica.numberOfServers` | Number of machines in READ_REPLICA mode | `0` | +| `readReplica.initContainers` | Init containers to add to the replica pod. Example use case is a script that installs the APOC library | `{}` | +| `resources` | Resources required (e.g. CPU, memory) | `{}` | +| `clusterDomain` | Cluster domain | `cluster.local` | The above parameters map to the env variables defined in the [Neo4j docker image](https://github.com/neo4j/docker-neo4j). diff --git a/stable/neo4j/templates/core-statefulset.yaml b/stable/neo4j/templates/core-statefulset.yaml index 0578e5418cd4..0fa56483bd2d 100644 --- a/stable/neo4j/templates/core-statefulset.yaml +++ b/stable/neo4j/templates/core-statefulset.yaml @@ -35,7 +35,7 @@ spec: - name: NEO4J_causal__clustering_discovery__type value: DNS - name: NEO4J_causal__clustering_initial__discovery__members - value: "{{ template "neo4j.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:5000" + value: "{{ template "neo4j.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:5000" {{- if .Values.authEnabled }} - name: NEO4J_SECRETS_PASSWORD valueFrom: diff --git a/stable/neo4j/templates/readreplicas-deployment.yaml b/stable/neo4j/templates/readreplicas-deployment.yaml index 96656b75c7e2..b97c4c137e53 100644 --- a/stable/neo4j/templates/readreplicas-deployment.yaml +++ b/stable/neo4j/templates/readreplicas-deployment.yaml @@ -31,7 +31,7 @@ spec: - name: NEO4J_causal__clustering_discovery__type value: DNS - name: NEO4J_causal__clustering_initial__discovery__members - value: "{{ template "neo4j.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:5000" + value: "{{ template "neo4j.fullname" . }}.{{ .Release.Namespace }}.svc.{{ .Values.clusterDomain }}:5000" {{- if .Values.authEnabled }} - name: NEO4J_SECRETS_PASSWORD valueFrom: diff --git a/stable/neo4j/values.yaml b/stable/neo4j/values.yaml index aedcfd426da1..be0681f1a800 100644 --- a/stable/neo4j/values.yaml +++ b/stable/neo4j/values.yaml @@ -22,6 +22,9 @@ authEnabled: true ## Defaults to a random 10-character alphanumeric string if not set and authEnabled is true # neo4jPassword: +# Specify cluster domain (used eg. as suffix in definition of NEO4J_causal__clustering_initial__discovery__members environment variable) +clusterDomain: "cluster.local" + # Specs for the images used for running tests against the Helm package testImage: "markhneedham/k8s-kubectl" testImageTag: "master" From c12f3433cb9505e3ef81be212afc2dac148716f0 Mon Sep 17 00:00:00 2001 From: Fabrizio Fortino Date: Wed, 19 Dec 2018 15:14:53 +0100 Subject: [PATCH 050/136] [stable/cluster-autoscaler] Add support for ServiceMonitor (prometheus operator) (#8964) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * cluster-autoscaler: add support for servicemonitor (prometheus) Signed-off-by: Fabrizio Fortino * cluster-autoscaler: bump chart version Signed-off-by: Fabrizio Fortino * cluster-autoscaler: fixed port name in service monitor Signed-off-by: Fabrizio Fortino * cluster-autoscaler: set default scrape interval for service monitor Signed-off-by: Fabrizio Fortino * autoscaler: updated servicemonitor doc links Signed-off-by: Fabrizio Fortino * cluster autoscaler: bump chart version Signed-off-by: Fabrizio Fortino * Update Chart.yaml Signed-off-by: Reinhard Nägele Signed-off-by: Melissa Palmer --- stable/cluster-autoscaler/Chart.yaml | 2 +- stable/cluster-autoscaler/README.md | 4 ++++ .../templates/servicemonitor.yaml | 23 +++++++++++++++++++ stable/cluster-autoscaler/values.yaml | 12 ++++++++++ 4 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 stable/cluster-autoscaler/templates/servicemonitor.yaml diff --git a/stable/cluster-autoscaler/Chart.yaml b/stable/cluster-autoscaler/Chart.yaml index 0a8a46341653..162254a8a64a 100644 --- a/stable/cluster-autoscaler/Chart.yaml +++ b/stable/cluster-autoscaler/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: Scales worker nodes within autoscaling groups. icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png name: cluster-autoscaler -version: 0.9.0 +version: 0.10.0 appVersion: 1.12.0 home: https://github.com/kubernetes/autoscaler sources: diff --git a/stable/cluster-autoscaler/README.md b/stable/cluster-autoscaler/README.md index 817e8a23ae35..8cf9cf36d9f0 100644 --- a/stable/cluster-autoscaler/README.md +++ b/stable/cluster-autoscaler/README.md @@ -146,6 +146,10 @@ Parameter | Description | Default `spotinst.image.tag` | Image tag (used if `cloudProvider=spotinst`) | `v0.6.0` `spotinst.image.pullPolicy` | Image pull policy (used if `cloudProvider=spotinst`) | `IfNotPresent` `tolerations` | List of node taints to tolerate (requires Kubernetes >= 1.6) | `[]` +`serviceMonitor.enabled` | if `true`, creates a Prometheus Operator ServiceMonitor | `false` +`serviceMonitor.interval` | Interval that Prometheus scrapes Cluster Autoscaler metrics | `10s` +`serviceMonitor.namespace` | Namespace which Prometheus is running in | `monitoring` +`serviceMonitor.selector` | Default to kube-prometheus install (CoreOS recommended), but should be set according to Prometheus install | `{ prometheus: kube-prometheus }` `azureClientID` | Service Principal ClientID with contributor permission to Cluster and Node ResourceGroup | none `azureClientSecret` | Service Principal ClientSecret with contributor permission to Cluster and Node ResourceGroup | none `azureSubscriptionID` | Azure subscription where the resources are located | none diff --git a/stable/cluster-autoscaler/templates/servicemonitor.yaml b/stable/cluster-autoscaler/templates/servicemonitor.yaml new file mode 100644 index 000000000000..da828dbc960a --- /dev/null +++ b/stable/cluster-autoscaler/templates/servicemonitor.yaml @@ -0,0 +1,23 @@ +{{ if .Values.serviceMonitor.enabled }} +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: {{ include "cluster-autoscaler.fullname" . }} + {{- if .Values.serviceMonitor.namespace }} + namespace: {{ .Values.serviceMonitor.namespace }} + {{- end }} + labels: + {{- range $key, $value := .Values.serviceMonitor.selector }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + selector: + matchLabels: + app: {{ template "cluster-autoscaler.name" . }} + release: {{ .Release.Name }} + endpoints: + - port: {{ .Values.service.portName }} + interval: {{ .Values.serviceMonitor.interval }} + namespaceSelector: + any: true +{{ end }} diff --git a/stable/cluster-autoscaler/values.yaml b/stable/cluster-autoscaler/values.yaml index cda075ddcaa0..5aec103f104d 100644 --- a/stable/cluster-autoscaler/values.yaml +++ b/stable/cluster-autoscaler/values.yaml @@ -131,3 +131,15 @@ spotinst: repository: spotinst/kubernetes-cluster-autoscaler tag: 0.6.0 pullPolicy: IfNotPresent + +## Are you using Prometheus Operator? +serviceMonitor: + enabled: false + interval: "10s" + # Namespace Prometheus is installed in + namespace: monitoring + ## Defaults to whats used if you follow CoreOS [Prometheus Install Instructions](https://github.com/helm/charts/tree/master/stable/prometheus-operator#tldr) + ## [Prometheus Selector Label](https://github.com/helm/charts/tree/master/stable/prometheus-operator#prometheus-operator-1) + ## [Kube Prometheus Selector Label](https://github.com/helm/charts/tree/master/stable/prometheus-operator#exporters) + selector: + prometheus: kube-prometheus From 967826d6f430c163753dc7087fc3330682f84e0f Mon Sep 17 00:00:00 2001 From: Jonathan Liuti Date: Wed, 19 Dec 2018 15:44:40 +0100 Subject: [PATCH 051/136] [stable/kubernetes-dashboard] New backend-protocol ingress-nginx annotations (#10108) * New backend-protocol ingress-nginx annotations Signed-off-by: Jonathan Liuti * Reword and move comment Signed-off-by: Jonathan Liuti * Change version not app version Signed-off-by: Jonathan Liuti Signed-off-by: Melissa Palmer --- stable/kubernetes-dashboard/Chart.yaml | 2 +- stable/kubernetes-dashboard/values.yaml | 8 +++++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/stable/kubernetes-dashboard/Chart.yaml b/stable/kubernetes-dashboard/Chart.yaml index 5fb366f59d71..2dda27f70e34 100644 --- a/stable/kubernetes-dashboard/Chart.yaml +++ b/stable/kubernetes-dashboard/Chart.yaml @@ -1,5 +1,5 @@ name: kubernetes-dashboard -version: 0.10.1 +version: 0.10.2 appVersion: 1.10.1 description: General-purpose web UI for Kubernetes clusters keywords: diff --git a/stable/kubernetes-dashboard/values.yaml b/stable/kubernetes-dashboard/values.yaml index 6b56b443236a..cb3bfeb20e73 100644 --- a/stable/kubernetes-dashboard/values.yaml +++ b/stable/kubernetes-dashboard/values.yaml @@ -80,8 +80,14 @@ ingress: ## # annotations: # kubernetes.io/ingress.class: nginx - # nginx.ingress.kubernetes.io/secure-backends: "true" # kubernetes.io/tls-acme: 'true' + ## If you plan to use TLS backend with enableInsecureLogin set to false + ## (default), you need to uncomment the below. + ## If you use ingress-nginx < 0.21.0 + # nginx.ingress.kubernetes.io/secure-backends: "true" + ## if you use ingress-nginx >= 0.21.0 + # nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" + ## Kubernetes Dashboard Ingress path ## From a6a24f404098cfe7d948513edd2f700284151259 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Wed, 19 Dec 2018 16:58:46 +0100 Subject: [PATCH 052/136] [stable/postgresql] Allows overwrite default config file using include_dir (#10133) * [stable/postgresql] Allows overwrite default config file using include_dir Signed-off-by: Carlos Rodriguez Hernandez * Remove duplicated if statement Signed-off-by: Carlos Rodriguez Hernandez * Change README wording Signed-off-by: Carlos Rodriguez Hernandez * Bump major version Signed-off-by: Carlos Rodriguez Hernandez Signed-off-by: Melissa Palmer --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 5 +++++ stable/postgresql/files/conf.d/README.md | 4 ++++ .../templates/extended-config-configmap.yaml | 13 +++++++++++++ stable/postgresql/templates/statefulset-slaves.yaml | 11 ++++++++++- stable/postgresql/templates/statefulset.yaml | 9 +++++++++ 6 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 stable/postgresql/files/conf.d/README.md create mode 100644 stable/postgresql/templates/extended-config-configmap.yaml diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 35584da96bc2..954b2add3f39 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.2.1 +version: 3.3.0 appVersion: 10.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index bb318ba33ab5..0a5d5dc55383 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -146,6 +146,11 @@ Add your custom file to "files/postgresql.conf" in your working directory. This Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. +### Allow settings to be loaded from files other than the default `postgresql.conf` + +If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. +Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + ## Initialize a fresh instance The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. diff --git a/stable/postgresql/files/conf.d/README.md b/stable/postgresql/files/conf.d/README.md new file mode 100644 index 000000000000..184c1875d575 --- /dev/null +++ b/stable/postgresql/files/conf.d/README.md @@ -0,0 +1,4 @@ +If you don't want to provide the whole configuration file and only specify certain parameters, you can copy here your extended `.conf` files. +These files will be injected as a config maps and add/overwrite the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. + +More info in the [bitnami-docker-postgresql README](https://github.com/bitnami/bitnami-docker-postgresql#configuration-file). diff --git a/stable/postgresql/templates/extended-config-configmap.yaml b/stable/postgresql/templates/extended-config-configmap.yaml new file mode 100644 index 000000000000..5c232a0c75bf --- /dev/null +++ b/stable/postgresql/templates/extended-config-configmap.yaml @@ -0,0 +1,13 @@ +{{- if (.Files.Glob "files/conf.d/*.conf") }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "postgresql.fullname" . }}-extended-configuration + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +data: +{{ (.Files.Glob "files/conf.d/*.conf").AsConfig | indent 2 }} +{{- end }} diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml index 5f5e0a9d369d..d73952f6a47d 100644 --- a/stable/postgresql/templates/statefulset-slaves.yaml +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -91,7 +91,7 @@ spec: {{- if .Values.usePasswordFile }} - name: POSTGRESQL_REPLICATION_PASSWORD_FILE value: "/opt/bitnami/postgresql/secrets/postgresql-replication-password" - {{- else }} + {{- else }} - name: POSTGRESQL_REPLICATION_PASSWORD valueFrom: secretKeyRef: @@ -152,6 +152,10 @@ spec: mountPath: /opt/bitnami/postgresql/conf/pg_hba.conf subPath: pg_hba.conf {{ end }} + {{- if (.Files.Glob "files/conf.d/*.conf") }} + - name: postgresql-extended-config + mountPath: /opt/bitnami/postgresql/conf/conf.d/ + {{- end }} volumes: {{- if .Values.usePasswordFile }} - name: postgresql-password @@ -163,6 +167,11 @@ spec: configMap: name: {{ template "postgresql.fullname" . }}-configuration {{ end }} + {{- if (.Files.Glob "files/conf.d/*.conf") }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.fullname" . }}-extended-configuration + {{- end }} updateStrategy: type: {{ .Values.updateStrategy.type }} {{- if .Values.persistence.enabled }} diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index ed567a5f88a5..cf5dfeb0c88f 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -159,6 +159,10 @@ spec: - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d {{- end }} + {{- if (.Files.Glob "files/conf.d/*.conf") }} + - name: postgresql-extended-config + mountPath: /opt/bitnami/postgresql/conf/conf.d/ + {{- end }} {{- if .Values.usePasswordFile }} - name: postgresql-password mountPath: /opt/bitnami/postgresql/secrets/ @@ -236,6 +240,11 @@ spec: configMap: name: {{ template "postgresql.fullname" . }}-configuration {{- end }} + {{- if (.Files.Glob "files/conf.d/*.conf") }} + - name: postgresql-extended-config + configMap: + name: {{ template "postgresql.fullname" . }}-extended-configuration + {{- end }} {{- if .Values.usePasswordFile }} - name: postgresql-password secret: From 06d787dc4c6b679b5acaa4308fefa3df959e7eda Mon Sep 17 00:00:00 2001 From: pasqualet Date: Wed, 19 Dec 2018 17:38:40 +0100 Subject: [PATCH 053/136] [stable/docker-registry] Add labels to ingress object (#9831) Signed-off-by: Pasquale Toscano Signed-off-by: Melissa Palmer --- stable/docker-registry/Chart.yaml | 2 +- stable/docker-registry/README.md | 3 ++- stable/docker-registry/templates/ingress.yaml | 3 +++ stable/docker-registry/values.yaml | 1 + 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/stable/docker-registry/Chart.yaml b/stable/docker-registry/Chart.yaml index 1fb641aa01f5..86016f5f53c8 100644 --- a/stable/docker-registry/Chart.yaml +++ b/stable/docker-registry/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart for Docker Registry name: docker-registry -version: 1.6.1 +version: 1.6.2 appVersion: 2.6.2 home: https://hub.docker.com/_/registry/ icon: https://hub.docker.com/public/images/logos/mini-logo.svg diff --git a/stable/docker-registry/README.md b/stable/docker-registry/README.md index d9ff0c8f0576..7615db9dde8c 100644 --- a/stable/docker-registry/README.md +++ b/stable/docker-registry/README.md @@ -65,7 +65,8 @@ their default values. | `tolerations` | pod tolerations | `[]` | | `ingress.enabled` | If true, Ingress will be created | `false` | | `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.path` | Ingress service path | `/` | +| `ingress.labels` | Ingress labels | `{}` | +| `ingress.path` | Ingress service path | `/` | | `ingress.hosts` | Ingress hostnames | `[]` | | `ingress.tls` | Ingress TLS configuration (YAML) | `[]` | diff --git a/stable/docker-registry/templates/ingress.yaml b/stable/docker-registry/templates/ingress.yaml index d5c315ef2821..6fdf784c0850 100644 --- a/stable/docker-registry/templates/ingress.yaml +++ b/stable/docker-registry/templates/ingress.yaml @@ -11,6 +11,9 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} +{{- if .Values.ingress.labels }} +{{ toYaml .Values.ingress.labels | indent 4 }} +{{- end }} annotations: {{- range $key, $value := .Values.ingress.annotations }} {{ $key }}: {{ $value | quote }} diff --git a/stable/docker-registry/values.yaml b/stable/docker-registry/values.yaml index 1931cb0de2a1..f72bd6b48bf8 100644 --- a/stable/docker-registry/values.yaml +++ b/stable/docker-registry/values.yaml @@ -34,6 +34,7 @@ ingress: annotations: # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" + labels: {} tls: # Secrets must be manually created in the namespace. # - secretName: chart-example-tls From af9e9d7c594c9d30ab63c3dc23e3ca5956ebf2e1 Mon Sep 17 00:00:00 2001 From: Chance Zibolski Date: Wed, 19 Dec 2018 09:28:41 -0800 Subject: [PATCH 054/136] Remove chancez as owner/maintainer to etcd-operator/nginx-ingress (#10110) I don't use either of these charts anymore and don't keep up with the upstream projects since I don't use them any longer. Removing myself as there are other maintainers. Signed-off-by: Chance Zibolski Signed-off-by: Melissa Palmer --- stable/etcd-operator/Chart.yaml | 4 +--- stable/etcd-operator/OWNERS | 2 -- stable/nginx-ingress/Chart.yaml | 4 +--- 3 files changed, 2 insertions(+), 8 deletions(-) diff --git a/stable/etcd-operator/Chart.yaml b/stable/etcd-operator/Chart.yaml index f8aaac923e39..bdaea5ae5fc8 100755 --- a/stable/etcd-operator/Chart.yaml +++ b/stable/etcd-operator/Chart.yaml @@ -1,15 +1,13 @@ apiVersion: v1 description: CoreOS etcd-operator Helm chart for Kubernetes name: etcd-operator -version: 0.8.2 +version: 0.8.3 appVersion: 0.9.3 home: https://github.com/coreos/etcd-operator icon: https://raw.githubusercontent.com/coreos/etcd/master/logos/etcd-horizontal-color.png sources: - https://github.com/coreos/etcd-operator maintainers: -- name: chancez - email: chance.zibolski@coreos.com - name: lachie83 email: lachlan@deis.com - name: alejandroEsc diff --git a/stable/etcd-operator/OWNERS b/stable/etcd-operator/OWNERS index e7cf8709e5dd..1385151c480e 100644 --- a/stable/etcd-operator/OWNERS +++ b/stable/etcd-operator/OWNERS @@ -1,8 +1,6 @@ approvers: - lachie83 -- chancez - alejandroEsc reviewers: - lachie83 -- chancez - alejandroEsc diff --git a/stable/nginx-ingress/Chart.yaml b/stable/nginx-ingress/Chart.yaml index fbc8f3d58f8e..2f27ceffd842 100644 --- a/stable/nginx-ingress/Chart.yaml +++ b/stable/nginx-ingress/Chart.yaml @@ -1,5 +1,5 @@ name: nginx-ingress -version: 1.1.0 +version: 1.1.1 appVersion: 0.21.0 home: https://github.com/kubernetes/ingress-nginx description: An nginx Ingress controller that uses ConfigMap to store the nginx configuration. @@ -14,6 +14,4 @@ maintainers: email: jack.zampolin@gmail.com - name: mgoodness email: mgoodness@gmail.com - - name: chancez - email: chance.zibolski@coreos.com engine: gotpl From 791c32689499402b8de4e0f0cf3d30313f1e9cdf Mon Sep 17 00:00:00 2001 From: Michael Dop Date: Wed, 19 Dec 2018 14:02:53 -0500 Subject: [PATCH 055/136] [stable/keycloak] fix readinessProbe when using empty basepath (#10089) * When the basepath is set to "" to host keycloak on keycloak.host/ instead of keycloak.host/auth the readinessProbe fails because the url is set to //realms/master Signed-off-by: Michael Dop * fixed basepath for liveness probe as well Signed-off-by: Michael Dop Signed-off-by: Melissa Palmer --- stable/keycloak/Chart.yaml | 2 +- stable/keycloak/templates/statefulset.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/keycloak/Chart.yaml b/stable/keycloak/Chart.yaml index 51e2c4260b67..ab752d7c2a86 100644 --- a/stable/keycloak/Chart.yaml +++ b/stable/keycloak/Chart.yaml @@ -1,5 +1,5 @@ name: keycloak -version: 4.0.7 +version: 4.0.8 appVersion: 4.5.0.Final description: Open Source Identity and Access Management For Modern Applications and Services keywords: diff --git a/stable/keycloak/templates/statefulset.yaml b/stable/keycloak/templates/statefulset.yaml index 11173a8a4a2c..c42cde1ab48e 100644 --- a/stable/keycloak/templates/statefulset.yaml +++ b/stable/keycloak/templates/statefulset.yaml @@ -101,13 +101,13 @@ spec: {{- end }} livenessProbe: httpGet: - path: /{{ .Values.keycloak.basepath }}/ + path: {{ if ne .Values.keycloak.basepath "" }}/{{ .Values.keycloak.basepath }}{{ end }}/ port: http initialDelaySeconds: {{ .Values.keycloak.livenessProbe.initialDelaySeconds }} timeoutSeconds: {{ .Values.keycloak.livenessProbe.timeoutSeconds }} readinessProbe: httpGet: - path: /{{ .Values.keycloak.basepath }}/realms/master + path: {{ if ne .Values.keycloak.basepath "" }}/{{ .Values.keycloak.basepath }}{{ end }}/realms/master port: http initialDelaySeconds: {{ .Values.keycloak.readinessProbe.initialDelaySeconds }} timeoutSeconds: {{ .Values.keycloak.readinessProbe.timeoutSeconds }} From 779005128a3298bd939bdf38b5bfb487e05515ac Mon Sep 17 00:00:00 2001 From: Mike Cronce Date: Wed, 19 Dec 2018 14:12:47 -0500 Subject: [PATCH 056/136] stable/unifi: Add "addSetfcap" option to give the SETFCAP capability to the Unifi container (#10143) Signed-off-by: Mike Cronce Signed-off-by: Melissa Palmer --- stable/unifi/Chart.yaml | 2 +- stable/unifi/README.md | 1 + stable/unifi/templates/deployment.yaml | 6 ++++++ stable/unifi/values.yaml | 1 + 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/unifi/Chart.yaml b/stable/unifi/Chart.yaml index a34a8bd2db6e..0d9238229804 100644 --- a/stable/unifi/Chart.yaml +++ b/stable/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.2.2 +version: 0.2.3 keywords: - ubiquiti - unifi diff --git a/stable/unifi/README.md b/stable/unifi/README.md index 5800af5f04e0..599ff38e73dc 100644 --- a/stable/unifi/README.md +++ b/stable/unifi/README.md @@ -75,6 +75,7 @@ The following tables lists the configurable parameters of the Sentry chart and t | `ingress.tls` | Ingress TLS configuration | `[]` | | `timezone` | Timezone the Unifi controller should run as, e.g. 'America/New York' | `UTC` | | `runAsRoot` | Run the controller as UID0 (root user) | `false` | +| `addSetfcap` | Give the controller container the SETFCAP capability; this is necessary when not running as root | `true` | | `mongodb.enabled` | Use external MongoDB for data storage | `false` | | `mongodb.dbUri` | external MongoDB URI | `mongodb://mongo/unifi` | | `mongodb.statDbUri` | external MongoDB statdb URI | `mongodb://mongo/unifi_stat` | diff --git a/stable/unifi/templates/deployment.yaml b/stable/unifi/templates/deployment.yaml index f631c259c0db..354859381583 100644 --- a/stable/unifi/templates/deployment.yaml +++ b/stable/unifi/templates/deployment.yaml @@ -42,6 +42,12 @@ spec: - name: stun containerPort: 3478 protocol: UDP + {{- if .Values.addSetfcap }} + securityContext: + capabilities: + add: + - SETFCAP + {{- end }} livenessProbe: httpGet: path: /status diff --git a/stable/unifi/values.yaml b/stable/unifi/values.yaml index a4def1c9dc44..51f00c899a43 100644 --- a/stable/unifi/values.yaml +++ b/stable/unifi/values.yaml @@ -109,6 +109,7 @@ ingress: timezone: UTC runAsRoot: false +addSetfcap: true # define an external mongoDB instead of using the built-in mongodb mongodb: From 9fd010900eb241aaa6a970b3eff84a83f657add2 Mon Sep 17 00:00:00 2001 From: Artur Gadelshin Date: Wed, 19 Dec 2018 23:20:04 +0300 Subject: [PATCH 057/136] update stackdriver-exporter to 0.6.0 with new options (#10142) Signed-off-by: Artur Gadelshin Signed-off-by: Melissa Palmer --- stable/stackdriver-exporter/Chart.yaml | 4 ++-- stable/stackdriver-exporter/README.md | 6 +++--- .../stackdriver-exporter/templates/deployment.yaml | 10 ++++++++++ stable/stackdriver-exporter/values.yaml | 12 +++++++++++- 4 files changed, 26 insertions(+), 6 deletions(-) diff --git a/stable/stackdriver-exporter/Chart.yaml b/stable/stackdriver-exporter/Chart.yaml index 1367f243a327..aea903722c12 100644 --- a/stable/stackdriver-exporter/Chart.yaml +++ b/stable/stackdriver-exporter/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: Stackdriver exporter for Prometheus name: stackdriver-exporter -version: 0.0.4 -appVersion: 0.5.1 +version: 0.0.5 +appVersion: 0.6.0 home: https://www.stackdriver.com/ sources: - https://github.com/frodenas/stackdriver_exporter/releases diff --git a/stable/stackdriver-exporter/README.md b/stable/stackdriver-exporter/README.md index 016f868038ef..a8b24d1a05b4 100644 --- a/stable/stackdriver-exporter/README.md +++ b/stable/stackdriver-exporter/README.md @@ -60,8 +60,8 @@ Parameter | Description | Def ----------------------------------- | ------------------------------------ | -------------------------------- `replicaCount` | Desired number of pods | `1` `restartPolicy` | Container restart policy | `Always` -`image.repository` | Container image repository | `justwatch/stackdriver_exporter` -`image.tag` | Container image tag | `1.0.2` +`image.repository` | Container image repository | `frodenas/stackdriver-exporter` +`image.tag` | Container image tag | `v0.6.0` `image.pullPolicy` | Container image pull policy | `IfNotPresent` `resources` | Resource requests & limits | `{}` `service.type` | Type of service to create | `ClusterIP` @@ -72,7 +72,7 @@ Parameter | Description | Def `stackdriver.metrics.offset` | Offset (into the past) to request | `0s` `web.listenAddress` | Port to listen on | `9255` `web.path` | Path under which to expose metrics | `/metrics` -`annoations` | Deployment annotations | `{}` +`annotations` | Deployment annotations | `{}` Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/stackdriver-exporter/templates/deployment.yaml b/stable/stackdriver-exporter/templates/deployment.yaml index 5c359dc764de..c59e6d0732df 100644 --- a/stable/stackdriver-exporter/templates/deployment.yaml +++ b/stable/stackdriver-exporter/templates/deployment.yaml @@ -47,6 +47,16 @@ spec: value: {{ .Values.web.listenAddress | quote }} - name: STACKDRIVER_EXPORTER_WEB_TELEMETRY_PATH value: {{ .Values.web.path | quote }} + - name: STACKDRIVER_EXPORTER_MAX_RETRIES + value: {{ .Values.maxRetries | quote }} + - name: STACKDRIVER_EXPORTER_HTTP_TIMEOUT + value: {{ .Values.httpTimeout | quote }} + - name: STACKDRIVER_EXPORTER_MAX_BACKOFF_DURATION + value: {{ .Values.maxBackoff | quote }} + - name: STACKDRIVER_EXPORTER_BACKODFF_JITTER_BASE + value: {{ .Values.backoffJitter | quote }} + - name: STACKDRIVER_EXPORTER_RETRY_STATUSES + value: {{ .Values.retryStatuses | quote}} resources: {{ toYaml .Values.resources | indent 12 }} ports: diff --git a/stable/stackdriver-exporter/values.yaml b/stable/stackdriver-exporter/values.yaml index 9e75bd3a0615..07cc92eeebed 100644 --- a/stable/stackdriver-exporter/values.yaml +++ b/stable/stackdriver-exporter/values.yaml @@ -6,7 +6,7 @@ restartPolicy: Always image: repository: frodenas/stackdriver-exporter - tag: v0.5.1 + tag: v0.6.0 pullPolicy: IfNotPresent resources: {} @@ -25,6 +25,16 @@ service: stackdriver: # The Google Project ID to gather metrics for projectId: "FALSE" + # Max number of retries that should be attempted on 503 errors from stackdriver + maxRetries: 0 + # How long should stackdriver_exporter wait for a result from the Stackdriver API + httpTimeout: 10s + # Max time between each request in an exp backoff scenario + maxBackoff: 5s + # The amount of jitter to introduce in a exp backoff scenario + backoffJitter: 1s + # The HTTP statuses that should trigger a retry + retryStatuses: 503 metrics: # The prefixes to gather metrics for, we default to just CPU metrics. typePrefixes: 'compute.googleapis.com/instance/cpu' From f65eb0672dba6c453dcda01aa5b298e059f68088 Mon Sep 17 00:00:00 2001 From: materemias Date: Wed, 19 Dec 2018 21:30:11 +0100 Subject: [PATCH 058/136] [stable/external-dns] add an option to enable Cloudflare proxy (DDOS protection, CDN...) (#10141) * add proxied option for cloudflare Signed-off-by: Mate Remias * add cloudflare.proxied to values with default true Signed-off-by: Mate Remias * added description in readme Signed-off-by: Mate Remias * bumped version Signed-off-by: Mate Remias * bumped version Signed-off-by: Mate Remias Signed-off-by: Melissa Palmer --- stable/external-dns/Chart.yaml | 2 +- stable/external-dns/README.md | 1 + stable/external-dns/templates/deployment.yaml | 3 +++ stable/external-dns/values.yaml | 1 + 4 files changed, 6 insertions(+), 1 deletion(-) diff --git a/stable/external-dns/Chart.yaml b/stable/external-dns/Chart.yaml index d3f857958cd9..7ad452c296a9 100644 --- a/stable/external-dns/Chart.yaml +++ b/stable/external-dns/Chart.yaml @@ -3,7 +3,7 @@ description: Configure external DNS servers (AWS Route53, Google CloudDNS and others) for Kubernetes Ingresses and Services name: external-dns -version: 1.2.0 +version: 1.3.0 appVersion: 0.5.9 home: https://github.com/kubernetes-incubator/external-dns sources: diff --git a/stable/external-dns/README.md b/stable/external-dns/README.md index 86b0e6a4eadf..e928c81d0d91 100644 --- a/stable/external-dns/README.md +++ b/stable/external-dns/README.md @@ -35,6 +35,7 @@ The following table lists the configurable parameters of the external-dns chart | `azure.secretName` | Set the secret created for the SP for azure, should contain an azure.json file | `""` | | `cloudflare.apiKey` | `CF_API_KEY` to set in the environment (optional). | `""` | | `cloudflare.email` | `CF_API_EMAIL` to set in the environment (optional). | `""` | +| `cloudflare.proxied` | enable the proxy feature of Cloudflare (DDOS protection, CDN...) (optional). | `true` | | `domainFilters` | Limit possible target zones by domain suffixes (optional). | `[]` | | `extraArgs` | Optional object of extra args, as `name`: `value` pairs. Where the name is the command line arg to external-dns. | `{}` | | `extraEnv` | Optional array of extra environment variables. Supply a `name` property and either `value` of `valueFrom` for each. | `[]` | diff --git a/stable/external-dns/templates/deployment.yaml b/stable/external-dns/templates/deployment.yaml index 61a46786c59f..7e5a64be50d0 100755 --- a/stable/external-dns/templates/deployment.yaml +++ b/stable/external-dns/templates/deployment.yaml @@ -61,6 +61,9 @@ spec: - --{{ $key }} {{- end }} {{- end }} + {{- if .Values.cloudflare.proxied }} + - --cloudflare-proxied + {{- end }} {{- if .Values.aws.zoneType }} - --aws-zone-type={{ .Values.aws.zoneType }} {{- end }} diff --git a/stable/external-dns/values.yaml b/stable/external-dns/values.yaml index 86c08b90aa79..825a34162a59 100644 --- a/stable/external-dns/values.yaml +++ b/stable/external-dns/values.yaml @@ -36,6 +36,7 @@ azure: cloudflare: apiKey: "" email: "" + proxied: true # When using the Google provider, specify the Google project (required when provider=google) google: project: "" From 632e17b694d6dfed6d9fa45dbb0958907b59f1f4 Mon Sep 17 00:00:00 2001 From: Josh Dolitsky Date: Wed, 19 Dec 2018 15:10:46 -0600 Subject: [PATCH 059/136] [stable/chartmuseum] fix permission denied for persistent volume with app version 0.8.0 (#10082) * [stable/chartmuseum] fix volume permissions Signed-off-by: Josh Dolitsky * [stable/chartmuseum] update chart metadata Signed-off-by: Josh Dolitsky * [stable/chartmuseum] remove unneeded runAsUser Signed-off-by: Josh Dolitsky Signed-off-by: Melissa Palmer --- stable/chartmuseum/Chart.yaml | 8 ++++---- stable/chartmuseum/README.md | 8 +++++++- stable/chartmuseum/values.yaml | 7 ++++++- 3 files changed, 17 insertions(+), 6 deletions(-) diff --git a/stable/chartmuseum/Chart.yaml b/stable/chartmuseum/Chart.yaml index 24a7dc2aa4e9..41278a619c87 100644 --- a/stable/chartmuseum/Chart.yaml +++ b/stable/chartmuseum/Chart.yaml @@ -1,10 +1,10 @@ apiVersion: v1 -description: Helm Chart Repository with support for Amazon S3 and Google Cloud Storage +description: Host your own Helm Chart Repository name: chartmuseum -version: 1.8.0 +version: 1.8.1 appVersion: 0.8.0 -home: https://github.com/chartmuseum/chartmuseum -icon: https://raw.githubusercontent.com/chartmuseum/chartmuseum/master/logo.png +home: https://github.com/helm/chartmuseum +icon: https://raw.githubusercontent.com/helm/chartmuseum/master/logo2.png keywords: - chartmuseum - helm diff --git a/stable/chartmuseum/README.md b/stable/chartmuseum/README.md index 3f4175510e22..7383ecb14883 100644 --- a/stable/chartmuseum/README.md +++ b/stable/chartmuseum/README.md @@ -39,6 +39,12 @@ By default this chart will not have persistent storage, and the API service will be *DISABLED*. This protects against unauthorized access to the API with default configuration values. +In addition, by default, pod `securityContext.fsGroup` is set to `1000`. This +is the user/group that the ChartMuseum container runs as, and is used to +enable local persitant storage. If your cluster has DenySecurityContext enabled, +you can set `securityContext` to `{}` and still use this chart with one of +the cloud storage options. + For a more robust solution supply helm install with a custom values.yaml You are also required to create the StorageClass resource ahead of time: ``` @@ -72,7 +78,7 @@ their default values. See values.yaml for all available options. | `resources.requests.memory` | Container requested memory | `64Mi` | | `serviceAccount.create` | If true, create the service account | `false` | | `serviceAccount.name` | Name of the serviceAccount to create or use | `{{ chartmuseum.fullname }}` | -| `securityContext` | Map of securityContext for the pod | `{}` | +| `securityContext` | Map of securityContext for the pod | `{ fsGroup: 1000 }` | | `nodeSelector` | Map of node labels for pod assignment | `{}` | | `tolerations` | List of node taints to tolerate | `[]` | | `affinity` | Map of node/pod affinities | `{}` | diff --git a/stable/chartmuseum/values.yaml b/stable/chartmuseum/values.yaml index 59efcc4a947f..50cd65fd5443 100644 --- a/stable/chartmuseum/values.yaml +++ b/stable/chartmuseum/values.yaml @@ -137,7 +137,12 @@ serviceAccount: create: false # name: -securityContext: {} +# UID/GID 1000 is the default user "chartmuseum" used in +# the container image starting in v0.8.0 and above. This +# is required for local persistant storage. If your cluster +# does not allow this, try setting securityContext: {} +securityContext: + fsGroup: 1000 nodeSelector: {} From f25bc91510570302fe13c5293acacb43d2853e0a Mon Sep 17 00:00:00 2001 From: Boris Kurktchiev Date: Wed, 19 Dec 2018 19:49:42 -0500 Subject: [PATCH 060/136] [mssql] fix typo in headless service (#10149) * fix typo Signed-off-by: Boris Kurktchiev * bump version Signed-off-by: Boris Kurktchiev Signed-off-by: Melissa Palmer --- stable/mssql-linux/Chart.yaml | 2 +- stable/mssql-linux/templates/service.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/mssql-linux/Chart.yaml b/stable/mssql-linux/Chart.yaml index 7c31a0343ab6..c9d522d24c4b 100644 --- a/stable/mssql-linux/Chart.yaml +++ b/stable/mssql-linux/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: SQL Server 2017 Linux Helm Chart name: mssql-linux -version: 0.6.4 +version: 0.6.5 appVersion: 14.0.3023.8 home: https://hub.docker.com/r/microsoft/mssql-server-linux/ icon: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1I4Dx diff --git a/stable/mssql-linux/templates/service.yaml b/stable/mssql-linux/templates/service.yaml index a00c1d366092..017f1936aa1b 100644 --- a/stable/mssql-linux/templates/service.yaml +++ b/stable/mssql-linux/templates/service.yaml @@ -13,7 +13,7 @@ metadata: {{- end }} spec: {{- if .Values.service.headless }} - type: clusterIP + type: ClusterIP clusterIP: None {{- else }} type: {{ .Values.service.type }} From 76bc2ea1c098c31ac0aab8bcd8dd044ce30708df Mon Sep 17 00:00:00 2001 From: Steven Sheehy Date: Wed, 19 Dec 2018 19:49:42 -0600 Subject: [PATCH 061/136] [stable/prometheus-adapter] readOnlyFileSystem (#10042) Signed-off-by: Steven Sheehy Signed-off-by: Melissa Palmer --- stable/prometheus-adapter/Chart.yaml | 2 +- .../templates/custom-metrics-apiserver-deployment.yaml | 10 +++++++--- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/stable/prometheus-adapter/Chart.yaml b/stable/prometheus-adapter/Chart.yaml index ae1090b8a9a4..8ad9569d9383 100644 --- a/stable/prometheus-adapter/Chart.yaml +++ b/stable/prometheus-adapter/Chart.yaml @@ -1,5 +1,5 @@ name: prometheus-adapter -version: v0.2.2 +version: v0.2.3 appVersion: v0.4.1 description: A Helm chart for k8s prometheus adapter home: https://github.com/DirectXMan12/k8s-prometheus-adapter diff --git a/stable/prometheus-adapter/templates/custom-metrics-apiserver-deployment.yaml b/stable/prometheus-adapter/templates/custom-metrics-apiserver-deployment.yaml index f4df30b57ed5..26aaed9e0e24 100644 --- a/stable/prometheus-adapter/templates/custom-metrics-apiserver-deployment.yaml +++ b/stable/prometheus-adapter/templates/custom-metrics-apiserver-deployment.yaml @@ -28,7 +28,6 @@ spec: allowPrivilegeEscalation: false capabilities: drop: ["all"] - readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 10001 serviceAccountName: {{ template "k8s-prometheus-adapter.serviceAccountName" . }} @@ -42,9 +41,8 @@ spec: {{- if .Values.tls.enable }} - --tls-cert-file=/var/run/serving-cert/tls.crt - --tls-private-key-file=/var/run/serving-cert/tls.key -{{- else }} - - --cert-dir=/tmp/cert {{- end }} + - --cert-dir=/tmp/cert - --logtostderr=true - --prometheus-url={{ .Values.prometheus.url }}:{{ .Values.prometheus.port }} - --metrics-relist-interval={{ .Values.metricsRelistInterval }} @@ -69,10 +67,14 @@ spec: resources: {{ toYaml .Values.resources | indent 10 }} {{- end }} + securityContext: + readOnlyRootFilesystem: true volumeMounts: - mountPath: /etc/adapter/ name: config readOnly: true + - mountPath: /tmp + name: tmp {{- if .Values.tls.enable }} - mountPath: /var/run/serving-cert name: volume-serving-cert @@ -94,6 +96,8 @@ spec: - name: config configMap: name: {{ template "k8s-prometheus-adapter.fullname" . }} + - name: tmp + emptyDir: {} {{- if .Values.tls.enable }} - name: volume-serving-cert secret: From 4a8f1acdbba7c2b8eec9ceaa2ebf8bd57d6a6744 Mon Sep 17 00:00:00 2001 From: Prateek Pandey Date: Thu, 20 Dec 2018 07:28:06 +0530 Subject: [PATCH 062/136] [stable/openebs] update maya-apiserver labels (#10120) Update maya-apiserver labels Update openebs logo in Charts.yaml Signed-off-by: prateekpandey14 Signed-off-by: Melissa Palmer --- stable/openebs/Chart.yaml | 4 ++-- stable/openebs/templates/deployment-maya-apiserver.yaml | 1 + 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/stable/openebs/Chart.yaml b/stable/openebs/Chart.yaml index 0899a7a9b1a0..759ca853a31b 100644 --- a/stable/openebs/Chart.yaml +++ b/stable/openebs/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v1 -version: 0.8.0 +version: 0.8.1 name: openebs appVersion: 0.8.0 description: Containerized Storage for Containers -icon: https://raw.githubusercontent.com/openebs/chitrakala/master/OpenEBS%20logo/openebs%20logos-03.png +icon: https://raw.githubusercontent.com/openebs/chitrakala/master/OpenEBS%20logo/logo-square.png home: http://www.openebs.io/ keywords: - cloud-native-storage diff --git a/stable/openebs/templates/deployment-maya-apiserver.yaml b/stable/openebs/templates/deployment-maya-apiserver.yaml index 925090eaff5f..c7c6992e9394 100644 --- a/stable/openebs/templates/deployment-maya-apiserver.yaml +++ b/stable/openebs/templates/deployment-maya-apiserver.yaml @@ -8,6 +8,7 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} component: apiserver + name: maya-apiserver spec: replicas: {{ .Values.apiserver.replicas }} selector: From 75c9249b966f4c63ceea319b5a817f03988daa72 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Thu, 20 Dec 2018 03:12:21 +0100 Subject: [PATCH 063/136] bump mm-te to 5.6.1 (#10150) Signed-off-by: cpanato Signed-off-by: Melissa Palmer --- stable/mattermost-team-edition/Chart.yaml | 4 ++-- stable/mattermost-team-edition/README.md | 4 ++-- stable/mattermost-team-edition/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/mattermost-team-edition/Chart.yaml b/stable/mattermost-team-edition/Chart.yaml index 0bd1fb7bfd0f..8531cb3ea86f 100644 --- a/stable/mattermost-team-edition/Chart.yaml +++ b/stable/mattermost-team-edition/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: Mattermost Team Edition server. name: mattermost-team-edition -version: 2.1.0 -appVersion: 5.6.0 +version: 2.1.1 +appVersion: 5.6.1 keywords: - mattermost - communication diff --git a/stable/mattermost-team-edition/README.md b/stable/mattermost-team-edition/README.md index ddec24b4c936..b56a716ebe3e 100644 --- a/stable/mattermost-team-edition/README.md +++ b/stable/mattermost-team-edition/README.md @@ -46,7 +46,7 @@ The following table lists the configurable parameters of the Mattermost Team Edi Parameter | Description | Default --- | --- | --- `image.repository` | container image repository | `mattermost/mattermost-team-edition` -`image.tag` | container image tag | `5.6.0` +`image.tag` | container image tag | `5.6.1` `image.imagePullPolicy` | container image pull policy | `IfNotPresent` `initContainerImage.repository` | init container image repository | `appropriate/curl` `initContainerImage.tag` | init container image tag | `latest` @@ -78,7 +78,7 @@ Specify each parameter using the `--set key=value[,key=value]` argument to `helm ```bash $ helm install --name my-release \ - --set image.tag=5.5.0 \ + --set image.tag=5.6.1 \ --set mysql.mysqlUser=sampleUser \ --set mysql.mysqlPassword=samplePassword \ stable/mattermost-team-edition diff --git a/stable/mattermost-team-edition/values.yaml b/stable/mattermost-team-edition/values.yaml index 3fdc33db4231..19849e37df34 100644 --- a/stable/mattermost-team-edition/values.yaml +++ b/stable/mattermost-team-edition/values.yaml @@ -3,7 +3,7 @@ # Declare variables to be passed into your templates. image: repository: mattermost/mattermost-team-edition - tag: 5.6.0 + tag: 5.6.1 imagePullPolicy: IfNotPresent initContainerImage: From 8369cc46420566516b98114b08aba6938292a723 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Thu, 20 Dec 2018 09:15:18 +0100 Subject: [PATCH 064/136] [stable/magento] Update Readme with information about PVCs (#10153) Signed-off-by: Javier J. Salmeron Garcia Signed-off-by: Melissa Palmer --- stable/magento/Chart.yaml | 2 +- stable/magento/README.md | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/stable/magento/Chart.yaml b/stable/magento/Chart.yaml index e751304e3b7b..7a4001a05757 100644 --- a/stable/magento/Chart.yaml +++ b/stable/magento/Chart.yaml @@ -1,5 +1,5 @@ name: magento -version: 4.1.2 +version: 4.1.3 appVersion: 2.3.0 description: A feature-rich flexible e-commerce solution. It includes transaction options, multi-store functionality, loyalty programs, product categorization and shopper filtering, promotion rules, and more. keywords: diff --git a/stable/magento/README.md b/stable/magento/README.md index 2a264c75ad89..d917a9c752d1 100644 --- a/stable/magento/README.md +++ b/stable/magento/README.md @@ -151,8 +151,7 @@ $ helm install --name my-release -f values.yaml stable/magento The [Bitnami Magento](https://github.com/bitnami/bitnami-docker-magento) image stores the Magento data and configurations at the `/bitnami/magento` and `/bitnami/apache` paths of the container. -Persistent Volume Claims are used to keep the data across deployments. This is known to work in GCE, AWS, and minikube. -See the [Configuration](#configuration) section to configure the PVC or to disable persistence. + Persistent Volume Claims are used to keep the data across deployments. There is a [known issue](https://github.com/kubernetes/kubernetes/issues/39178) in Kubernetes Clusters with EBS in different availability zones. Ensure your cluster is configured properly to create Volumes in the same availability zone where the nodes are running. Kuberentes 1.12 solved this issue with the [Volume Binding Mode](https://kubernetes.io/docs/concepts/storage/storage-classes/#volume-binding-mode). ## Upgrading From 76bdb5ca3df87dfcf6da5c1508c421aa4b042ab5 Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Thu, 20 Dec 2018 09:29:38 +0100 Subject: [PATCH 065/136] [stable/postgresql] Allow enabling/disabling volume-permissions Init container (#10130) * [stable/postgresql] Allow enabling/disabling volume-permissions Init container Signed-off-by: juan131 * Simpler condition to enable initContainers Signed-off-by: juan131 * Rebase from master and bump version Signed-off-by: juan131 Signed-off-by: Melissa Palmer --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 149 +++++++++--------- .../templates/statefulset-slaves.yaml | 4 +- stable/postgresql/templates/statefulset.yaml | 4 +- stable/postgresql/values-production.yaml | 6 + stable/postgresql/values.yaml | 6 + 6 files changed, 92 insertions(+), 79 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 954b2add3f39..cc88732644c8 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.3.0 +version: 3.4.0 appVersion: 10.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index 0a5d5dc55383..c72ba1945b68 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -45,80 +45,81 @@ The command removes all the Kubernetes components associated with the chart and The following tables lists the configurable parameters of the PostgreSQL chart and their default values. -| Parameter | Description | Default | -|-----------------------------------------------|------------------------------------------------------|---------------------------------------------------------- | -| `global.imageRegistry` | Global Docker Image registry | `nil` | -| `image.registry` | PostgreSQL Image registry | `docker.io` | -| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | -| `image.tag` | PostgreSQL Image tag | `{VERSION}` | -| `image.pullPolicy` | PostgreSQL Image pull policy | `Always` | -| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug values should be set | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `latest` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | -| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | -| `replication.enabled` | Would you like to enable replication | `false` | -| `replication.user` | Replication user | `repl_user` | -| `replication.password` | Replication user password | `repl_password` | -| `replication.slaveReplicas` | Number of slaves replicas | `1` | -| `existingSecret` | Name of existing secret to use for PostgreSQL passwords | `nil` | -| `postgresqlUsername` | PostgreSQL admin user | `postgres` | -| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | -| `postgresqlDatabase` | PostgreSQL database | `nil` | -| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | -| `pgHbaConfiguration` | Content of pg\_hba.conf | `nil (do not create pg_hba.conf)` | -| `initdbScripts` | List of initdb scripts | `nil` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | PostgreSQL port | `5432` | -| `service.nodePort` | Kubernetes Service nodePort | `nil` | -| `service.annotations` | Annotations for PostgreSQL service | {} | -| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` | `nil` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | -| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | -| `persistence.accessMode` | PVC Access Mode for PostgreSQL volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | -| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | -| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | -| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | -| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | -| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | -| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | -| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `livenessProbe.enabled` | Would you like a livessProbed to be enabled | `true` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | -| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | -| `metrics.enabled` | Start a prometheus exporter | `false` | -| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | -| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{}` | -| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | -| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` | -| `metrics.image.repository` | PostgreSQL Image name | `wrouesnel/postgres_exporter` | -| `metrics.image.tag` | PostgreSQL Image tag | `{VERSION}` | -| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `extraEnv` | Any extra environment variables you would like to pass on to the pod | `{}` | -| `updateStrategy` | Update strategy policy | `{type: "onDelete"}` | +| Parameter | Description | Default | +|-----------------------------------------------|---------------------------------------------------------|--------------------------------------------------------- | +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `image.registry` | PostgreSQL Image registry | `docker.io` | +| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | +| `image.tag` | PostgreSQL Image tag | `{VERSION}` | +| `image.pullPolicy` | PostgreSQL Image pull policy | `Always` | +| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug values should be set | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `latest` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.enabled` | Enable init container | `true` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | +| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | +| `replication.enabled` | Would you like to enable replication | `false` | +| `replication.user` | Replication user | `repl_user` | +| `replication.password` | Replication user password | `repl_password` | +| `replication.slaveReplicas` | Number of slaves replicas | `1` | +| `existingSecret` | Name of existing secret to use for PostgreSQL passwords | `nil` | +| `postgresqlUsername` | PostgreSQL admin user | `postgres` | +| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | +| `postgresqlDatabase` | PostgreSQL database | `nil` | +| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | +| `pgHbaConfiguration` | Content of pg\_hba.conf | `nil (do not create pg_hba.conf)` | +| `initdbScripts` | List of initdb scripts | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | PostgreSQL port | `5432` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.annotations` | Annotations for PostgreSQL service | {} | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | +| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | +| `persistence.accessMode` | PVC Access Mode for PostgreSQL volume | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `master.nodeSelector` | Node labels for pod assignment (master nodes) | `{}` | +| `master.affinity` | Affinity labels for pod assignment (master nodes) | `{}` | +| `master.tolerations` | Toleration labels for pod assignment (master nodes) | `[]` | +| `slave.nodeSelector` | Node labels for pod assignment (slave nodes) | `{}` | +| `slave.affinity` | Affinity labels for pod assignment (slave nodes) | `{}` | +| `slave.tolerations` | Toleration labels for pod assignment (slave nodes) | `[]` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `livenessProbe.enabled` | Would you like a livessProbed to be enabled | `true` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `6` | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | `1` | +| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `6` | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | `1` | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{}` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | +| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Image name | `wrouesnel/postgres_exporter` | +| `metrics.image.tag` | PostgreSQL Image tag | `{VERSION}` | +| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `extraEnv` | Any extra environment variables you would like to pass on to the pod | `{}` | +| `updateStrategy` | Update strategy policy | `{type: "onDelete"}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml index d73952f6a47d..77e01542078b 100644 --- a/stable/postgresql/templates/statefulset-slaves.yaml +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -52,7 +52,7 @@ spec: {{- if .Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- end }} - {{- if and .Values.persistence.enabled .Values.securityContext.enabled}} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} initContainers: - name: init-chmod-data image: {{ template "postgresql.volumePermissions.image" . }} @@ -70,7 +70,7 @@ spec: volumeMounts: - name: data mountPath: /bitnami/postgresql - {{ end }} + {{- end }} containers: - name: {{ template "postgresql.fullname" . }} image: {{ template "postgresql.image" . }} diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index cf5dfeb0c88f..d7291f083ed6 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -56,7 +56,7 @@ spec: {{- if .Values.terminationGracePeriodSeconds }} terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} {{- end }} - {{- if and .Values.persistence.enabled .Values.securityContext.enabled}} + {{- if and .Values.volumePermissions.enabled .Values.persistence.enabled }} initContainers: - name: init-chmod-data image: {{ template "postgresql.volumePermissions.image" . }} @@ -74,7 +74,7 @@ spec: volumeMounts: - name: data mountPath: /bitnami/postgresql - {{ end }} + {{- end }} containers: - name: {{ template "postgresql.fullname" . }} image: {{ template "postgresql.image" . }} diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index 492ff594bd7d..6ec8cb4226fa 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -34,11 +34,17 @@ image: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup ## volumePermissions: + enabled: true image: registry: docker.io repository: bitnami/minideb tag: latest + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## pullPolicy: Always + ## Init container Security Context securityContext: runAsUser: 0 diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index 3e384f3a92e8..aaba4d6e8a13 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -34,11 +34,17 @@ image: ## volumePermissions: Change the owner of the persist volume mountpoint to RunAsUser:fsGroup ## volumePermissions: + enabled: true image: registry: docker.io repository: bitnami/minideb tag: latest + ## Specify a imagePullPolicy + ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' + ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images + ## pullPolicy: Always + ## Init container Security Context securityContext: runAsUser: 0 From ba31fc03e525a2661303119ce5d32c77ca952dd1 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Thu, 20 Dec 2018 09:42:23 +0100 Subject: [PATCH 066/136] [stable/wordpress] Release 5.0.2 (#10154) * wordpress: update to `5.0.2` Signed-off-by: Bitnami Containers * wordpress: updated chart requirements Signed-off-by: Bitnami Containers * wordpress: bump chart appVersion to `5.0.2` Signed-off-by: Bitnami Containers * wordpress: bump chart version to `5.0.2` Signed-off-by: Bitnami Containers Signed-off-by: Melissa Palmer --- stable/wordpress/Chart.yaml | 4 ++-- stable/wordpress/requirements.lock | 4 ++-- stable/wordpress/values-production.yaml | 2 +- stable/wordpress/values.yaml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/wordpress/Chart.yaml b/stable/wordpress/Chart.yaml index 2806bdb75f07..083b9c494d8b 100644 --- a/stable/wordpress/Chart.yaml +++ b/stable/wordpress/Chart.yaml @@ -1,6 +1,6 @@ name: wordpress -version: 5.0.1 -appVersion: 5.0.1 +version: 5.0.2 +appVersion: 5.0.2 description: Web publishing platform for building blogs and websites. icon: https://bitnami.com/assets/stacks/wordpress/img/wordpress-stack-220x234.png keywords: diff --git a/stable/wordpress/requirements.lock b/stable/wordpress/requirements.lock index 1990b4c1cd62..0a0e9b2ddd64 100644 --- a/stable/wordpress/requirements.lock +++ b/stable/wordpress/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 5.2.3 + version: 5.2.5 digest: sha256:5c711356a05ffeaffafba333092229eadc8ba3cc377b56861988517ac77b7609 -generated: 2018-12-07T17:11:47.867676353Z +generated: 2018-12-20T02:17:40.600689797Z diff --git a/stable/wordpress/values-production.yaml b/stable/wordpress/values-production.yaml index a8f0465cbee6..26729efbac11 100644 --- a/stable/wordpress/values-production.yaml +++ b/stable/wordpress/values-production.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/wordpress - tag: 5.0.1 + tag: 5.0.2 pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. diff --git a/stable/wordpress/values.yaml b/stable/wordpress/values.yaml index f138764960db..3ff5f3e1b467 100644 --- a/stable/wordpress/values.yaml +++ b/stable/wordpress/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/wordpress - tag: 5.0.1 + tag: 5.0.2 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 52c8b5dcaba2fddf54ad2556bcbe560a0c55b3fb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Carlos=20Rodr=C3=ADguez=20Hern=C3=A1ndez?= Date: Thu, 20 Dec 2018 11:03:36 +0100 Subject: [PATCH 067/136] [stable/redmine] Release 7.0.2 (#10162) Signed-off-by: Carlos Rodriguez Hernandez Signed-off-by: Melissa Palmer --- stable/redmine/Chart.yaml | 4 ++-- stable/redmine/requirements.lock | 4 ++-- stable/redmine/values.yaml | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/redmine/Chart.yaml b/stable/redmine/Chart.yaml index 9f67147deeb6..204f15fc2f1f 100644 --- a/stable/redmine/Chart.yaml +++ b/stable/redmine/Chart.yaml @@ -1,6 +1,6 @@ name: redmine -version: 7.0.1 -appVersion: 3.4.7 +version: 8.0.0 +appVersion: 4.0.0 description: A flexible project management web application. keywords: - redmine diff --git a/stable/redmine/requirements.lock b/stable/redmine/requirements.lock index 1f2272f38003..dd72317e0038 100644 --- a/stable/redmine/requirements.lock +++ b/stable/redmine/requirements.lock @@ -1,9 +1,9 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 5.2.3 + version: 5.2.4 - name: postgresql repository: https://kubernetes-charts.storage.googleapis.com/ version: 2.7.10 digest: sha256:0634de3cb0459ae2959df51ccac306fff4ae4618410bf6fae996ab085dbad62f -generated: 2018-12-09T14:22:09.630276785Z +generated: 2018-12-19T08:53:19.871425097Z diff --git a/stable/redmine/values.yaml b/stable/redmine/values.yaml index 53fef24554c5..708f8b6c918a 100644 --- a/stable/redmine/values.yaml +++ b/stable/redmine/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/redmine - tag: 3.4.7 + tag: 4.0.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 9feba33a28e0216fc03b1f8d6ec293ae5e029d59 Mon Sep 17 00:00:00 2001 From: Fabrizio Fortino Date: Thu, 20 Dec 2018 11:18:14 +0100 Subject: [PATCH 068/136] [stable/cluster-autoscaler] update to version 1.13.1 (#10159) Signed-off-by: Fabrizio Fortino Signed-off-by: Melissa Palmer --- stable/cluster-autoscaler/Chart.yaml | 4 ++-- stable/cluster-autoscaler/README.md | 2 +- stable/cluster-autoscaler/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/cluster-autoscaler/Chart.yaml b/stable/cluster-autoscaler/Chart.yaml index 162254a8a64a..8fe4e7e14d9a 100644 --- a/stable/cluster-autoscaler/Chart.yaml +++ b/stable/cluster-autoscaler/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v1 description: Scales worker nodes within autoscaling groups. icon: https://github.com/kubernetes/kubernetes/blob/master/logo/logo.png name: cluster-autoscaler -version: 0.10.0 -appVersion: 1.12.0 +version: 0.11.0 +appVersion: 1.13.1 home: https://github.com/kubernetes/autoscaler sources: - https://github.com/kubernetes/autoscaler/tree/master/cluster-autoscaler diff --git a/stable/cluster-autoscaler/README.md b/stable/cluster-autoscaler/README.md index 8cf9cf36d9f0..edc49dca9294 100644 --- a/stable/cluster-autoscaler/README.md +++ b/stable/cluster-autoscaler/README.md @@ -119,7 +119,7 @@ Parameter | Description | Default `sslCertPath` | Path on the host where ssl ca cert exists | `/etc/ssl/certs/ca-certificates.crt` `cloudProvider` | `aws` or `spotinst` are currently supported for AWS. `gce` for GCE. `azure` for Azure AKS | `aws` `image.repository` | Image | `k8s.gcr.io/cluster-autoscaler` -`image.tag` | Image tag | `v1.2.0` +`image.tag` | Image tag | `v1.13.1` `image.pullPolicy` | Image pull policy | `IfNotPresent` `extraArgs` | additional container arguments | `{}` `podDisruptionBudget` | Pod disruption budget | `maxUnavailable: 1` diff --git a/stable/cluster-autoscaler/values.yaml b/stable/cluster-autoscaler/values.yaml index 5aec103f104d..77995348db99 100644 --- a/stable/cluster-autoscaler/values.yaml +++ b/stable/cluster-autoscaler/values.yaml @@ -47,7 +47,7 @@ cloudConfigPath: /etc/gce.conf image: repository: k8s.gcr.io/cluster-autoscaler - tag: v1.12.0 + tag: v1.13.1 pullPolicy: IfNotPresent tolerations: [] From 07ee040d15d307210d655c76e1210b78bf5cbb30 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maria=20Ni=C8=9B=C4=83?= Date: Thu, 20 Dec 2018 11:30:45 +0100 Subject: [PATCH 069/136] [prometheus-node-exporter] - Bump app version to 0.17.0 ADDENDUM (#10125) Signed-off-by: Maria Nita Signed-off-by: Melissa Palmer --- stable/prometheus-node-exporter/Chart.yaml | 2 +- stable/prometheus-node-exporter/values.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/prometheus-node-exporter/Chart.yaml b/stable/prometheus-node-exporter/Chart.yaml index 478aba49cfe4..d2bd0ab44056 100644 --- a/stable/prometheus-node-exporter/Chart.yaml +++ b/stable/prometheus-node-exporter/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.17.0" description: A Helm chart for prometheus node-exporter name: prometheus-node-exporter -version: 1.0.0 +version: 1.0.1 home: https://github.com/prometheus/node_exporter/ sources: - https://github.com/prometheus/node_exporter/ diff --git a/stable/prometheus-node-exporter/values.yaml b/stable/prometheus-node-exporter/values.yaml index 3169424347e4..6df243685d67 100644 --- a/stable/prometheus-node-exporter/values.yaml +++ b/stable/prometheus-node-exporter/values.yaml @@ -3,7 +3,7 @@ # Declare variables to be passed into your templates. image: repository: quay.io/prometheus/node-exporter - tag: v0.16.0 + tag: v0.17.0 pullPolicy: IfNotPresent service: From c9a192c9e4a4ad399616b39db39f8988bb0fee64 Mon Sep 17 00:00:00 2001 From: Oliver <32272028+olib963@users.noreply.github.com> Date: Thu, 20 Dec 2018 10:47:24 +0000 Subject: [PATCH 070/136] Add sealed secret chart (#8416) * Create Initial deployment and service Signed-off-by: Oliver Boyle * Add Custom Resource definition Signed-off-by: Oliver Boyle * Add option to use custom secret Signed-off-by: Oliver Boyle * Add RBAC and service account resources Signed-off-by: Oliver Boyle * Add NOTES documentation on how to use sealed secrets Signed-off-by: Oliver Boyle * Add README documentation Signed-off-by: Oliver Boyle * Add documentation to values file Signed-off-by: Oliver Boyle * Add lables to resources Signed-off-by: Oliver Boyle * Add missing values for resources & image. Add .helmignore Signed-off-by: Oliver Boyle * Use service account and fullname templates Signed-off-by: Oliver Boyle * Fix linting issues Signed-off-by: Oliver Boyle * Fix image name Signed-off-by: Oliver Boyle * Address code review comments Signed-off-by: Oliver Boyle * Use repository value Signed-off-by: Oliver Boyle * Address code review comments Signed-off-by: Oliver Boyle * Update labels to match new convention Signed-off-by: Oliver Boyle * Add helm keep annotation Signed-off-by: Oliver Boyle * Add maintainers and OWNERS Signed-off-by: Oliver Boyle * Use github name Signed-off-by: Oliver Boyle * Remove duplicate namespace Signed-off-by: Oliver Boyle * Make keeping CRD configurable Signed-off-by: Oliver Boyle Signed-off-by: Melissa Palmer --- stable/sealed-secrets/.helmignore | 21 +++++++ stable/sealed-secrets/Chart.yaml | 12 ++++ stable/sealed-secrets/OWNERS | 6 ++ stable/sealed-secrets/README.md | 46 ++++++++++++++ stable/sealed-secrets/ci/ci-values.yaml | 4 ++ stable/sealed-secrets/templates/NOTES.txt | 38 ++++++++++++ stable/sealed-secrets/templates/_helpers.tpl | 42 +++++++++++++ .../templates/cluster-role-binding.yaml | 21 +++++++ .../templates/cluster-role.yaml | 29 +++++++++ .../sealed-secrets/templates/deployment.yaml | 60 +++++++++++++++++++ .../templates/role-binding.yaml | 21 +++++++ stable/sealed-secrets/templates/role.yaml | 27 +++++++++ .../templates/sealedsecret-crd.yaml | 23 +++++++ .../templates/service-account.yaml | 12 ++++ stable/sealed-secrets/templates/service.yaml | 15 +++++ stable/sealed-secrets/values.yaml | 26 ++++++++ 16 files changed, 403 insertions(+) create mode 100644 stable/sealed-secrets/.helmignore create mode 100644 stable/sealed-secrets/Chart.yaml create mode 100644 stable/sealed-secrets/OWNERS create mode 100644 stable/sealed-secrets/README.md create mode 100644 stable/sealed-secrets/ci/ci-values.yaml create mode 100644 stable/sealed-secrets/templates/NOTES.txt create mode 100644 stable/sealed-secrets/templates/_helpers.tpl create mode 100644 stable/sealed-secrets/templates/cluster-role-binding.yaml create mode 100644 stable/sealed-secrets/templates/cluster-role.yaml create mode 100644 stable/sealed-secrets/templates/deployment.yaml create mode 100644 stable/sealed-secrets/templates/role-binding.yaml create mode 100644 stable/sealed-secrets/templates/role.yaml create mode 100644 stable/sealed-secrets/templates/sealedsecret-crd.yaml create mode 100644 stable/sealed-secrets/templates/service-account.yaml create mode 100644 stable/sealed-secrets/templates/service.yaml create mode 100644 stable/sealed-secrets/values.yaml diff --git a/stable/sealed-secrets/.helmignore b/stable/sealed-secrets/.helmignore new file mode 100644 index 000000000000..f0c131944441 --- /dev/null +++ b/stable/sealed-secrets/.helmignore @@ -0,0 +1,21 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj diff --git a/stable/sealed-secrets/Chart.yaml b/stable/sealed-secrets/Chart.yaml new file mode 100644 index 000000000000..7eda405ff8e9 --- /dev/null +++ b/stable/sealed-secrets/Chart.yaml @@ -0,0 +1,12 @@ +name: sealed-secrets +description: A Helm chart for Sealed Secrets +version: 1.0.0 +appVersion: 0.7.0 +kubeVersion: ">=1.9.0-0" +home: https://github.com/bitnami-labs/sealed-secrets +apiVersion: v1 +maintainers: + - name: stefanprodan + email: stefan.prodan@gmail.com + - name: olib963 + email: olib963@gmail.com diff --git a/stable/sealed-secrets/OWNERS b/stable/sealed-secrets/OWNERS new file mode 100644 index 000000000000..38f9f101a280 --- /dev/null +++ b/stable/sealed-secrets/OWNERS @@ -0,0 +1,6 @@ +approvers: +- olib963 +- stefanprodan +reviewers: +- olib963 +- stefanprodan diff --git a/stable/sealed-secrets/README.md b/stable/sealed-secrets/README.md new file mode 100644 index 000000000000..bc51aa5ba7d7 --- /dev/null +++ b/stable/sealed-secrets/README.md @@ -0,0 +1,46 @@ +# Sealed Secrets + +This chart contains the resources to use [sealed-secrets](https://github.com/bitnami-labs/sealed-secrets). + +## Prerequisites + +* Kubernetes >= 1.9 + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```bash +$ helm install --namespace kube-system --name my-release stable/sealed-secrets +``` + +The command deploys a controller and [CRD](https://kubernetes.io/docs/tasks/access-kubernetes-api/custom-resources/custom-resource-definitions/) for sealed secrets on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. + +## Uninstalling the Chart + +To uninstall/delete the `my-release` deployment: + +```bash +$ helm delete [--purge] my-release +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + + +## Configuration + +| Parameter | Description | Default | +|----------:|:------------|:--------| +| **rbac.create** | `true` if rbac resources should be created | `true` | +| **serviceAccount.create** | Whether to create a service account or not | `true` | +| **serviceAccount.name** | The name of the service account to create or use | `"sealed-secrets-controller"` | +| **secretName** | The name of the TLS secret containing the key used to encrypt secrets | `"sealed-secrets-key"` | +| **image.tag** | The `Sealed Secrets` image tag | `v0.7.0` | +| **image.pullPolicy** | The image pull policy for the deployment | `IfNotPresent` | +| **image.repository** | The repository to get the controller image from | `quay.io/bitnami/sealed-secrets-controller` | +| **resources** | CPU/Memory resource requests/limits | `{}` | +| **crd.keep** | `true` if the sealed secret CRD should be kept when the chart is deleted | `true` | + +- In the case that **serviceAccount.create** is `false` and **rbac.create** is `true` it is expected for a service account with the name **serviceAccount.name** to exist _in the same namespace as this chart_ before installation. +- If **serviceAccount.create** is `true` there cannot be an existing service account with the name **serviceAccount.name**. +- If a secret with name **secretName** does not exist _in the same namespace as this chart_, then on install one will be created. If a secret already exists with this name the keys inside will be used. diff --git a/stable/sealed-secrets/ci/ci-values.yaml b/stable/sealed-secrets/ci/ci-values.yaml new file mode 100644 index 000000000000..f9e5b0bc86ea --- /dev/null +++ b/stable/sealed-secrets/ci/ci-values.yaml @@ -0,0 +1,4 @@ +# CI is running on GKE, it requires the chart to clean up after itself so we cannot keep the CRD + +crd: + keep: false diff --git a/stable/sealed-secrets/templates/NOTES.txt b/stable/sealed-secrets/templates/NOTES.txt new file mode 100644 index 000000000000..210057ce5317 --- /dev/null +++ b/stable/sealed-secrets/templates/NOTES.txt @@ -0,0 +1,38 @@ +You should now be able to create sealed secrets. + +1. Install client-side tool into /usr/local/bin/ + +GOOS=$(go env GOOS) +GOARCH=$(go env GOARCH) +wget https://github.com/bitnami-labs/sealed-secrets/releases/download/$release/kubeseal-$GOOS-$GOARCH +sudo install -m 755 kubeseal-$GOOS-$GOARCH /usr/local/bin/kubeseal + +2. Create a sealed secret file + +# note the use of `--dry-run` - this does not create a secret in your cluster +kubectl create secret generic secret-name --dry-run --from-literal=foo=bar -o [json|yaml] | kubeseal --format [json|yaml] > mysealedsecret.[json|yaml] + +The file mysealedsecret.[json|yaml] is a commitable file. + +If you would rather not need access to the cluster to generate the sealed secret you can run + +kubeseal --fetch-cert > mycert.pem + +to retrieve the public cert used for encryption and store it locally. You can then run 'kubeseal --cert mycert.pem' instead to use the local cert e.g. + +kubectl create secret generic secret-name --dry-run --from-literal=foo=bar -o [json|yaml] | kubeseal --format [json|yaml] --cert mycert.pem > mysealedsecret.[json|yaml] + +3. Apply the sealed secret + +kubectl create -f mysealedsecret.[json|yaml] + +Running 'kubectl get secret secret-name -o [json|yaml]' will show the decrypted secret that was generated from the sealed secret. + +Both the SealedSecret and generated Secret must have the same name and namespace. + +{{ if not (eq .Release.Namespace "kube-system") }} +-------------------------------------------------------------------------------------------------- + +Please Note: Since this chart was not installed in the kube-system namespace all kubeseal commands must pass the option `--controller-namespace {{ .Release.Namespace }}` + +{{ end }} diff --git a/stable/sealed-secrets/templates/_helpers.tpl b/stable/sealed-secrets/templates/_helpers.tpl new file mode 100644 index 000000000000..b8406ca28a5f --- /dev/null +++ b/stable/sealed-secrets/templates/_helpers.tpl @@ -0,0 +1,42 @@ +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "sealed-secrets.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Expand the name of the chart. +*/}} +{{- define "sealed-secrets.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "sealed-secrets.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create the name of the service account to use +*/}} +{{- define "sealed-secrets.serviceAccountName" -}} +{{- if .Values.serviceAccount.create -}} + {{ default (include "sealed-secrets.fullname" .) .Values.serviceAccount.name }} +{{- else -}} + {{ default "default" .Values.serviceAccount.name }} +{{- end -}} +{{- end -}} diff --git a/stable/sealed-secrets/templates/cluster-role-binding.yaml b/stable/sealed-secrets/templates/cluster-role-binding.yaml new file mode 100644 index 000000000000..4bb837721246 --- /dev/null +++ b/stable/sealed-secrets/templates/cluster-role-binding.yaml @@ -0,0 +1,21 @@ +{{ if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: {{ template "sealed-secrets.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "sealed-secrets.name" . }} + helm.sh/chart: {{ template "sealed-secrets.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: secrets-unsealer +subjects: + - apiGroup: "" + kind: ServiceAccount + name: {{ template "sealed-secrets.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{ end }} diff --git a/stable/sealed-secrets/templates/cluster-role.yaml b/stable/sealed-secrets/templates/cluster-role.yaml new file mode 100644 index 000000000000..e0128d4642b7 --- /dev/null +++ b/stable/sealed-secrets/templates/cluster-role.yaml @@ -0,0 +1,29 @@ +{{ if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: secrets-unsealer + labels: + app.kubernetes.io/name: {{ template "sealed-secrets.name" . }} + helm.sh/chart: {{ template "sealed-secrets.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: + - apiGroups: + - bitnami.com + resources: + - sealedsecrets + verbs: + - get + - list + - watch + - apiGroups: + - "" + resources: + - secrets + verbs: + - create + - update + - delete +{{ end }} diff --git a/stable/sealed-secrets/templates/deployment.yaml b/stable/sealed-secrets/templates/deployment.yaml new file mode 100644 index 000000000000..56cc7b1d995d --- /dev/null +++ b/stable/sealed-secrets/templates/deployment.yaml @@ -0,0 +1,60 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ template "sealed-secrets.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "sealed-secrets.name" . }} + helm.sh/chart: {{ template "sealed-secrets.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + selector: + matchLabels: + app.kubernetes.io/name: {{ template "sealed-secrets.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ template "sealed-secrets.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + serviceAccountName: {{ template "sealed-secrets.serviceAccountName" . }} + containers: + - name: {{ template "sealed-secrets.fullname" . }} + command: + - controller + args: + - "--key-name" + - "{{ .Values.secretName }}" + image: {{ .Values.image.repository }}:{{ .Values.image.tag }} + imagePullPolicy: {{ .Values.image.pullPolicy }} + ports: + - containerPort: 8080 + name: http + livenessProbe: + httpGet: + path: /healthz + port: 8080 + readinessProbe: + httpGet: + path: /healthz + port: 8080 + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 1001 + resources: +{{ toYaml .Values.resources | indent 12 }} + {{- with .Values.nodeSelector }} + nodeSelector: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: +{{ toYaml . | indent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: +{{ toYaml . | indent 8 }} + {{- end }} diff --git a/stable/sealed-secrets/templates/role-binding.yaml b/stable/sealed-secrets/templates/role-binding.yaml new file mode 100644 index 000000000000..bc87630cacb1 --- /dev/null +++ b/stable/sealed-secrets/templates/role-binding.yaml @@ -0,0 +1,21 @@ +{{ if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ template "sealed-secrets.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "sealed-secrets.name" . }} + helm.sh/chart: {{ template "sealed-secrets.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: Role + name: sealed-secrets-key-admin +subjects: + - apiGroup: "" + kind: ServiceAccount + name: {{ template "sealed-secrets.serviceAccountName" . }} + namespace: {{ .Release.Namespace }} +{{ end }} diff --git a/stable/sealed-secrets/templates/role.yaml b/stable/sealed-secrets/templates/role.yaml new file mode 100644 index 000000000000..71fc374be0d5 --- /dev/null +++ b/stable/sealed-secrets/templates/role.yaml @@ -0,0 +1,27 @@ +{{ if .Values.rbac.create }} +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: sealed-secrets-key-admin + labels: + app.kubernetes.io/name: {{ template "sealed-secrets.name" . }} + helm.sh/chart: {{ template "sealed-secrets.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +rules: + - apiGroups: + - "" + resourceNames: + - {{ .Values.secretName }} + resources: + - secrets + verbs: + - get + - apiGroups: + - "" + resources: + - secrets + verbs: + - create +{{ end }} diff --git a/stable/sealed-secrets/templates/sealedsecret-crd.yaml b/stable/sealed-secrets/templates/sealedsecret-crd.yaml new file mode 100644 index 000000000000..7971af53f0b8 --- /dev/null +++ b/stable/sealed-secrets/templates/sealedsecret-crd.yaml @@ -0,0 +1,23 @@ +apiVersion: apiextensions.k8s.io/v1beta1 +kind: CustomResourceDefinition +metadata: + name: sealedsecrets.bitnami.com + {{ if .Values.crd.keep }} + annotations: + "helm.sh/resource-policy": keep + {{ end }} + labels: + app.kubernetes.io/name: {{ template "sealed-secrets.name" . }} + helm.sh/chart: {{ template "sealed-secrets.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + group: bitnami.com + names: + kind: SealedSecret + listKind: SealedSecretList + plural: sealedsecrets + singular: sealedsecret + scope: Namespaced + version: v1alpha1 diff --git a/stable/sealed-secrets/templates/service-account.yaml b/stable/sealed-secrets/templates/service-account.yaml new file mode 100644 index 000000000000..8333f41f7c99 --- /dev/null +++ b/stable/sealed-secrets/templates/service-account.yaml @@ -0,0 +1,12 @@ +{{ if .Values.serviceAccount.create }} +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ template "sealed-secrets.serviceAccountName" . }} + labels: + app.kubernetes.io/name: {{ template "sealed-secrets.name" . }} + helm.sh/chart: {{ template "sealed-secrets.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +{{ end }} diff --git a/stable/sealed-secrets/templates/service.yaml b/stable/sealed-secrets/templates/service.yaml new file mode 100644 index 000000000000..845933b82b6c --- /dev/null +++ b/stable/sealed-secrets/templates/service.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Service +metadata: + name: {{ template "sealed-secrets.fullname" . }} + labels: + app.kubernetes.io/name: {{ template "sealed-secrets.name" . }} + helm.sh/chart: {{ template "sealed-secrets.chart" . }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/version: {{ .Chart.AppVersion }} +spec: + ports: + - port: 8080 + selector: + name: {{ template "sealed-secrets.fullname" . }} diff --git a/stable/sealed-secrets/values.yaml b/stable/sealed-secrets/values.yaml new file mode 100644 index 000000000000..e73a240798e3 --- /dev/null +++ b/stable/sealed-secrets/values.yaml @@ -0,0 +1,26 @@ +image: + repository: quay.io/bitnami/sealed-secrets-controller + tag: v0.7.0 + pullPolicy: IfNotPresent + +resources: {} +nodeSelector: {} +tolerations: [] +affinity: {} + +serviceAccount: + # serviceAccount.create: Whether to create a service account or not + create: true + # serviceAccount.name: The name of the service account to create or use + name: "" + +rbac: + # rbac.create: `true` if rbac resources should be created + create: true + +# secretName: The name of the TLS secret containing the key used to encrypt secrets +secretName: "sealed-secrets-key" + +crd: + # crd.keep: `true` if the sealed secret CRD should be kept when the chart is deleted + keep: true From bf52d9ed657dd378a1247f2f6e99f1acf62aab8c Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Thu, 20 Dec 2018 12:02:29 +0100 Subject: [PATCH 071/136] [stable/mm-te] adding recommended label (#10062) * adding reccomended label Signed-off-by: cpanato * update Signed-off-by: cpanato * fix notes Signed-off-by: cpanato Signed-off-by: Melissa Palmer --- stable/mattermost-team-edition/Chart.yaml | 2 +- stable/mattermost-team-edition/templates/NOTES.txt | 2 +- .../mattermost-team-edition/templates/configmap-config.yaml | 3 ++- stable/mattermost-team-edition/templates/deployment.yaml | 6 ++++-- stable/mattermost-team-edition/templates/ingress.yaml | 3 ++- stable/mattermost-team-edition/templates/pvc.yaml | 3 ++- stable/mattermost-team-edition/templates/service.yaml | 5 +++-- .../templates/tests/mattermost-config-test.yaml | 5 +++-- .../templates/tests/mattermost-test.yaml | 5 +++-- 9 files changed, 21 insertions(+), 13 deletions(-) diff --git a/stable/mattermost-team-edition/Chart.yaml b/stable/mattermost-team-edition/Chart.yaml index 8531cb3ea86f..8f921f49d84d 100644 --- a/stable/mattermost-team-edition/Chart.yaml +++ b/stable/mattermost-team-edition/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Mattermost Team Edition server. name: mattermost-team-edition -version: 2.1.1 +version: 2.1.2 appVersion: 5.6.1 keywords: - mattermost diff --git a/stable/mattermost-team-edition/templates/NOTES.txt b/stable/mattermost-team-edition/templates/NOTES.txt index 2dfeded5d180..35fba34c6bf8 100644 --- a/stable/mattermost-team-edition/templates/NOTES.txt +++ b/stable/mattermost-team-edition/templates/NOTES.txt @@ -1,6 +1,6 @@ You can easily connect to the remote instance from your browser. Forward the webserver port to localhost:8065 -- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "mattermost-team-edition.fullname" . }},release={{ .Release.Name }}" -o jsonpath='{ .items[0].metadata.name }') 8080:8065 +- kubectl port-forward --namespace {{ .Release.Namespace }} $(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "mattermost-team-edition.name" . }},release={{ .Release.Name }}" -o jsonpath='{ .items[0].metadata.name }') 8080:8065 {{ if .Values.ingress.enabled }} diff --git a/stable/mattermost-team-edition/templates/configmap-config.yaml b/stable/mattermost-team-edition/templates/configmap-config.yaml index 71bd96d64e88..5c29dfc17877 100644 --- a/stable/mattermost-team-edition/templates/configmap-config.yaml +++ b/stable/mattermost-team-edition/templates/configmap-config.yaml @@ -1,11 +1,12 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "mattermost-team-edition.fullname" . }}-config-json + name: {{ include "mattermost-team-edition.fullname" . }}-config-json labels: app.kubernetes.io/name: {{ include "mattermost-team-edition.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "mattermost-team-edition.chart" . }} data: config.json: | {{ include "config.tpl" . | printf "%s" | indent 4 }} diff --git a/stable/mattermost-team-edition/templates/deployment.yaml b/stable/mattermost-team-edition/templates/deployment.yaml index 7cce74f8b2df..a94c2d05a851 100644 --- a/stable/mattermost-team-edition/templates/deployment.yaml +++ b/stable/mattermost-team-edition/templates/deployment.yaml @@ -1,11 +1,12 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: {{ template "mattermost-team-edition.fullname" . }} + name: {{ include "mattermost-team-edition.fullname" . }} labels: app.kubernetes.io/name: {{ include "mattermost-team-edition.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "mattermost-team-edition.chart" . }} spec: replicas: 1 strategy: @@ -25,6 +26,7 @@ spec: app.kubernetes.io/name: {{ include "mattermost-team-edition.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "mattermost-team-edition.chart" . }} spec: initContainers: {{- if not .Values.externalDB.enabled }} @@ -73,7 +75,7 @@ spec: volumes: - name: config-json configMap: - name: {{ template "mattermost-team-edition.fullname" . }}-config-json + name: {{ include "mattermost-team-edition.fullname" . }}-config-json items: - key: config.json path: config.json diff --git a/stable/mattermost-team-edition/templates/ingress.yaml b/stable/mattermost-team-edition/templates/ingress.yaml index c5bd4ee975dd..1a01afe985f9 100644 --- a/stable/mattermost-team-edition/templates/ingress.yaml +++ b/stable/mattermost-team-edition/templates/ingress.yaml @@ -5,11 +5,12 @@ apiVersion: extensions/v1beta1 kind: Ingress metadata: - name: {{ template "mattermost-team-edition.fullname" . }} + name: {{ include "mattermost-team-edition.fullname" . }} labels: app.kubernetes.io/name: {{ include "mattermost-team-edition.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "mattermost-team-edition.chart" . }} annotations: {{ if .Values.ingress.tls }} nginx.ingress.kubernetes.io/ssl-redirect: "true" diff --git a/stable/mattermost-team-edition/templates/pvc.yaml b/stable/mattermost-team-edition/templates/pvc.yaml index 17a2293b0575..50bb5e7e87cf 100644 --- a/stable/mattermost-team-edition/templates/pvc.yaml +++ b/stable/mattermost-team-edition/templates/pvc.yaml @@ -2,11 +2,12 @@ kind: PersistentVolumeClaim apiVersion: v1 metadata: - name: {{ template "mattermost-team-edition.fullname" . }} + name: {{ include "mattermost-team-edition.fullname" . }} labels: app.kubernetes.io/name: {{ include "mattermost-team-edition.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "mattermost-team-edition.chart" . }} annotations: {{ range $key, $value := .Values.persistence.data.annotations }} {{ $key }}: {{ $value | quote }} diff --git a/stable/mattermost-team-edition/templates/service.yaml b/stable/mattermost-team-edition/templates/service.yaml index baa1cef01f78..a4e8e8434ce9 100644 --- a/stable/mattermost-team-edition/templates/service.yaml +++ b/stable/mattermost-team-edition/templates/service.yaml @@ -1,11 +1,12 @@ apiVersion: v1 kind: Service metadata: - name: {{ template "mattermost-team-edition.name" . }} + name: {{ include "mattermost-team-edition.name" . }} labels: app.kubernetes.io/name: {{ include "mattermost-team-edition.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "mattermost-team-edition.chart" . }} spec: selector: app.kubernetes.io/name: {{ include "mattermost-team-edition.name" . }} @@ -16,4 +17,4 @@ spec: - port: {{ .Values.service.externalPort }} targetPort: {{ .Values.service.internalPort }} protocol: TCP - name: {{ template "mattermost-team-edition.name" . }} + name: {{ include "mattermost-team-edition.name" . }} diff --git a/stable/mattermost-team-edition/templates/tests/mattermost-config-test.yaml b/stable/mattermost-team-edition/templates/tests/mattermost-config-test.yaml index 2c10981911f2..0a2897fe8338 100644 --- a/stable/mattermost-team-edition/templates/tests/mattermost-config-test.yaml +++ b/stable/mattermost-team-edition/templates/tests/mattermost-config-test.yaml @@ -1,13 +1,14 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "mattermost-team-edition.fullname" . }}-tests + name: {{ include "mattermost-team-edition.fullname" . }}-tests labels: app.kubernetes.io/name: {{ include "mattermost-team-edition.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "mattermost-team-edition.chart" . }} data: run.sh: |- @test "Testing Mattermost is accessible" { - curl --retry 48 --retry-delay 10 {{ template "mattermost-team-edition.name" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.internalPort }} + curl --retry 48 --retry-delay 10 {{ include "mattermost-team-edition.name" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.internalPort }} } diff --git a/stable/mattermost-team-edition/templates/tests/mattermost-test.yaml b/stable/mattermost-team-edition/templates/tests/mattermost-test.yaml index b3d6cd3df04b..ee24e7a14840 100644 --- a/stable/mattermost-team-edition/templates/tests/mattermost-test.yaml +++ b/stable/mattermost-team-edition/templates/tests/mattermost-test.yaml @@ -1,11 +1,12 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ template "mattermost-team-edition.fullname" . }}-test-{{ randAlphaNum 5 | lower }}" + name: "{{ include "mattermost-team-edition.fullname" . }}-test-{{ randAlphaNum 5 | lower }}" labels: app.kubernetes.io/name: {{ include "mattermost-team-edition.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "mattermost-team-edition.chart" . }} annotations: "helm.sh/hook": test-success spec: @@ -35,7 +36,7 @@ spec: volumes: - name: tests configMap: - name: {{ template "mattermost-team-edition.fullname" . }}-tests + name: {{ include "mattermost-team-edition.fullname" . }}-tests - name: tools emptyDir: {} restartPolicy: Never From 5ec315ace1ffcda67cccbfe61dd90be3e7797d7e Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Thu, 20 Dec 2018 12:19:17 +0100 Subject: [PATCH 072/136] bump operator to 1.8.2 and add recommended label (#10064) Signed-off-by: cpanato Signed-off-by: Melissa Palmer --- stable/jaeger-operator/Chart.yaml | 4 ++-- stable/jaeger-operator/README.md | 2 +- stable/jaeger-operator/templates/crd.yaml | 1 + stable/jaeger-operator/templates/deployment.yaml | 3 +++ stable/jaeger-operator/templates/role-binding.yaml | 1 + stable/jaeger-operator/templates/role.yaml | 1 + stable/jaeger-operator/templates/service-account.yaml | 1 + stable/jaeger-operator/values.yaml | 2 +- 8 files changed, 11 insertions(+), 4 deletions(-) diff --git a/stable/jaeger-operator/Chart.yaml b/stable/jaeger-operator/Chart.yaml index 67c51267ffcf..daf52cf988c3 100644 --- a/stable/jaeger-operator/Chart.yaml +++ b/stable/jaeger-operator/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: jaeger-operator Helm chart for Kubernetes name: jaeger-operator -version: 2.0.0 -appVersion: 1.8.0 +version: 2.1.0 +appVersion: 1.8.2 home: https://www.jaegertracing.io/ icon: https://www.jaegertracing.io/img/jaeger-icon-reverse-color.svg source: https://github.com/jaegertracing/jaeger-operator diff --git a/stable/jaeger-operator/README.md b/stable/jaeger-operator/README.md index 1edb03f062d5..3c162289b824 100644 --- a/stable/jaeger-operator/README.md +++ b/stable/jaeger-operator/README.md @@ -44,7 +44,7 @@ The following table lists the configurable parameters of the jaeger-operator cha Parameter | Description | Default --- | --- | --- `image.repository` | controller container image repository | `jaegertracing/jaeger-operator` -`image.tag` | controller container image tag | `1.8.0` +`image.tag` | controller container image tag | `1.8.2` `image.pullPolicy` | controller container image pull policy | `IfNotPresent` `rbac.create` | all required roles and SA will be created | `true` `resources` | k8s pod resorces | `None` diff --git a/stable/jaeger-operator/templates/crd.yaml b/stable/jaeger-operator/templates/crd.yaml index 216f0bb3347f..f7d6bb2cb3bf 100644 --- a/stable/jaeger-operator/templates/crd.yaml +++ b/stable/jaeger-operator/templates/crd.yaml @@ -11,6 +11,7 @@ metadata: app.kubernetes.io/name: {{ include "jaeger-operator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "jaeger-operator.chart" . }} spec: group: io.jaegertracing names: diff --git a/stable/jaeger-operator/templates/deployment.yaml b/stable/jaeger-operator/templates/deployment.yaml index 508de3c5f8ce..bfba3c984e17 100644 --- a/stable/jaeger-operator/templates/deployment.yaml +++ b/stable/jaeger-operator/templates/deployment.yaml @@ -6,6 +6,7 @@ metadata: app.kubernetes.io/name: {{ include "jaeger-operator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "jaeger-operator.chart" . }} spec: replicas: 1 selector: @@ -18,6 +19,8 @@ spec: labels: app.kubernetes.io/name: {{ include "jaeger-operator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "jaeger-operator.chart" . }} spec: {{- if .Values.serviceAccount.create }} serviceAccountName: {{ include "jaeger-operator.serviceAccountName" . }} diff --git a/stable/jaeger-operator/templates/role-binding.yaml b/stable/jaeger-operator/templates/role-binding.yaml index 8a6b3d8bcfea..9d293ec8a088 100644 --- a/stable/jaeger-operator/templates/role-binding.yaml +++ b/stable/jaeger-operator/templates/role-binding.yaml @@ -8,6 +8,7 @@ metadata: app.kubernetes.io/name: {{ include "jaeger-operator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "jaeger-operator.chart" . }} subjects: - kind: ServiceAccount namespace: {{ .Release.Namespace }} diff --git a/stable/jaeger-operator/templates/role.yaml b/stable/jaeger-operator/templates/role.yaml index c7966cafc158..9da96c70b22e 100644 --- a/stable/jaeger-operator/templates/role.yaml +++ b/stable/jaeger-operator/templates/role.yaml @@ -7,6 +7,7 @@ metadata: app.kubernetes.io/name: {{ include "jaeger-operator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "jaeger-operator.chart" . }} rules: - apiGroups: - io.jaegertracing diff --git a/stable/jaeger-operator/templates/service-account.yaml b/stable/jaeger-operator/templates/service-account.yaml index 65faec756bd9..ca6cde47b2c8 100644 --- a/stable/jaeger-operator/templates/service-account.yaml +++ b/stable/jaeger-operator/templates/service-account.yaml @@ -8,4 +8,5 @@ metadata: app.kubernetes.io/name: {{ include "jaeger-operator.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "jaeger-operator.chart" . }} {{- end }} diff --git a/stable/jaeger-operator/values.yaml b/stable/jaeger-operator/values.yaml index 7f59a33f4e6d..c4be37f9112f 100644 --- a/stable/jaeger-operator/values.yaml +++ b/stable/jaeger-operator/values.yaml @@ -3,7 +3,7 @@ # Declare variables to be passed into your templates. image: repository: jaegertracing/jaeger-operator - tag: 1.8.0 + tag: 1.8.2 pullPolicy: IfNotPresent rbac: From 966d0fca5443243e7eba1014297e3baa1f5136c0 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Thu, 20 Dec 2018 12:44:56 +0100 Subject: [PATCH 073/136] [stable/inbucket] adding recommended label (#10063) * adding recomended label Signed-off-by: cpanato * update Signed-off-by: cpanato Signed-off-by: Melissa Palmer --- stable/inbucket/Chart.yaml | 2 +- stable/inbucket/templates/NOTES.txt | 14 +++++++------- stable/inbucket/templates/configmap.yaml | 3 ++- stable/inbucket/templates/deployment.yaml | 9 ++++++--- stable/inbucket/templates/ingress.yaml | 1 + stable/inbucket/templates/service.yaml | 3 ++- .../templates/tests/inbucket-config-test.yaml | 5 +++-- stable/inbucket/templates/tests/inbucket-test.yaml | 5 +++-- 8 files changed, 25 insertions(+), 17 deletions(-) diff --git a/stable/inbucket/Chart.yaml b/stable/inbucket/Chart.yaml index 497e20a3ee8f..0a0ff84f70fd 100644 --- a/stable/inbucket/Chart.yaml +++ b/stable/inbucket/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 description: Inbucket is an email testing application name: inbucket appVersion: 2.0.0 -version: 3.0.0 +version: 3.1.0 keywords: - inbucket - mail diff --git a/stable/inbucket/templates/NOTES.txt b/stable/inbucket/templates/NOTES.txt index a95e095d9037..b4d4d97abd70 100644 --- a/stable/inbucket/templates/NOTES.txt +++ b/stable/inbucket/templates/NOTES.txt @@ -1,34 +1,34 @@ Inbucket can be accessed via ports {{ .Values.service.port.http }} (HTTP) and {{ .Values.service.port.smtp }} (SMTP) on the following DNS name from within your cluster: -{{ template "inbucket.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local +{{ include "inbucket.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local If you'd like to test your instance, forward the ports locally: Web UI: ======= -export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "inbucket.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") +export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ include "inbucket.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.service.port.http }} or -kubectl port-forward --namespace {{ .Release.Namespace }} service/{{ template "inbucket.fullname" . }} {{ .Values.service.port.http }} +kubectl port-forward --namespace {{ .Release.Namespace }} service/{{ include "inbucket.fullname" . }} {{ .Values.service.port.http }} SMTP Server: ============ -export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "inbucket.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") +export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ include "inbucket.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.service.port.smtp }} or -kubectl port-forward --namespace {{ .Release.Namespace }} service/{{ template "inbucket.fullname" . }} {{ .Values.service.port.smtp }} +kubectl port-forward --namespace {{ .Release.Namespace }} service/{{ include "inbucket.fullname" . }} {{ .Values.service.port.smtp }} POP3 Server: ============ -export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "inbucket.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") +export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ include "inbucket.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.service.port.pop3 }} or -kubectl port-forward --namespace {{ .Release.Namespace }} service/{{ template "inbucket.fullname" . }} {{ .Values.service.port.pop3 }} \ No newline at end of file +kubectl port-forward --namespace {{ .Release.Namespace }} service/{{ include "inbucket.fullname" . }} {{ .Values.service.port.pop3 }} \ No newline at end of file diff --git a/stable/inbucket/templates/configmap.yaml b/stable/inbucket/templates/configmap.yaml index 87d294cc9150..100fb804ff39 100644 --- a/stable/inbucket/templates/configmap.yaml +++ b/stable/inbucket/templates/configmap.yaml @@ -1,10 +1,11 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "inbucket.name" . }}-configmap + name: {{ include "inbucket.name" . }}-configmap labels: app.kubernetes.io/name: {{ include "inbucket.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "inbucket.chart" . }} data: {{ toYaml .Values.extraEnv | indent 2 }} diff --git a/stable/inbucket/templates/deployment.yaml b/stable/inbucket/templates/deployment.yaml index 3cac01544229..d2c2509b4f9d 100644 --- a/stable/inbucket/templates/deployment.yaml +++ b/stable/inbucket/templates/deployment.yaml @@ -5,7 +5,8 @@ metadata: app.kubernetes.io/name: {{ include "inbucket.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - name: {{ template "inbucket.fullname" . }} + helm.sh/chart: {{ include "inbucket.chart" . }} + name: {{ include "inbucket.fullname" . }} spec: selector: matchLabels: @@ -20,14 +21,16 @@ spec: labels: app.kubernetes.io/name: {{ include "inbucket.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "inbucket.chart" . }} spec: containers: - - name: {{ template "inbucket.name" . }} + - name: {{ include "inbucket.name" . }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: "{{ .Values.image.pullPolicy }}" envFrom: - configMapRef: - name: {{ template "inbucket.name" . }}-configmap + name: {{ include "inbucket.name" . }}-configmap ports: - name: http containerPort: 9000 diff --git a/stable/inbucket/templates/ingress.yaml b/stable/inbucket/templates/ingress.yaml index 2a173fdb7e49..20780ec6c59c 100644 --- a/stable/inbucket/templates/ingress.yaml +++ b/stable/inbucket/templates/ingress.yaml @@ -12,6 +12,7 @@ metadata: app.kubernetes.io/name: {{ include "inbucket.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "inbucket.chart" . }} name: {{ $fullName }} spec: {{- if .Values.ingress.tls }} diff --git a/stable/inbucket/templates/service.yaml b/stable/inbucket/templates/service.yaml index 46647e692f16..69dfea7d2211 100644 --- a/stable/inbucket/templates/service.yaml +++ b/stable/inbucket/templates/service.yaml @@ -9,7 +9,8 @@ metadata: app.kubernetes.io/name: {{ include "inbucket.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} - name: {{ template "inbucket.fullname" . }} + helm.sh/chart: {{ include "inbucket.chart" . }} + name: {{ include "inbucket.fullname" . }} spec: type: "{{ .Values.service.type }}" clusterIP: "{{ .Values.service.clusterIP }}" diff --git a/stable/inbucket/templates/tests/inbucket-config-test.yaml b/stable/inbucket/templates/tests/inbucket-config-test.yaml index 41070bfd95e4..172941c84dd3 100644 --- a/stable/inbucket/templates/tests/inbucket-config-test.yaml +++ b/stable/inbucket/templates/tests/inbucket-config-test.yaml @@ -2,13 +2,14 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "inbucket.name" . }}-tests + name: {{ include "inbucket.name" . }}-tests labels: app.kubernetes.io/name: {{ include "inbucket.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "inbucket.chart" . }} data: run.sh: |- @test "Testing Inbucket is accessible" { - curl --retry 48 --retry-delay 10 {{ template "inbucket.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.port.http }} + curl --retry 48 --retry-delay 10 {{ include "inbucket.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.port.http }} } diff --git a/stable/inbucket/templates/tests/inbucket-test.yaml b/stable/inbucket/templates/tests/inbucket-test.yaml index 41a900d56886..5fc64b529de7 100644 --- a/stable/inbucket/templates/tests/inbucket-test.yaml +++ b/stable/inbucket/templates/tests/inbucket-test.yaml @@ -1,11 +1,12 @@ apiVersion: v1 kind: Pod metadata: - name: "{{ template "inbucket.name" . }}-test-{{ randAlphaNum 5 | lower }}" + name: "{{ include "inbucket.name" . }}-test-{{ randAlphaNum 5 | lower }}" labels: app.kubernetes.io/name: {{ include "inbucket.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} + helm.sh/chart: {{ include "inbucket.chart" . }} annotations: "helm.sh/hook": test-success spec: @@ -35,7 +36,7 @@ spec: volumes: - name: tests configMap: - name: {{ template "inbucket.name" . }}-tests + name: {{ include "inbucket.name" . }}-tests - name: tools emptyDir: {} restartPolicy: Never \ No newline at end of file From b5c87facbb65e5d4b91ca4c0c9d1102f27fbd420 Mon Sep 17 00:00:00 2001 From: "Hoffmeister, Stefan" Date: Thu, 20 Dec 2018 13:38:42 +0100 Subject: [PATCH 074/136] [stable/minio] Fix probes to use correct HTTP scheme (#10128) * - use HTTPs probes when TLS is enabled - minor documentation fix fixes #10126 Signed-off-by: Stefan Hoffmeister * bump chart version Signed-off-by: Stefan Hoffmeister Signed-off-by: Melissa Palmer --- stable/minio/Chart.yaml | 2 +- stable/minio/README.md | 2 +- stable/minio/templates/deployment.yaml | 6 ++++++ 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/stable/minio/Chart.yaml b/stable/minio/Chart.yaml index c9e68ca73b1d..79cd818d24c0 100755 --- a/stable/minio/Chart.yaml +++ b/stable/minio/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Minio is a high performance distributed object storage server, designed for large-scale private cloud infrastructure. name: minio -version: 2.2.0 +version: 2.2.1 appVersion: RELEASE.2018-12-06T01-27-43Z keywords: - storage diff --git a/stable/minio/README.md b/stable/minio/README.md index 113c2e19847c..4dfc20180fad 100644 --- a/stable/minio/README.md +++ b/stable/minio/README.md @@ -124,7 +124,7 @@ The following table lists the configurable parameters of the Minio chart and the | `nodeSelector` | Node labels for pod assignment | `{}` | | `affinity` | Affinity settings for pod assignment | `{}` | | `tolerations` | Toleration labels for pod assignment | `[]` | -| `tls.enable` | Enable TLS for Minio server | `false` | +| `tls.enabled` | Enable TLS for Minio server | `false` | | `tls.certSecret` | Kubernetes Secret with `public.crt` and `private.key` files. | `""` | | `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | `5` | | `livenessProbe.periodSeconds` | How often to perform the probe | `30` | diff --git a/stable/minio/templates/deployment.yaml b/stable/minio/templates/deployment.yaml index 3a9fe5a28a34..423702258214 100644 --- a/stable/minio/templates/deployment.yaml +++ b/stable/minio/templates/deployment.yaml @@ -125,6 +125,9 @@ spec: {{- end}} livenessProbe: httpGet: + {{- if .Values.tls.enabled }} + scheme: HTTPS + {{- end }} path: /minio/health/live port: service initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} @@ -134,6 +137,9 @@ spec: failureThreshold: {{ .Values.livenessProbe.failureThreshold }} readinessProbe: httpGet: + {{- if .Values.tls.enabled }} + scheme: HTTPS + {{- end }} path: /minio/health/ready port: service periodSeconds: {{ .Values.readinessProbe.periodSeconds }} From c4a54fefebf91aff0ecbab8976c032181f81016d Mon Sep 17 00:00:00 2001 From: Jonathan Liuti Date: Thu, 20 Dec 2018 15:06:59 +0100 Subject: [PATCH 075/136] Fix sealed secrets service selector (#10167) Signed-off-by: Jonathan Liuti Signed-off-by: Melissa Palmer --- stable/sealed-secrets/Chart.yaml | 2 +- stable/sealed-secrets/templates/service.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/sealed-secrets/Chart.yaml b/stable/sealed-secrets/Chart.yaml index 7eda405ff8e9..d9a437a452ef 100644 --- a/stable/sealed-secrets/Chart.yaml +++ b/stable/sealed-secrets/Chart.yaml @@ -1,6 +1,6 @@ name: sealed-secrets description: A Helm chart for Sealed Secrets -version: 1.0.0 +version: 1.0.1 appVersion: 0.7.0 kubeVersion: ">=1.9.0-0" home: https://github.com/bitnami-labs/sealed-secrets diff --git a/stable/sealed-secrets/templates/service.yaml b/stable/sealed-secrets/templates/service.yaml index 845933b82b6c..243265fe9c64 100644 --- a/stable/sealed-secrets/templates/service.yaml +++ b/stable/sealed-secrets/templates/service.yaml @@ -12,4 +12,4 @@ spec: ports: - port: 8080 selector: - name: {{ template "sealed-secrets.fullname" . }} + app.kubernetes.io/name: {{ template "sealed-secrets.name" . }} From a991cf21145f4831dc2246b344e5223083f635e6 Mon Sep 17 00:00:00 2001 From: Bradley Weston Date: Thu, 20 Dec 2018 14:30:45 +0000 Subject: [PATCH 076/136] Bump Traefik version to 1.7.6 resolved CVE-2018-16875 (#10096) * Bump Traefik version to 1.7.6 resolved CVE-2018-16875 * Issue: [https://github.com/golang/go/issues/29233] * Release of Traefik with fix: [https://github.com/containous/traefik/releases/tag/v1.7.6] Signed-off-by: Bradley Weston * fix chart and readme Signed-off-by: David J. M. Karlsen Signed-off-by: Melissa Palmer --- stable/traefik/Chart.yaml | 4 ++-- stable/traefik/README.md | 2 +- stable/traefik/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/traefik/Chart.yaml b/stable/traefik/Chart.yaml index f9b10674234e..db82bb942312 100755 --- a/stable/traefik/Chart.yaml +++ b/stable/traefik/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: traefik -version: 1.55.1 -appVersion: 1.7.4 +version: 1.55.2 +appVersion: 1.7.6 description: A Traefik based Kubernetes ingress controller with Let's Encrypt support keywords: - traefik diff --git a/stable/traefik/README.md b/stable/traefik/README.md index d63ab136f3a9..ec2fb4097100 100644 --- a/stable/traefik/README.md +++ b/stable/traefik/README.md @@ -87,7 +87,7 @@ The following table lists the configurable parameters of the Traefik chart and t | -------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------- | | `fullnameOverride` | Override the full resource names | `{release-name}-traefik` (or traefik if release-name is traefik) | | `image` | Traefik image name | `traefik` | -| `imageTag` | The version of the official Traefik image to use | `1.7.4` | +| `imageTag` | The version of the official Traefik image to use | `1.7.6` | | `serviceType` | A valid Kubernetes service type | `LoadBalancer` | | `loadBalancerIP` | An available static IP you have reserved on your cloud platform | None | | `startupArguments` | A list of startup arguments which are passed to traefik | `[]` | diff --git a/stable/traefik/values.yaml b/stable/traefik/values.yaml index 3abd4f050bd4..d555632af386 100755 --- a/stable/traefik/values.yaml +++ b/stable/traefik/values.yaml @@ -1,6 +1,6 @@ ## Default values for Traefik image: traefik -imageTag: 1.7.4 +imageTag: 1.7.6 ## can switch the service type to NodePort if required serviceType: LoadBalancer # loadBalancerIP: "" From e293b97bc07ecce572625ed86af807259d4367e4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Adam=20Medzi=C5=84ski?= Date: Thu, 20 Dec 2018 15:38:42 +0100 Subject: [PATCH 077/136] [stable/chartmuseum] Fix typo in service labels template condition (#10166) Signed-off-by: Adam Medzinski Signed-off-by: Melissa Palmer --- stable/chartmuseum/Chart.yaml | 2 +- stable/chartmuseum/templates/service.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/chartmuseum/Chart.yaml b/stable/chartmuseum/Chart.yaml index 41278a619c87..071efc840831 100644 --- a/stable/chartmuseum/Chart.yaml +++ b/stable/chartmuseum/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: Host your own Helm Chart Repository name: chartmuseum -version: 1.8.1 +version: 1.8.2 appVersion: 0.8.0 home: https://github.com/helm/chartmuseum icon: https://raw.githubusercontent.com/helm/chartmuseum/master/logo2.png diff --git a/stable/chartmuseum/templates/service.yaml b/stable/chartmuseum/templates/service.yaml index adbf20793723..65ce7a288302 100644 --- a/stable/chartmuseum/templates/service.yaml +++ b/stable/chartmuseum/templates/service.yaml @@ -8,7 +8,7 @@ metadata: {{- end }} labels: {{ include "chartmuseum.labels.standard" . | indent 4 }} -{{- if .Values.service.annotations }} +{{- if .Values.service.labels }} {{ toYaml .Values.service.labels | indent 4 }} {{- end }} {{- if .Values.service.annotations }} From 511ddd641190b771318d3ba7be34ae6bf54f4e5c Mon Sep 17 00:00:00 2001 From: Gabi Maeztu Date: Thu, 20 Dec 2018 16:02:56 +0100 Subject: [PATCH 078/136] Update Kong, reference to image pull secrets (#10164) * Update controller-deployment.yaml Remove legacy reference to imagePullSecrets variable that was renamed to pullSecrets in the last merge and modified from string to list. Signed-off-by: Gabriel de Maeztu * Version bump Signed-off-by: Gabriel de Maeztu Signed-off-by: Melissa Palmer --- stable/kong/Chart.yaml | 2 +- stable/kong/templates/controller-deployment.yaml | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/stable/kong/Chart.yaml b/stable/kong/Chart.yaml index 8257a9fbdf8c..04c57c1a079e 100644 --- a/stable/kong/Chart.yaml +++ b/stable/kong/Chart.yaml @@ -12,5 +12,5 @@ maintainers: name: kong sources: - https://github.com/Kong/kong -version: 0.6.8 +version: 0.6.9 appVersion: 0.14.1 diff --git a/stable/kong/templates/controller-deployment.yaml b/stable/kong/templates/controller-deployment.yaml index 851abd7cb6e9..ced97ea96337 100644 --- a/stable/kong/templates/controller-deployment.yaml +++ b/stable/kong/templates/controller-deployment.yaml @@ -28,10 +28,12 @@ spec: component: "controller" spec: serviceAccountName: {{ template "kong.serviceAccountName" . }} -{{- if .Values.image.imagePullSecrets }} + {{- if .Values.image.pullSecrets }} imagePullSecrets: - - name: {{ .Values.image.imagePullSecrets }} -{{- end }} + {{- range .Values.image.pullSecrets }} + - name: {{ . }} + {{- end }} + {{- end }} initContainers: - name: wait-for-db image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" From 7d36f3aba294135013bf20ac2ff4d65e813db857 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Thu, 20 Dec 2018 17:15:36 +0100 Subject: [PATCH 079/136] [stable/ghost] Release 6.1.8 (#10168) * ghost: update to `2.9.1` Signed-off-by: Bitnami Containers * ghost: updated chart requirements Signed-off-by: Bitnami Containers * ghost: bump chart appVersion to `2.9.1` Signed-off-by: Bitnami Containers * ghost: bump chart version to `6.1.8` Signed-off-by: Bitnami Containers * ghost: update to `2.9.1` Signed-off-by: Bitnami Containers Signed-off-by: Melissa Palmer --- stable/ghost/Chart.yaml | 7 +++---- stable/ghost/requirements.lock | 4 ++-- stable/ghost/values.yaml | 2 +- 3 files changed, 6 insertions(+), 7 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index 93b4ef7cf979..729801ba2586 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,8 +1,7 @@ name: ghost -version: 6.1.7 -appVersion: 2.9.0 -description: A simple, powerful publishing platform that allows you to share your - stories with the world +version: 6.1.8 +appVersion: 2.9.1 +description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: - ghost - blog diff --git a/stable/ghost/requirements.lock b/stable/ghost/requirements.lock index ceb7cda65d2a..b34f20d17a57 100644 --- a/stable/ghost/requirements.lock +++ b/stable/ghost/requirements.lock @@ -1,6 +1,6 @@ dependencies: - name: mariadb repository: https://kubernetes-charts.storage.googleapis.com/ - version: 5.2.4 + version: 5.2.5 digest: sha256:b3053e73f5c114f55a794eccea2606cc9fe8a669eaab1716246994bbdd37a473 -generated: 2018-12-13T16:23:55.916081733Z +generated: 2018-12-20T14:09:15.272113665Z diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index 706bfa7a3137..3e5fa1472dad 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/ghost - tag: 2.9.0 + tag: 2.9.1 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From e9ef1f557b465cf72cd7ce137e0c00c29fd80f34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Thu, 20 Dec 2018 18:13:03 +0100 Subject: [PATCH 080/136] [stable/postgresql] Allow configmaps for configuration and initdb (#10151) * [bitnami/postgresql] Allow configmaps for configuration and initdb Signed-off-by: Javier J. Salmeron Garcia * Change conf.d mountpoint Signed-off-by: Javier J. Salmeron Garcia * Bump version Signed-off-by: Javier J. Salmeron Garcia * Bump minor version Signed-off-by: Javier J. Salmeron Garcia Signed-off-by: Melissa Palmer --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 158 +++++++++--------- stable/postgresql/templates/_helpers.tpl | 38 ++++- stable/postgresql/templates/configmap.yaml | 2 +- .../templates/extended-config-configmap.yaml | 2 +- .../templates/initialization-configmap.yaml | 2 +- .../templates/statefulset-slaves.yaml | 28 ++-- stable/postgresql/templates/statefulset.yaml | 28 ++-- stable/postgresql/values-production.yaml | 11 ++ stable/postgresql/values.yaml | 11 ++ 10 files changed, 166 insertions(+), 116 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index cc88732644c8..ad2094a627d6 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.4.0 +version: 3.5.0 appVersion: 10.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index c72ba1945b68..cc55f8149137 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -45,81 +45,83 @@ The command removes all the Kubernetes components associated with the chart and The following tables lists the configurable parameters of the PostgreSQL chart and their default values. -| Parameter | Description | Default | -|-----------------------------------------------|---------------------------------------------------------|--------------------------------------------------------- | -| `global.imageRegistry` | Global Docker Image registry | `nil` | -| `image.registry` | PostgreSQL Image registry | `docker.io` | -| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | -| `image.tag` | PostgreSQL Image tag | `{VERSION}` | -| `image.pullPolicy` | PostgreSQL Image pull policy | `Always` | -| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `image.debug` | Specify if debug values should be set | `false` | -| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | -| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | -| `volumePermissions.image.tag` | Init container volume-permissions image tag | `latest` | -| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | -| `volumePermissions.enabled` | Enable init container | `true` | -| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | -| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | -| `replication.enabled` | Would you like to enable replication | `false` | -| `replication.user` | Replication user | `repl_user` | -| `replication.password` | Replication user password | `repl_password` | -| `replication.slaveReplicas` | Number of slaves replicas | `1` | -| `existingSecret` | Name of existing secret to use for PostgreSQL passwords | `nil` | -| `postgresqlUsername` | PostgreSQL admin user | `postgres` | -| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | -| `postgresqlDatabase` | PostgreSQL database | `nil` | -| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | -| `pgHbaConfiguration` | Content of pg\_hba.conf | `nil (do not create pg_hba.conf)` | -| `initdbScripts` | List of initdb scripts | `nil` | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.port` | PostgreSQL port | `5432` | -| `service.nodePort` | Kubernetes Service nodePort | `nil` | -| `service.annotations` | Annotations for PostgreSQL service | {} | -| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` | `nil` | -| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | -| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | -| `persistence.accessMode` | PVC Access Mode for PostgreSQL volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | -| `persistence.annotations` | Annotations for the PVC | `{}` | -| `master.nodeSelector` | Node labels for pod assignment (master nodes) | `{}` | -| `master.affinity` | Affinity labels for pod assignment (master nodes) | `{}` | -| `master.tolerations` | Toleration labels for pod assignment (master nodes) | `[]` | -| `slave.nodeSelector` | Node labels for pod assignment (slave nodes) | `{}` | -| `slave.affinity` | Affinity labels for pod assignment (slave nodes) | `{}` | -| `slave.tolerations` | Toleration labels for pod assignment (slave nodes) | `[]` | -| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | -| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | -| `securityContext.enabled` | Enable security context | `true` | -| `securityContext.fsGroup` | Group ID for the container | `1001` | -| `securityContext.runAsUser` | User ID for the container | `1001` | -| `livenessProbe.enabled` | Would you like a livessProbed to be enabled | `true` | -| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | -| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | -| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | -| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `6` | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | `1` | -| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | -| `readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | -| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | -| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `6` | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | `1` | -| `metrics.enabled` | Start a prometheus exporter | `false` | -| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | -| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{}` | -| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | -| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` | -| `metrics.image.repository` | PostgreSQL Image name | `wrouesnel/postgres_exporter` | -| `metrics.image.tag` | PostgreSQL Image tag | `{VERSION}` | -| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | -| `extraEnv` | Any extra environment variables you would like to pass on to the pod | `{}` | -| `updateStrategy` | Update strategy policy | `{type: "onDelete"}` | +| Parameter | Description | Default | +|-----------------------------------------------|------------------------------------------------------------------------------------------------------------------------|----------------------------------------------------------| +| `global.imageRegistry` | Global Docker Image registry | `nil` | +| `image.registry` | PostgreSQL Image registry | `docker.io` | +| `image.repository` | PostgreSQL Image name | `bitnami/postgresql` | +| `image.tag` | PostgreSQL Image tag | `{VERSION}` | +| `image.pullPolicy` | PostgreSQL Image pull policy | `Always` | +| `image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug values should be set | `false` | +| `volumePermissions.image.registry` | Init container volume-permissions image registry | `docker.io` | +| `volumePermissions.image.repository` | Init container volume-permissions image name | `bitnami/minideb` | +| `volumePermissions.image.tag` | Init container volume-permissions image tag | `latest` | +| `volumePermissions.image.pullPolicy` | Init container volume-permissions image pull policy | `Always` | +| `volumePermissions.securityContext.runAsUser` | User ID for the init container | `0` | +| `usePasswordFile` | Have the secrets mounted as a file instead of env vars | `false` | +| `replication.enabled` | Would you like to enable replication | `false` | +| `replication.user` | Replication user | `repl_user` | +| `replication.password` | Replication user password | `repl_password` | +| `replication.slaveReplicas` | Number of slaves replicas | `1` | +| `existingSecret` | Name of existing secret to use for PostgreSQL passwords | `nil` | +| `postgresqlUsername` | PostgreSQL admin user | `postgres` | +| `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | +| `postgresqlDatabase` | PostgreSQL database | `nil` | +| `postgresqlConfiguration` | Runtime Config Parameters | `nil` | +| `pgHbaConfiguration` | Content of pg\_hba.conf | `nil (do not create pg_hba.conf)` | +| `configurationConfigMap` | ConfigMap with the PostgreSQL configuration files (Note: Overrides `postgresqlConfiguration` and `pgHbaConfiguration`) | `nil` | +| `extendedConfConfigMap` | ConfigMap with the extended PostgreSQL configuration files | `nil` | +| `initdbScripts` | List of initdb scripts | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.port` | PostgreSQL port | `5432` | +| `service.nodePort` | Kubernetes Service nodePort | `nil` | +| `service.annotations` | Annotations for PostgreSQL service | {} | +| `service.loadBalancerIP` | loadBalancerIP if service type is `LoadBalancer` | `nil` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.existingClaim` | Provide an existing `PersistentVolumeClaim` | `nil` | +| `persistence.mountPath` | Path to mount the volume at | `/bitnami/postgresql` | +| `persistence.storageClass` | PVC Storage Class for PostgreSQL volume | `nil` | +| `persistence.accessMode` | PVC Access Mode for PostgreSQL volume | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request for PostgreSQL volume | `8Gi` | +| `persistence.annotations` | Annotations for the PVC | `{}` | +| `master.nodeSelector` | Node labels for pod assignment (postgresql master) | `{}` | +| `master.affinity` | Affinity labels for pod assignment (postgresql master) | `{}` | +| `master.tolerations` | Toleration labels for pod assignment (postgresql master) | `[]` | +| `slave.nodeSelector` | Node labels for pod assignment (postgresql slave) | `{}` | +| `slave.affinity` | Affinity labels for pod assignment (postgresql slave) | `{}` | +| `slave.tolerations` | Toleration labels for pod assignment (postgresql slave) | `[]` | +| `terminationGracePeriodSeconds` | Seconds the pod needs to terminate gracefully | `nil` | +| `resources` | CPU/Memory resource requests/limits | Memory: `256Mi`, CPU: `250m` | +| `securityContext.enabled` | Enable security context | `true` | +| `securityContext.fsGroup` | Group ID for the container | `1001` | +| `securityContext.runAsUser` | User ID for the container | `1001` | +| `livenessProbe.enabled` | Would you like a livessProbed to be enabled | `true` | +| `networkPolicy.enabled` | Enable NetworkPolicy | `false` | +| `networkPolicy.allowExternal` | Don't require client label for connections | `true` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 30 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 10 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `readinessProbe.enabled` | would you like a readinessProbe to be enabled | `true` | +| `readinessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 5 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 10 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed | 1 | +| `metrics.enabled` | Start a prometheus exporter | `false` | +| `metrics.service.type` | Kubernetes Service type | `ClusterIP` | +| `metrics.service.annotations` | Additional annotations for metrics exporter pod | `{}` | +| `metrics.service.loadBalancerIP` | loadBalancerIP if redis metrics service type is `LoadBalancer` | `nil` | +| `metrics.image.registry` | PostgreSQL Image registry | `docker.io` | +| `metrics.image.repository` | PostgreSQL Image name | `wrouesnel/postgres_exporter` | +| `metrics.image.tag` | PostgreSQL Image tag | `{VERSION}` | +| `metrics.image.pullPolicy` | PostgreSQL Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify Image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `extraEnv` | Any extra environment variables you would like to pass on to the pod | `{}` | +| `updateStrategy` | Update strategy policy | `{type: "onDelete"}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -147,17 +149,23 @@ Add your custom file to "files/postgresql.conf" in your working directory. This Alternatively, you can specify PostgreSQL configuration parameters using the `postgresqlConfiguration` parameter as a dict, using camelCase, e.g. {"sharedBuffers": "500MB"}. +In addition to these options, you can also set an external ConfigMap with all the configuration files. This is done by setting the `configurationConfigMap` parameter. Note that this will override the two previous options. + ### Allow settings to be loaded from files other than the default `postgresql.conf` If you don't want to provide the whole PostgreSQL configuration file and only specify certain parameters, you can add your extended `.conf` files to "files/conf.d/" in your working directory. Those files will be mounted as configMap to the containers adding/overwriting the default configuration using the `include_dir` directive that allows settings to be loaded from files other than the default `postgresql.conf`. +Alternatively, you can also set an external ConfigMap with all the extra configuration files. This is done by setting the `extendedConfConfigMap` parameter. Note that this will override the previous option. + ## Initialize a fresh instance The [Bitnami PostgreSQL](https://github.com/bitnami/bitnami-docker-postgresql) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. + The allowed extensions are `.sh`, `.sql` and `.sql.gz`. ## Production and horizontal scaling diff --git a/stable/postgresql/templates/_helpers.tpl b/stable/postgresql/templates/_helpers.tpl index ef27a0582ff6..e07e820580bb 100644 --- a/stable/postgresql/templates/_helpers.tpl +++ b/stable/postgresql/templates/_helpers.tpl @@ -111,10 +111,42 @@ Return the proper PostgreSQL metrics image name Get the password secret. */}} {{- define "postgresql.secretName" -}} -{{- $secretName := include "postgresql.fullname" . -}} {{- if .Values.existingSecret -}} -{{ $secretName := .Values.existingSecret -}} +{{- printf "%s" .Values.existingSecret -}} {{- else -}} -{{- printf "%s" $secretName -}} +{{- printf "%s" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the configuration ConfigMap name. +*/}} +{{- define "postgresql.configurationCM" -}} +{{- if .Values.configurationConfigMap -}} +{{- printf "%s" .Values.configurationConfigMap -}} +{{- else -}} +{{- printf "%s-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the extended configuration ConfigMap name. +*/}} +{{- define "postgresql.extendedConfigurationCM" -}} +{{- if .Values.extendedConfConfigMap -}} +{{- printf "%s" .Values.extendedConfConfigMap -}} +{{- else -}} +{{- printf "%s-extended-configuration" (include "postgresql.fullname" .) -}} +{{- end -}} +{{- end -}} + +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "postgresql.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "postgresql.fullname" .) -}} {{- end -}} {{- end -}} diff --git a/stable/postgresql/templates/configmap.yaml b/stable/postgresql/templates/configmap.yaml index 7c18c01c5512..d2178c077e53 100644 --- a/stable/postgresql/templates/configmap.yaml +++ b/stable/postgresql/templates/configmap.yaml @@ -1,4 +1,4 @@ -{{ if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration}} +{{ if and (or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration) (not .Values.configurationConfigMap) }} apiVersion: v1 kind: ConfigMap metadata: diff --git a/stable/postgresql/templates/extended-config-configmap.yaml b/stable/postgresql/templates/extended-config-configmap.yaml index 5c232a0c75bf..8b92b3ce3707 100644 --- a/stable/postgresql/templates/extended-config-configmap.yaml +++ b/stable/postgresql/templates/extended-config-configmap.yaml @@ -1,4 +1,4 @@ -{{- if (.Files.Glob "files/conf.d/*.conf") }} +{{- if and (.Files.Glob "files/conf.d/*.conf") (not .Values.extendedConfConfigMap)}} apiVersion: v1 kind: ConfigMap metadata: diff --git a/stable/postgresql/templates/initialization-configmap.yaml b/stable/postgresql/templates/initialization-configmap.yaml index b54e6c3317c2..9565de7fff93 100644 --- a/stable/postgresql/templates/initialization-configmap.yaml +++ b/stable/postgresql/templates/initialization-configmap.yaml @@ -1,4 +1,4 @@ -{{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") }} +{{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") (not .Values.initdbScriptsConfigMap) }} apiVersion: v1 kind: ConfigMap metadata: diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml index 77e01542078b..c862c17ec3aa 100644 --- a/stable/postgresql/templates/statefulset-slaves.yaml +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -142,19 +142,13 @@ spec: - name: data mountPath: /bitnami/postgresql {{ end }} - {{ if or (.Files.Glob "files/postgresql.conf") .Values.postgresqlConfiguration }} - - name: postgresql-config - mountPath: /opt/bitnami/postgresql/conf/postgresql.conf - subPath: postgresql.conf - {{ end }} - {{ if or (.Files.Glob "files/pg_hba.conf") .Values.pgHbaConfiguration }} - - name: postgresql-config - mountPath: /opt/bitnami/postgresql/conf/pg_hba.conf - subPath: pg_hba.conf - {{ end }} - {{- if (.Files.Glob "files/conf.d/*.conf") }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.extendedConfConfigMap }} - name: postgresql-extended-config - mountPath: /opt/bitnami/postgresql/conf/conf.d/ + mountPath: /bitnami/postgresql/conf/conf.d/ + {{- end }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} + - name: postgresql-config + mountPath: /bitnami/postgresql/conf {{- end }} volumes: {{- if .Values.usePasswordFile }} @@ -162,15 +156,15 @@ spec: secret: secretName: {{ template "postgresql.secretName" . }} {{ end }} - {{ if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - name: postgresql-config configMap: - name: {{ template "postgresql.fullname" . }}-configuration - {{ end }} - {{- if (.Files.Glob "files/conf.d/*.conf") }} + name: {{ template "postgresql.configurationCM" . }} + {{- end }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.extendedConfConfigMap }} - name: postgresql-extended-config configMap: - name: {{ template "postgresql.fullname" . }}-extended-configuration + name: {{ template "postgresql.extendedConfigurationCM" . }} {{- end }} updateStrategy: type: {{ .Values.updateStrategy.type }} diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index d7291f083ed6..3c7ac8429889 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -155,13 +155,13 @@ spec: failureThreshold: {{ .Values.readinessProbe.failureThreshold }} {{- end }} volumeMounts: - {{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap }} - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d {{- end }} - {{- if (.Files.Glob "files/conf.d/*.conf") }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.extendedConfConfigMap }} - name: postgresql-extended-config - mountPath: /opt/bitnami/postgresql/conf/conf.d/ + mountPath: /bitnami/postgresql/conf/conf.d/ {{- end }} {{- if .Values.usePasswordFile }} - name: postgresql-password @@ -171,15 +171,9 @@ spec: - name: data mountPath: {{ .Values.persistence.mountPath }} {{- end }} - {{- if or (.Files.Glob "files/postgresql.conf") .Values.postgresqlConfiguration }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap }} - name: postgresql-config - mountPath: /opt/bitnami/postgresql/conf/postgresql.conf - subPath: postgresql.conf - {{- end }} - {{- if or (.Files.Glob "files/pg_hba.conf") .Values.pgHbaConfiguration }} - - name: postgresql-config - mountPath: /opt/bitnami/postgresql/conf/pg_hba.conf - subPath: pg_hba.conf + mountPath: /bitnami/postgresql/conf {{- end }} {{- if .Values.metrics.enabled }} - name: metrics @@ -235,25 +229,25 @@ spec: {{ toYaml .Values.metrics.resources | indent 10 }} {{- end }} volumes: - {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration }} + {{- if or (.Files.Glob "files/postgresql.conf") (.Files.Glob "files/pg_hba.conf") .Values.postgresqlConfiguration .Values.pgHbaConfiguration .Values.configurationConfigMap}} - name: postgresql-config configMap: - name: {{ template "postgresql.fullname" . }}-configuration + name: {{ template "postgresql.configurationCM" . }} {{- end }} - {{- if (.Files.Glob "files/conf.d/*.conf") }} + {{- if or (.Files.Glob "files/conf.d/*.conf") .Values.extendedConfConfigMap }} - name: postgresql-extended-config configMap: - name: {{ template "postgresql.fullname" . }}-extended-configuration + name: {{ template "postgresql.extendedConfigurationCM" . }} {{- end }} {{- if .Values.usePasswordFile }} - name: postgresql-password secret: secretName: {{ template "postgresql.secretName" . }} {{- end }} - {{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap }} - name: custom-init-scripts configMap: - name: {{ template "postgresql.fullname" . }}-init-scripts + name: {{ template "postgresql.initdbScriptsCM" . }} {{- end }} {{- if and .Values.persistence.enabled .Values.persistence.existingClaim }} - name: data diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index 6ec8cb4226fa..4868be2d9b82 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -99,6 +99,13 @@ postgresqlUsername: postgres # host all all localhost trust # host mydatabase mysuser 192.168.0.0/24 md5 +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + ## initdb scripts ## Specify dictionnary of scripts to be run at first boot ## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory @@ -108,6 +115,10 @@ postgresqlUsername: postgres # #!/bin/sh # echo "Do something." +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: + ## PostgreSQL service configuration service: ## PosgresSQL service type diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index aaba4d6e8a13..3666d232c090 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -99,6 +99,13 @@ postgresqlUsername: postgres # host all all localhost trust # host mydatabase mysuser 192.168.0.0/24 md5 +## ConfigMap with PostgreSQL configuration +## NOTE: This will override postgresqlConfiguration and pgHbaConfiguration +# configurationConfigMap: + +## ConfigMap with PostgreSQL extended configuration +# extendedConfConfigMap: + ## initdb scripts ## Specify dictionnary of scripts to be run at first boot ## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory @@ -107,6 +114,10 @@ postgresqlUsername: postgres # my_init_script.sh:| # #!/bin/sh # echo "Do something." +# +## ConfigMap with scripts to be run at first boot +## NOTE: This will override initdbScripts +# initdbScriptsConfigMap: ## Optional duration in seconds the pod needs to terminate gracefully. ## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods From df1f4c30279457c7c96de8247e92a1f9ddf33292 Mon Sep 17 00:00:00 2001 From: Eric Greer Date: Thu, 20 Dec 2018 10:08:38 -0800 Subject: [PATCH 081/136] refactor env vars (#10158) Signed-off-by: Eric Greer Signed-off-by: Melissa Palmer --- stable/kuberhealthy/Chart.yaml | 2 +- stable/kuberhealthy/templates/deployment.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/kuberhealthy/Chart.yaml b/stable/kuberhealthy/Chart.yaml index a5d793ff0fe8..2fb9795c73f4 100644 --- a/stable/kuberhealthy/Chart.yaml +++ b/stable/kuberhealthy/Chart.yaml @@ -3,7 +3,7 @@ appVersion: "0.1.1" home: https://comcast.github.io/kuberhealthy/ description: The official Helm chart for Kuberhealthy. name: kuberhealthy -version: 0.1.1 +version: 0.1.2 maintainers: - name: integrii email: eric.greer@comcast.com diff --git a/stable/kuberhealthy/templates/deployment.yaml b/stable/kuberhealthy/templates/deployment.yaml index ae4820372a35..6ad4e85c8be9 100644 --- a/stable/kuberhealthy/templates/deployment.yaml +++ b/stable/kuberhealthy/templates/deployment.yaml @@ -41,11 +41,11 @@ spec: timeoutSeconds: 1 name: {{ template "kuberhealthy.name" . }} env: - - name: MY_POD_NAME + - name: POD_NAME valueFrom: fieldRef: fieldPath: metadata.name - - name: MY_POD_NAMESPACE + - name: POD_NAMESPACE valueFrom: fieldRef: fieldPath: metadata.namespace From 37f8993dcafcfc40390549d04564c122e362838e Mon Sep 17 00:00:00 2001 From: Steven Sheehy Date: Thu, 20 Dec 2018 15:22:17 -0600 Subject: [PATCH 082/136] [stable/rabbitmq-ha] Update maintainers (#10179) Signed-off-by: Steven Sheehy Signed-off-by: Melissa Palmer --- stable/rabbitmq-ha/Chart.yaml | 6 +++--- stable/rabbitmq-ha/OWNERS | 5 +++++ 2 files changed, 8 insertions(+), 3 deletions(-) create mode 100644 stable/rabbitmq-ha/OWNERS diff --git a/stable/rabbitmq-ha/Chart.yaml b/stable/rabbitmq-ha/Chart.yaml index 674f17420229..961bf3218f62 100644 --- a/stable/rabbitmq-ha/Chart.yaml +++ b/stable/rabbitmq-ha/Chart.yaml @@ -1,7 +1,7 @@ name: rabbitmq-ha apiVersion: v1 appVersion: 3.7.8 -version: 1.14.3 +version: 1.14.4 description: Highly available RabbitMQ cluster, the open source message broker software that implements the Advanced Message Queuing Protocol (AMQP). keywords: @@ -17,5 +17,5 @@ sources: - https://github.com/rabbitmq/rabbitmq - https://github.com/docker-library/rabbitmq maintainers: -- name: etiennetremel - email: etienne.tremel@container-solutions.com +- name: steven-sheehy + email: ssheehy@firescope.com diff --git a/stable/rabbitmq-ha/OWNERS b/stable/rabbitmq-ha/OWNERS new file mode 100644 index 000000000000..c7780ce2ca33 --- /dev/null +++ b/stable/rabbitmq-ha/OWNERS @@ -0,0 +1,5 @@ +approvers: + - steven-sheehy +reviewers: + - steven-sheehy + From 255508a3165c38564bad19dd9b32c3eb12b038ba Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Thu, 20 Dec 2018 23:28:35 +0100 Subject: [PATCH 083/136] bump hackmd to 1.2.1-alpine (#10172) Signed-off-by: cpanato Signed-off-by: Melissa Palmer --- stable/hackmd/Chart.yaml | 4 ++-- stable/hackmd/README.md | 2 +- stable/hackmd/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/hackmd/Chart.yaml b/stable/hackmd/Chart.yaml index e22d67f11c80..74f8e6e7dea1 100644 --- a/stable/hackmd/Chart.yaml +++ b/stable/hackmd/Chart.yaml @@ -1,7 +1,7 @@ name: hackmd apiVersion: v1 -version: "0.1.1" -appVersion: "1.0.1" +version: "1.0.0" +appVersion: "1.2.1-alpine" description: Realtime collaborative markdown notes on all platforms. icon: https://hackmd.io/favicon.png keywords: diff --git a/stable/hackmd/README.md b/stable/hackmd/README.md index 9fbcaa404d5c..82ab359dac13 100644 --- a/stable/hackmd/README.md +++ b/stable/hackmd/README.md @@ -28,7 +28,7 @@ Parameter | Description | Default --------- | ----------- | ------- `replicaCount` | How many replicas to run. | 1 `image.repository` | Name of the image to run, without the tag. | [hackmdio/hackmd](https://github.com/hackmdio/docker-hackmd) -`image.tag` | The image tag to use. | 1.0.1-ce +`image.tag` | The image tag to use. | 1.2.1-alpine `image.pullPolicy` | The kubernetes image pull policy. | IfNotPresent `service.name` | The kubernetes service name to use. | hackmd `service.type` | The kubernetes service type to use. | ClusterIP diff --git a/stable/hackmd/values.yaml b/stable/hackmd/values.yaml index 60a8b0400ad7..e9ee2efb5433 100644 --- a/stable/hackmd/values.yaml +++ b/stable/hackmd/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 image: repository: hackmdio/hackmd - tag: 1.0.1-ce-alpine + tag: 1.2.1-alpine pullPolicy: IfNotPresent service: From 56f4d5cc32b639650fb39cd7e950aacd51b8fc4e Mon Sep 17 00:00:00 2001 From: Ben Drucker Date: Thu, 20 Dec 2018 14:36:23 -0800 Subject: [PATCH 084/136] [stable/sumologic-fluentd] Set node name to improve pod caching (#10148) Signed-off-by: Ben Drucker Signed-off-by: Melissa Palmer --- stable/sumologic-fluentd/Chart.yaml | 2 +- stable/sumologic-fluentd/templates/daemonset.yaml | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/stable/sumologic-fluentd/Chart.yaml b/stable/sumologic-fluentd/Chart.yaml index baad9205d746..e00e20c9b50f 100755 --- a/stable/sumologic-fluentd/Chart.yaml +++ b/stable/sumologic-fluentd/Chart.yaml @@ -1,5 +1,5 @@ name: sumologic-fluentd -version: 0.8.0 +version: 0.8.1 appVersion: 2.1.0 description: Sumologic Log Collector keywords: diff --git a/stable/sumologic-fluentd/templates/daemonset.yaml b/stable/sumologic-fluentd/templates/daemonset.yaml index 4061a06a3a7b..f950a6a7b5ec 100644 --- a/stable/sumologic-fluentd/templates/daemonset.yaml +++ b/stable/sumologic-fluentd/templates/daemonset.yaml @@ -61,6 +61,10 @@ spec: secretKeyRef: name: "{{ template "sumologic-fluentd.fullname" . }}" key: collector-url + - name: K8S_NODE_NAME + valueFrom: + fieldRef: + fieldPath: spec.nodeName - name: FLUENTD_SOURCE value: {{ quote .Values.sumologic.fluentdSource }} {{- if .Values.sumologic.fluentdUserConfigDir }} From f624e55fb91da4372a76e845a52e384da1e16c5b Mon Sep 17 00:00:00 2001 From: Sheroy Marker Date: Thu, 20 Dec 2018 14:47:29 -0800 Subject: [PATCH 085/136] Remove namespace list permission (#10117) * Removes the namespace list permission for the service account being created. Signed-off-by: Sheroy Marker * Updates the changelog Signed-off-by: Sheroy Marker * bump version Signed-off-by: David J. M. Karlsen Signed-off-by: Melissa Palmer --- stable/gocd/CHANGELOG.md | 4 ++++ stable/gocd/Chart.yaml | 2 +- stable/gocd/templates/gocd-ea-cluster-role.yaml | 2 +- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/stable/gocd/CHANGELOG.md b/stable/gocd/CHANGELOG.md index f7daa15d4089..c6f4f2bad606 100644 --- a/stable/gocd/CHANGELOG.md +++ b/stable/gocd/CHANGELOG.md @@ -1,3 +1,7 @@ +### 1.5.12 +* [72aa74f1](https://github.com/kubernetes/charts/commit/72aa74f1): + - Removes the namespace list permission for the service account being created. + ### 1.5.11 * [a8f4e6c9](https://github.com/kubernetes/charts/commit/a8f4e6c9): - Bump up GoCD app version to 18.12.0 diff --git a/stable/gocd/Chart.yaml b/stable/gocd/Chart.yaml index 24ad96d95fb3..5186076532a1 100644 --- a/stable/gocd/Chart.yaml +++ b/stable/gocd/Chart.yaml @@ -1,6 +1,6 @@ name: gocd home: https://www.gocd.org/ -version: 1.5.11 +version: 1.5.12 appVersion: 18.12.0 description: GoCD is an open-source continuous delivery server to model and visualize complex workflows with ease. icon: https://gocd.github.io/assets/images/go-icon-black-192x192.png diff --git a/stable/gocd/templates/gocd-ea-cluster-role.yaml b/stable/gocd/templates/gocd-ea-cluster-role.yaml index bc21bbc3a1a8..244aa350a018 100644 --- a/stable/gocd/templates/gocd-ea-cluster-role.yaml +++ b/stable/gocd/templates/gocd-ea-cluster-role.yaml @@ -25,5 +25,5 @@ rules: - apiGroups: [""] resources: - namespaces - verbs: ["list", "get"] + verbs: ["get"] {{ end }} From 9af8cfaa168faabb9484e2dd4c28db77e6f8ef97 Mon Sep 17 00:00:00 2001 From: bzub Date: Thu, 20 Dec 2018 16:58:17 -0600 Subject: [PATCH 086/136] [stable/docker-registry] Use static container/daemon port (#10114) * Use static container/daemon port This commit ensures the container/daemon port is constant (5000), while the service port is configurable with the service.port value. Fixes #10113 Signed-off-by: bzub * bump version Signed-off-by: David J. M. Karlsen Signed-off-by: Melissa Palmer --- stable/docker-registry/Chart.yaml | 2 +- stable/docker-registry/templates/NOTES.txt | 2 +- stable/docker-registry/templates/deployment.yaml | 6 +++--- stable/docker-registry/templates/service.yaml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/stable/docker-registry/Chart.yaml b/stable/docker-registry/Chart.yaml index 86016f5f53c8..1202b629cbfb 100644 --- a/stable/docker-registry/Chart.yaml +++ b/stable/docker-registry/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 description: A Helm chart for Docker Registry name: docker-registry -version: 1.6.2 +version: 1.6.3 appVersion: 2.6.2 home: https://hub.docker.com/_/registry/ icon: https://hub.docker.com/public/images/logos/mini-logo.svg diff --git a/stable/docker-registry/templates/NOTES.txt b/stable/docker-registry/templates/NOTES.txt index 5ae3f772390f..16bcf538d35b 100644 --- a/stable/docker-registry/templates/NOTES.txt +++ b/stable/docker-registry/templates/NOTES.txt @@ -15,5 +15,5 @@ {{- else if contains "ClusterIP" .Values.service.type }} export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app={{ template "docker-registry.name" . }},release={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") echo "Visit http://127.0.0.1:8080 to use your application" - kubectl port-forward $POD_NAME 8080:{{ .Values.service.port }} + kubectl port-forward $POD_NAME 8080:5000 {{- end }} diff --git a/stable/docker-registry/templates/deployment.yaml b/stable/docker-registry/templates/deployment.yaml index 669a6a4ac0ec..163b0d6da588 100644 --- a/stable/docker-registry/templates/deployment.yaml +++ b/stable/docker-registry/templates/deployment.yaml @@ -46,21 +46,21 @@ spec: - serve - /etc/docker/registry/config.yml ports: - - containerPort: {{ .Values.service.port }} + - containerPort: 5000 livenessProbe: httpGet: {{- if .Values.tlsSecretName }} scheme: HTTPS {{- end }} path: / - port: {{ .Values.service.port }} + port: 5000 readinessProbe: httpGet: {{- if .Values.tlsSecretName }} scheme: HTTPS {{- end }} path: / - port: {{ .Values.service.port }} + port: 5000 resources: {{ toYaml .Values.resources | indent 12 }} env: diff --git a/stable/docker-registry/templates/service.yaml b/stable/docker-registry/templates/service.yaml index 3f12f4699390..141402080584 100644 --- a/stable/docker-registry/templates/service.yaml +++ b/stable/docker-registry/templates/service.yaml @@ -20,7 +20,7 @@ spec: - port: {{ .Values.service.port }} protocol: TCP name: {{ .Values.service.name }} - targetPort: {{ .Values.service.port }} + targetPort: 5000 {{- if (and (eq .Values.service.type "NodePort") (not (empty .Values.service.nodePort))) }} nodePort: {{ .Values.service.nodePort }} {{- end }} From 97ed961b445eafb14e32f3b8596a9986aeabbd44 Mon Sep 17 00:00:00 2001 From: "David J. M. Karlsen" Date: Fri, 21 Dec 2018 00:09:18 +0100 Subject: [PATCH 087/136] upgrade prometheus (#10163) Signed-off-by: David J. M. Karlsen Signed-off-by: Melissa Palmer --- stable/prometheus/Chart.yaml | 4 ++-- stable/prometheus/README.md | 2 +- stable/prometheus/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/prometheus/Chart.yaml b/stable/prometheus/Chart.yaml index 28543d2f73b7..12fddcbbaa32 100755 --- a/stable/prometheus/Chart.yaml +++ b/stable/prometheus/Chart.yaml @@ -1,6 +1,6 @@ name: prometheus -version: 8.2.0 -appVersion: 2.5.0 +version: 8.3.0 +appVersion: 2.6.0 description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ icon: https://raw.githubusercontent.com/prometheus/prometheus.github.io/master/assets/prometheus_logo-cb55bb5c346.png diff --git a/stable/prometheus/README.md b/stable/prometheus/README.md index 550452f0f2ad..6482f96119fb 100644 --- a/stable/prometheus/README.md +++ b/stable/prometheus/README.md @@ -224,7 +224,7 @@ Parameter | Description | Default `rbac.create` | If true, create & use RBAC resources | `true` `server.name` | Prometheus server container name | `server` `server.image.repository` | Prometheus server container image repository | `prom/prometheus` -`server.image.tag` | Prometheus server container image tag | `v2.5.0` +`server.image.tag` | Prometheus server container image tag | `v2.6.0` `server.image.pullPolicy` | Prometheus server container image pull policy | `IfNotPresent` `server.enableAdminApi` | If true, Prometheus administrative HTTP API will be enabled. Please note, that you should take care of administrative API access protection (ingress or some frontend Nginx with auth) before enabling it. | `false` `server.global.scrape_interval` | How frequently to scrape targets by default | `1m` diff --git a/stable/prometheus/values.yaml b/stable/prometheus/values.yaml index 6714c684b790..5d92024cc0c6 100644 --- a/stable/prometheus/values.yaml +++ b/stable/prometheus/values.yaml @@ -506,7 +506,7 @@ server: ## image: repository: prom/prometheus - tag: v2.5.0 + tag: v2.6.0 pullPolicy: IfNotPresent ## prometheus server priorityClassName From 2c05b4d0bffe84e8d82b1d5bf3b340e3893a5ab9 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Fri, 21 Dec 2018 00:18:41 +0100 Subject: [PATCH 088/136] bump envoy to 1.8.0 (#10170) Signed-off-by: cpanato Signed-off-by: Melissa Palmer --- stable/envoy/Chart.yaml | 4 ++-- stable/envoy/values.yaml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/envoy/Chart.yaml b/stable/envoy/Chart.yaml index 5fa3cb43984f..341d702f512c 100755 --- a/stable/envoy/Chart.yaml +++ b/stable/envoy/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: Envoy is an open source edge and service proxy, designed for cloud-native applications. name: envoy -version: 1.1.2 -appVersion: 1.6 +version: 1.2.0 +appVersion: 1.8.0 keywords: - envoy - proxy diff --git a/stable/envoy/values.yaml b/stable/envoy/values.yaml index c45b0775f787..d86b65630209 100644 --- a/stable/envoy/values.yaml +++ b/stable/envoy/values.yaml @@ -14,8 +14,8 @@ strategy: | image: repository: envoyproxy/envoy-alpine - tag: 952c5e1db91b6bcc1c11a0c8316d6b11bbcc3657 - ## ^ ref: https://github.com/envoyproxy/envoy/commit/952c5e1db91b6bcc1c11a0c8316d6b11bbcc3657 + tag: 3b75abab717f2c824d3b32b1afcf3383a8cb65ff + ## ^ ref: https://github.com/envoyproxy/envoy/commit/3b75abab717f2c824d3b32b1afcf3383a8cb65ff pullPolicy: IfNotPresent command: From 86011dfd6afa7bcbdaff9700971544a38f90f6b0 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Fri, 21 Dec 2018 00:27:54 +0100 Subject: [PATCH 089/136] bump gce-ingress to 1.4.0 (#10171) Signed-off-by: cpanato Signed-off-by: Melissa Palmer --- stable/gce-ingress/Chart.yaml | 4 ++-- stable/gce-ingress/README.md | 2 +- stable/gce-ingress/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/gce-ingress/Chart.yaml b/stable/gce-ingress/Chart.yaml index 732bbac967e5..dc12142511f2 100644 --- a/stable/gce-ingress/Chart.yaml +++ b/stable/gce-ingress/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: "1.1.1" +appVersion: "1.4.0" description: A GCE Ingress Controller name: gce-ingress -version: 1.0.0 +version: 1.1.0 keywords: - ingress - gce diff --git a/stable/gce-ingress/README.md b/stable/gce-ingress/README.md index 59502ae491e4..7e86ea5fabd2 100644 --- a/stable/gce-ingress/README.md +++ b/stable/gce-ingress/README.md @@ -47,7 +47,7 @@ Parameter | Description | Default --- | --- | --- `controller.name` | name of the controller component | `controller` `controller.image.repository` | controller container image repository | `k8s.gcr.io/ingress-gce-glbc-amd64` -`controller.image.tag` | controller container image tag | `v1.1.1` +`controller.image.tag` | controller container image tag | `v1.4.0` `controller.image.pullPolicy` | controller container image pull policy | `IfNotPresent` `controller.config` | gce ConfigMap entries | none `controller.tolerations` | node taints to tolerate (requires Kubernetes >=1.6) | `[]` diff --git a/stable/gce-ingress/values.yaml b/stable/gce-ingress/values.yaml index 29ffc546c7ce..c32181402a86 100644 --- a/stable/gce-ingress/values.yaml +++ b/stable/gce-ingress/values.yaml @@ -46,7 +46,7 @@ controller: replicaCount: 1 image: repository: k8s.gcr.io/ingress-gce-glbc-amd64 - tag: v1.1.1 + tag: v1.4.0 pullPolicy: IfNotPresent resources: {} # requests: From 85708f35c0c17931b6cea6c42f8c4f82e797cc9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Fri, 21 Dec 2018 01:14:02 +0100 Subject: [PATCH 090/136] [stable/postgresql] Add read-only connection to the replica slaves (#10186) Signed-off-by: Javier J. Salmeron Garcia Signed-off-by: Melissa Palmer --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/templates/NOTES.txt | 6 +++-- stable/postgresql/templates/svc-read.yaml | 31 +++++++++++++++++++++++ 3 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 stable/postgresql/templates/svc-read.yaml diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index ad2094a627d6..0ad9aa0e8b0a 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.5.0 +version: 3.6.0 appVersion: 10.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/templates/NOTES.txt b/stable/postgresql/templates/NOTES.txt index 329f5eaf1e1c..41c22104910e 100644 --- a/stable/postgresql/templates/NOTES.txt +++ b/stable/postgresql/templates/NOTES.txt @@ -19,8 +19,10 @@ PostgreSQL can be accessed via port 5432 on the following DNS name from within your cluster: - {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - + {{ template "postgresql.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local - Read/Write connection +{{- if .Values.replication.enabled }} + {{ template "postgresql.fullname" . }}-read.{{ .Release.Namespace }}.svc.cluster.local - Read only connection +{{- end }} To get the password for "{{ .Values.postgresqlUsername }}" run: export POSTGRESQL_PASSWORD=$(kubectl get secret --namespace {{ .Release.Namespace }} {{ if .Values.existingSecret }}{{ .Values.existingSecret }}{{ else }}{{ template "postgresql.fullname" . }}{{ end }} -o jsonpath="{.data.postgresql-password}" | base64 --decode) diff --git a/stable/postgresql/templates/svc-read.yaml b/stable/postgresql/templates/svc-read.yaml new file mode 100644 index 000000000000..6b2de778ab0b --- /dev/null +++ b/stable/postgresql/templates/svc-read.yaml @@ -0,0 +1,31 @@ +{{- if .Values.replication.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ template "postgresql.fullname" . }}-read + labels: + app: {{ template "postgresql.name" . }} + chart: {{ template "postgresql.chart" . }} + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} +{{- with .Values.service.annotations }} + annotations: +{{ toYaml . | indent 4 }} +{{- end }} +spec: + type: {{ .Values.service.type }} + {{- if and .Values.service.loadBalancerIP (eq .Values.service.type "LoadBalancer") }} + loadBalancerIP: {{ .Values.service.loadBalancerIP }} + {{- end }} + ports: + - name: postgresql + port: {{ .Values.service.port }} + targetPort: postgresql + {{- if .Values.service.nodePort }} + nodePort: {{ .Values.service.nodePort }} + {{- end }} + selector: + app: {{ template "postgresql.name" . }} + release: {{ .Release.Name | quote }} + role: slave +{{- end }} From 05d13695ebc844a2deb6c324c5d0320540ad77eb Mon Sep 17 00:00:00 2001 From: Joost Coelingh <36152689+joostcoelingh@users.noreply.github.com> Date: Fri, 21 Dec 2018 09:21:54 +0100 Subject: [PATCH 091/136] [stable/nfs-client-provisioner] Fix deployment to use nodeSelector, affinity and toleration properties (#10193) (#10194) Signed-off-by: Joost Coelingh Signed-off-by: Melissa Palmer --- stable/nfs-client-provisioner/Chart.yaml | 2 +- stable/nfs-client-provisioner/README.md | 4 ++++ .../templates/deployment.yaml | 16 ++++++++++++++++ 3 files changed, 21 insertions(+), 1 deletion(-) diff --git a/stable/nfs-client-provisioner/Chart.yaml b/stable/nfs-client-provisioner/Chart.yaml index 78a4a8e9118d..ba0d9997eca0 100644 --- a/stable/nfs-client-provisioner/Chart.yaml +++ b/stable/nfs-client-provisioner/Chart.yaml @@ -3,7 +3,7 @@ appVersion: 3.1.0 description: nfs-client is an automatic provisioner that used your *already configured* NFS server, automatically creating Persistent Volumes. name: nfs-client-provisioner home: https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client -version: 1.2.0 +version: 1.2.1 sources: - https://github.com/kubernetes-incubator/external-storage/tree/master/nfs-client maintainers: diff --git a/stable/nfs-client-provisioner/README.md b/stable/nfs-client-provisioner/README.md index fd2b23c98967..96348514aa4c 100644 --- a/stable/nfs-client-provisioner/README.md +++ b/stable/nfs-client-provisioner/README.md @@ -64,3 +64,7 @@ The following tables lists the configurable parameters of this chart and their d | `podSecurityPolicy.enabled` | Create & use Pod Security Policy resources | `false` | | `serviceAccount.create` | Should we create a ServiceAccount | `true` | | `serviceAccount.name` | Name of the ServiceAccount to use | null | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `affinity` | Affinity settings | `{}` | +| `tolerations` | List of node taints to tolerate | `[]` | + diff --git a/stable/nfs-client-provisioner/templates/deployment.yaml b/stable/nfs-client-provisioner/templates/deployment.yaml index 03735db7f600..fa6b04f6c488 100644 --- a/stable/nfs-client-provisioner/templates/deployment.yaml +++ b/stable/nfs-client-provisioner/templates/deployment.yaml @@ -17,11 +17,23 @@ spec: release: {{ .Release.Name }} template: metadata: + annotations: + {{- if and (.Values.tolerations) (semverCompare "<1.6-0" .Capabilities.KubeVersion.GitVersion) }} + scheduler.alpha.kubernetes.io/tolerations: '{{ toJson .Values.tolerations }}' + {{- end }} labels: app: {{ template "nfs-client-provisioner.name" . }} release: {{ .Release.Name }} spec: serviceAccountName: {{ template "nfs-client-provisioner.serviceAccountName" . }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" @@ -48,3 +60,7 @@ spec: server: {{ .Values.nfs.server }} path: {{ .Values.nfs.path }} {{- end }} + {{- if and (.Values.tolerations) (semverCompare "^1.6-0" .Capabilities.KubeVersion.GitVersion) }} + tolerations: +{{ toYaml .Values.tolerations | indent 6 }} + {{- end }} From 4baaa30002580bb1c6440ca2998fe357419fb4d1 Mon Sep 17 00:00:00 2001 From: Melissa Palmer Date: Fri, 21 Dec 2018 10:36:49 +0200 Subject: [PATCH 092/136] correct overwriting plugins folder Signed-off-by: Melissa Palmer --- stable/sonarqube/templates/copy-plugins.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 stable/sonarqube/templates/copy-plugins.yaml diff --git a/stable/sonarqube/templates/copy-plugins.yaml b/stable/sonarqube/templates/copy-plugins.yaml new file mode 100644 index 000000000000..f06c8157ab39 --- /dev/null +++ b/stable/sonarqube/templates/copy-plugins.yaml @@ -0,0 +1,16 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "sonarqube.fullname" . }}-copy-plugins + labels: + app: {{ template "sonarqube.name" . }} + chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} + release: {{ .Release.Name }} + heritage: {{ .Release.Service }} +data: + copy_plugins.sh: |- + #! /bin/sh + cp /opt/sonarqube/extensions/plugins/tmp/*.jar /opt/sonarqube/extensions/plugins/ + /opt/sonarqube/bin/run.sh + + \ No newline at end of file From 374e0015462c06519f185d87ed2ed9ee08d037f9 Mon Sep 17 00:00:00 2001 From: Melissa Palmer Date: Fri, 21 Dec 2018 10:37:14 +0200 Subject: [PATCH 093/136] correct overwriting plugins folder Signed-off-by: Melissa Palmer --- stable/sonarqube/Chart.yaml | 4 +-- stable/sonarqube/templates/deployment.yaml | 25 +++++++++++++------ .../sonarqube/templates/install-plugins.yaml | 2 +- stable/sonarqube/values.yaml | 2 +- 4 files changed, 21 insertions(+), 12 deletions(-) diff --git a/stable/sonarqube/Chart.yaml b/stable/sonarqube/Chart.yaml index e26e10c6d725..7f8c2383070d 100644 --- a/stable/sonarqube/Chart.yaml +++ b/stable/sonarqube/Chart.yaml @@ -1,7 +1,7 @@ name: sonarqube description: Sonarqube is an open sourced code quality scanning tool -version: 0.10.3 -appVersion: 6.7.6 +version: 0.10.4 +appVersion: 7.4 keywords: - coverage - security diff --git a/stable/sonarqube/templates/deployment.yaml b/stable/sonarqube/templates/deployment.yaml index a52f2bece4b3..c3b5d90b0dfd 100644 --- a/stable/sonarqube/templates/deployment.yaml +++ b/stable/sonarqube/templates/deployment.yaml @@ -26,16 +26,16 @@ spec: {{- end }} command: ["sh", "-c", - "mkdir -p /opt/sonarqube/extensions/plugins/ && - cp /tmp/scripts/install_plugins.sh /opt/sonarqube/extensions/plugins/install_plugins.sh && - chmod 0775 /opt/sonarqube/extensions/plugins/install_plugins.sh && - /opt/sonarqube/extensions/plugins/install_plugins.sh + "mkdir -p /opt/sonarqube/extensions/plugins/tmp && + cp /tmp/scripts/install_plugins.sh /opt/sonarqube/extensions/plugins/tmp/install_plugins.sh && + chmod 0775 /opt/sonarqube/extensions/plugins/tmp/install_plugins.sh && + /opt/sonarqube/extensions/plugins/tmp/install_plugins.sh && pwd && ls -lah " ] volumeMounts: - - mountPath: /opt/sonarqube/extensions + - mountPath: /opt/sonarqube/extensions/plugins/tmp name: sonarqube - subPath: extensions + subPath: tmp - name: install-plugins mountPath: /tmp/scripts/ resources: @@ -123,9 +123,11 @@ spec: - mountPath: /opt/sonarqube/data name: sonarqube subPath: data - - mountPath: /opt/sonarqube/extensions + - mountPath: /opt/sonarqube/extensions/plugins/tmp name: sonarqube - subPath: extensions + subPath: tmp + - name: copy-plugins + mountPath: /usr/local/ resources: {{ toYaml .Values.resources | indent 12 }} {{- if .Values.nodeSelector }} @@ -155,6 +157,13 @@ spec: items: - key: install_plugins.sh path: install_plugins.sh + - name: copy-plugins + configMap: + name: {{ template "sonarqube.fullname" . }}-copy-plugins + defaultMode: 0755 + items: + - key: copy_plugins.sh + path: copy_plugins.sh - name: startup configMap: name: {{ template "sonarqube.fullname" . }}-startup diff --git a/stable/sonarqube/templates/install-plugins.yaml b/stable/sonarqube/templates/install-plugins.yaml index d09373580b2e..21bd53321fe9 100644 --- a/stable/sonarqube/templates/install-plugins.yaml +++ b/stable/sonarqube/templates/install-plugins.yaml @@ -9,7 +9,7 @@ metadata: heritage: {{ .Release.Service }} data: install_plugins.sh: |- - cd /opt/sonarqube/extensions/plugins + cd /opt/sonarqube/extensions/plugins/tmp {{- if .Values.plugins.install }} {{- range $index, $val := .Values.plugins.install }} wget {{ $val }} --no-check-certificate diff --git a/stable/sonarqube/values.yaml b/stable/sonarqube/values.yaml index 18e6a12754f6..6c28a225b674 100644 --- a/stable/sonarqube/values.yaml +++ b/stable/sonarqube/values.yaml @@ -4,7 +4,7 @@ replicaCount: 1 image: repository: sonarqube - tag: 6.7.6-community + tag: 7.4-community # If using a private repository, the name of the imagePullSecret to use # pullSecret: my-repo-secret # Starting 6.7.6 and 7.4 official sonarqube docker image, command is not required From 8bed486283f8ae28dfa59088c226f95779d7ccf7 Mon Sep 17 00:00:00 2001 From: Naseem Date: Fri, 21 Dec 2018 04:05:29 -0500 Subject: [PATCH 094/136] Update image (#10188) * Update image Signed-off-by: Naseem Ullah * bump version for major release of image Signed-off-by: David J. M. Karlsen Signed-off-by: Melissa Palmer --- stable/fluent-bit/Chart.yaml | 4 ++-- stable/fluent-bit/README.md | 2 +- stable/fluent-bit/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/fluent-bit/Chart.yaml b/stable/fluent-bit/Chart.yaml index 0521a144a25a..b48d16eeef6a 100755 --- a/stable/fluent-bit/Chart.yaml +++ b/stable/fluent-bit/Chart.yaml @@ -1,6 +1,6 @@ name: fluent-bit -version: 1.1.1 -appVersion: 0.14.9 +version: 1.2.0 +appVersion: 1.0.1 description: Fast and Lightweight Log/Data Forwarder for Linux, BSD and OSX keywords: - logging diff --git a/stable/fluent-bit/README.md b/stable/fluent-bit/README.md index 878bf6c14bca..44ece00fc89f 100644 --- a/stable/fluent-bit/README.md +++ b/stable/fluent-bit/README.md @@ -94,7 +94,7 @@ The following table lists the configurable parameters of the Fluent-Bit chart an | `filter.kubeTag` | Optional top-level tag for matching in filter | `kube` | | `filter.mergeJSONLog` | If the log field content is a JSON string map, append the map fields as part of the log structure | `true` | | `image.fluent_bit.repository` | Image | `fluent/fluent-bit` | -| `image.fluent_bit.tag` | Image tag | `0.14.9` | +| `image.fluent_bit.tag` | Image tag | `1.0.1` | | `image.pullPolicy` | Image pull policy | `Always` | | `image.pullSecrets` | Specify image pull secrets | `nil` | | `input.tail.memBufLimit` | Specify Mem_Buf_Limit in tail input | `5MB` | diff --git a/stable/fluent-bit/values.yaml b/stable/fluent-bit/values.yaml index 245c9e945cb4..04536f72e718 100644 --- a/stable/fluent-bit/values.yaml +++ b/stable/fluent-bit/values.yaml @@ -5,7 +5,7 @@ on_minikube: false image: fluent_bit: repository: fluent/fluent-bit - tag: 0.14.9 + tag: 1.0.1 pullPolicy: Always # When enabled, exposes json and prometheus metrics on {{ .Release.Name }}-metrics service From 58a0b659e0c9d26d490439a4ced165f1e9edf75f Mon Sep 17 00:00:00 2001 From: Xinghong Fang Date: Fri, 21 Dec 2018 22:33:36 +0800 Subject: [PATCH 095/136] airflow custom init (#9964) * airflow: fix incorrect values in README Signed-off-by: Xinghong Fang * airflow: allow initContainer image to be customised Signed-off-by: Xinghong Fang * airflow: bump chart version to 0.10.0 Signed-off-by: Xinghong Fang * airflow: add new values to README Signed-off-by: Xinghong Fang * airflow: replace all hard-coded image alpine/git Signed-off-by: Xinghong Fang * airflow: fix postgres values Signed-off-by: Xinghong Fang Signed-off-by: Melissa Palmer --- stable/airflow/Chart.yaml | 2 +- stable/airflow/README.md | 20 ++++++++++--------- .../airflow/templates/configmap-airflow.yaml | 4 ++-- .../templates/deployments-scheduler.yaml | 3 ++- stable/airflow/templates/deployments-web.yaml | 3 ++- stable/airflow/templates/secrets.yaml | 4 ++-- .../templates/statefulsets-workers.yaml | 3 ++- stable/airflow/values.yaml | 18 +++++++++++++---- 8 files changed, 36 insertions(+), 21 deletions(-) diff --git a/stable/airflow/Chart.yaml b/stable/airflow/Chart.yaml index 2243c142e8b5..895cfedf58f4 100644 --- a/stable/airflow/Chart.yaml +++ b/stable/airflow/Chart.yaml @@ -1,6 +1,6 @@ description: Airflow is a platform to programmatically author, schedule and monitor workflows name: airflow -version: 0.9.1 +version: 0.10.0 appVersion: 1.10.0 icon: https://airflow.apache.org/_images/pin_large.png home: https://airflow.apache.org/ diff --git a/stable/airflow/README.md b/stable/airflow/README.md index 15cb26c256b4..37a8cb3460ac 100644 --- a/stable/airflow/README.md +++ b/stable/airflow/README.md @@ -241,21 +241,23 @@ The following table lists the configurable parameters of the Airflow chart and t | `dags.doNotPickle` | should the scheduler disable DAG pickling | `false` | | `dags.path` | mount path for persistent volume | `/usr/local/airflow/dags` | | `dags.initContainer.enabled` | Fetch the source code when the pods starts | `false` | +| `dags.initContainer.image.repository` | Init container Docker image. | `alpine/git` | +| `dags.initContainer.image.tag` | Init container Docker image tag. | `1.0.4` | | `dags.initContainer.installRequirements` | auto install requirements.txt deps | `true` | | `dags.git.url` | url to clone the git repository | nil | | `dags.git.ref` | branch name, tag or sha1 to reset to | `master` | | `rbac.create` | create RBAC resources | `true` | | `serviceAccount.create` | create a service account | `true` | | `serviceAccount.name` | the service account name | `` | -| `postgres.enabled` | create a postgres server | `true` | -| `postgres.uri` | full URL to custom postgres setup | (undefined) | -| `postgres.portgresHost` | PostgreSQL Hostname | (undefined) | -| `postgres.postgresUser` | PostgreSQL User | `postgres` | -| `postgres.postgresPassword` | PostgreSQL Password | `airflow` | -| `postgres.postgresDatabase` | PostgreSQL Database name | `airflow` | -| `postgres.persistence.enabled` | Enable Postgres PVC | `true` | -| `postgres.persistance.storageClass` | Persistant class | (undefined) | -| `postgres.persistance.accessMode` | Access mode | `ReadWriteOnce` | +| `postgresql.enabled` | create a postgres server | `true` | +| `postgresql.uri` | full URL to custom postgres setup | (undefined) | +| `postgresql.portgresHost` | PostgreSQL Hostname | (undefined) | +| `postgresql.postgresqlUsername` | PostgreSQL User | `postgres` | +| `postgresql.postgresqlPassword` | PostgreSQL Password | `airflow` | +| `postgresql.postgresqlDatabase` | PostgreSQL Database name | `airflow` | +| `postgresql.persistence.enabled` | Enable Postgres PVC | `true` | +| `postgresql.persistance.storageClass | Persistant class | (undefined) | +| `postgresql.persistance.accessMode` | Access mode | `ReadWriteOnce` | | `redis.enabled` | Create a Redis cluster | `true` | | `redis.password` | Redis password | `airflow` | | `redis.master.persistence.enabled` | Enable Redis PVC | `false` | diff --git a/stable/airflow/templates/configmap-airflow.yaml b/stable/airflow/templates/configmap-airflow.yaml index 80c574ece467..f753f7c75769 100644 --- a/stable/airflow/templates/configmap-airflow.yaml +++ b/stable/airflow/templates/configmap-airflow.yaml @@ -12,8 +12,8 @@ data: TZ: Etc/UTC ## Postgres DB configuration POSTGRES_HOST: "{{ template "airflow.postgresql.fullname" . }}" - POSTGRES_PORT: "{{ .Values.postgresql.postgresPort }}" - POSTGRES_DB: "{{ .Values.postgresql.postgresDatabase }}" + POSTGRES_PORT: "{{ .Values.postgresql.service.port }}" + POSTGRES_DB: "{{ .Values.postgresql.postgresqlDatabase }}" ## Redis DB configuration REDIS_HOST: "{{ template "airflow.redis.fullname" . }}" REDIS_PORT: "{{ .Values.redis.master.port }}" diff --git a/stable/airflow/templates/deployments-scheduler.yaml b/stable/airflow/templates/deployments-scheduler.yaml index 50f2c8a60bcc..386059c731cd 100644 --- a/stable/airflow/templates/deployments-scheduler.yaml +++ b/stable/airflow/templates/deployments-scheduler.yaml @@ -41,7 +41,8 @@ spec: {{- if .Values.dags.initContainer.enabled }} initContainers: - name: git-clone - image: alpine/git # Any image with git will do + image: {{ .Values.dags.initContainer.image.repository }}:{{ .Values.dags.initContainer.image.tag }} # Any image with git will do + imagePullPolicy: {{ .Values.dags.initContainer.image.pullPolicy }} command: - /usr/local/git/git-clone.sh args: diff --git a/stable/airflow/templates/deployments-web.yaml b/stable/airflow/templates/deployments-web.yaml index 03763c1c3c3e..8b16ca2bb12c 100644 --- a/stable/airflow/templates/deployments-web.yaml +++ b/stable/airflow/templates/deployments-web.yaml @@ -40,7 +40,8 @@ spec: {{- if .Values.dags.initContainer.enabled }} initContainers: - name: git-clone - image: alpine/git # Any image with git will do + image: {{ .Values.dags.initContainer.image.repository }}:{{ .Values.dags.initContainer.image.tag }} # Any image with git will do + imagePullPolicy: {{ .Values.dags.initContainer.image.pullPolicy }} command: - /usr/local/git/git-clone.sh args: diff --git a/stable/airflow/templates/secrets.yaml b/stable/airflow/templates/secrets.yaml index 17e23cdded84..0e20700aacdc 100644 --- a/stable/airflow/templates/secrets.yaml +++ b/stable/airflow/templates/secrets.yaml @@ -9,6 +9,6 @@ metadata: heritage: "{{ .Release.Service }}" type: Opaque data: - postgresUser: {{ .Values.postgresql.postgresUser | b64enc | quote }} - postgresPassword: {{ .Values.postgresql.postgresPassword | b64enc | quote }} + postgresUser: {{ .Values.postgresql.postgresqlUsername | b64enc | quote }} + postgresPassword: {{ .Values.postgresql.postgresqlPassword | b64enc | quote }} redisPassword: {{ .Values.redis.password | b64enc | quote }} diff --git a/stable/airflow/templates/statefulsets-workers.yaml b/stable/airflow/templates/statefulsets-workers.yaml index 49dcf2993cc4..8835f3a62594 100644 --- a/stable/airflow/templates/statefulsets-workers.yaml +++ b/stable/airflow/templates/statefulsets-workers.yaml @@ -49,7 +49,8 @@ spec: {{- if .Values.dags.initContainer.enabled }} initContainers: - name: git-clone - image: alpine/git # Any image with git will do + image: {{ .Values.dags.initContainer.image.repository }}:{{ .Values.dags.initContainer.image.tag }} # Any image with git will do + imagePullPolicy: {{ .Values.dags.initContainer.image.pullPolicy }} command: - /usr/local/git/git-clone.sh args: diff --git a/stable/airflow/values.yaml b/stable/airflow/values.yaml index b9d12da45fd1..64a20676d4fa 100644 --- a/stable/airflow/values.yaml +++ b/stable/airflow/values.yaml @@ -266,6 +266,15 @@ dags: initContainer: ## Fetch the source code when the pods starts enabled: false + ## Image for the init container (any image with git will do) + image: + ## docker-airflow image + repository: alpine/git + ## image tag + tag: 1.0.4 + ## Image pull policy + ## values: Always or IfNotPresent + pullPolicy: IfNotPresent ## install requirements.txt dependencies automatically installRequirements: true @@ -303,16 +312,17 @@ postgresql: ## postgresHost: ## ## PostgreSQL port - postgresPort: 5432 + service: + port: 5432 ## PostgreSQL User to create. - postgresUser: postgres + postgresqlUsername: postgres ## ## PostgreSQL Password for the new user. ## If not set, a random 10 characters password will be used. - postgresPassword: airflow + postgresqlPassword: airflow ## ## PostgreSQL Database to create. - postgresDatabase: airflow + postgresqlDatabase: airflow ## ## Persistent Volume Storage configuration. ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes From d3b5ea14a02d12632b2183ef4858e50546ef42d7 Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Fri, 21 Dec 2018 16:09:00 +0100 Subject: [PATCH 096/136] [stable/mariadb] Add parameter to enable debug logs on MariaDB images (#10208) * [stable/mariadb] Add parameter to enable debug logs on MariaDB images Signed-off-by: juan131 * Document new parameter on README.md Signed-off-by: juan131 Signed-off-by: Melissa Palmer --- stable/mariadb/Chart.yaml | 2 +- stable/mariadb/README.md | 1 + stable/mariadb/templates/master-statefulset.yaml | 4 ++++ stable/mariadb/templates/slave-statefulset.yaml | 4 ++++ stable/mariadb/values-production.yaml | 5 +++++ stable/mariadb/values.yaml | 5 +++++ 6 files changed, 20 insertions(+), 1 deletion(-) diff --git a/stable/mariadb/Chart.yaml b/stable/mariadb/Chart.yaml index 1a4fc2a7d14f..9ad534eac113 100644 --- a/stable/mariadb/Chart.yaml +++ b/stable/mariadb/Chart.yaml @@ -1,5 +1,5 @@ name: mariadb -version: 5.2.5 +version: 5.2.6 appVersion: 10.1.37 description: Fast, reliable, scalable, and easy to use open-source relational database system. MariaDB Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. Highly available MariaDB cluster. keywords: diff --git a/stable/mariadb/README.md b/stable/mariadb/README.md index 4f57f5d94e71..7b6144587f04 100644 --- a/stable/mariadb/README.md +++ b/stable/mariadb/README.md @@ -55,6 +55,7 @@ The following table lists the configurable parameters of the MariaDB chart and t | `image.tag` | MariaDB Image tag | `{VERSION}` | | `image.pullPolicy` | MariaDB image pull policy | `Always` if `imageTag` is `latest`, else `IfNotPresent` | | `image.pullSecrets` | Specify image pull secrets | `nil` (does not add image pull secrets to deployed pods) | +| `image.debug` | Specify if debug logs should be enabled | `false` | | `service.type` | Kubernetes service type | `ClusterIP` | | `service.clusterIp` | Specific cluster IP when service type is cluster IP. Use None for headless service | `nil` | | `service.port` | MySQL service port | `3306` | diff --git a/stable/mariadb/templates/master-statefulset.yaml b/stable/mariadb/templates/master-statefulset.yaml index e5290b836b54..4cad6fef4fb8 100644 --- a/stable/mariadb/templates/master-statefulset.yaml +++ b/stable/mariadb/templates/master-statefulset.yaml @@ -84,6 +84,10 @@ spec: image: {{ template "mariadb.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} env: + {{- if .Values.image.debug}} + - name: BITNAMI_DEBUG + value: "true" + {{- end }} - name: MARIADB_ROOT_PASSWORD valueFrom: secretKeyRef: diff --git a/stable/mariadb/templates/slave-statefulset.yaml b/stable/mariadb/templates/slave-statefulset.yaml index bb4aaccf9cfe..1532c8b9ed8e 100644 --- a/stable/mariadb/templates/slave-statefulset.yaml +++ b/stable/mariadb/templates/slave-statefulset.yaml @@ -85,6 +85,10 @@ spec: image: {{ template "mariadb.image" . }} imagePullPolicy: {{ .Values.image.pullPolicy | quote }} env: + {{- if .Values.image.debug}} + - name: BITNAMI_DEBUG + value: "true" + {{- end }} - name: MARIADB_REPLICATION_MODE value: "slave" - name: MARIADB_MASTER_HOST diff --git a/stable/mariadb/values-production.yaml b/stable/mariadb/values-production.yaml index 05901dea2004..906e91d73588 100644 --- a/stable/mariadb/values-production.yaml +++ b/stable/mariadb/values-production.yaml @@ -23,6 +23,11 @@ image: # pullSecrets: # - myRegistrKeySecretName + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + service: ## Kubernetes service type, ClusterIP and NodePort are supported at present type: ClusterIP diff --git a/stable/mariadb/values.yaml b/stable/mariadb/values.yaml index 85dbde720db8..7de7ae8df69f 100644 --- a/stable/mariadb/values.yaml +++ b/stable/mariadb/values.yaml @@ -23,6 +23,11 @@ image: # pullSecrets: # - myRegistrKeySecretName + ## Set to true if you would like to see extra information on logs + ## It turns BASH and NAMI debugging in minideb + ## ref: https://github.com/bitnami/minideb-extras/#turn-on-bash-debugging + debug: false + service: ## Kubernetes service type, ClusterIP and NodePort are supported at present type: ClusterIP From db16949afd27ec0763dae46c7a0547f36cdf0b82 Mon Sep 17 00:00:00 2001 From: Andrea Simonini Date: Fri, 21 Dec 2018 17:37:26 +0100 Subject: [PATCH 097/136] Fluent bit json command (#9105) * [stable/fluent-bit] Add support for multiple parsers.json commands Signed-off-by: Andrea Simonini * [stable/fluent-bit] Add support for multiple parsers.json commands restore backward compatibility bump Chart version Signed-off-by: Andrea Simonini * [stable/fluent-bit] Add support for multiple parsers.json commands removed trailing spaces Signed-off-by: Andrea Simonini * Make the extraEntries a key Signed-off-by: Andrea Simonini * Remove trailing spaces Signed-off-by: Andrea Simonini Signed-off-by: Melissa Palmer --- stable/fluent-bit/Chart.yaml | 2 +- stable/fluent-bit/templates/config.yaml | 4 ++++ stable/fluent-bit/values.yaml | 14 ++++++++++++++ 3 files changed, 19 insertions(+), 1 deletion(-) diff --git a/stable/fluent-bit/Chart.yaml b/stable/fluent-bit/Chart.yaml index b48d16eeef6a..6678671dac5d 100755 --- a/stable/fluent-bit/Chart.yaml +++ b/stable/fluent-bit/Chart.yaml @@ -1,5 +1,5 @@ name: fluent-bit -version: 1.2.0 +version: 1.2.1 appVersion: 1.0.1 description: Fast and Lightweight Log/Data Forwarder for Linux, BSD and OSX keywords: diff --git a/stable/fluent-bit/templates/config.yaml b/stable/fluent-bit/templates/config.yaml index baa7349d5f3c..afe4cf3d253e 100644 --- a/stable/fluent-bit/templates/config.yaml +++ b/stable/fluent-bit/templates/config.yaml @@ -173,8 +173,12 @@ data: {{- end }} {{- if .decodeFieldAs }} Decode_Field_As {{ .decodeFieldAs }} {{ .decodeField | default "log" }} +{{- end}} +{{- if .extraEntries }} +{{ .extraEntries | indent 8 }} {{- end }} {{ end }} {{- end }} {{- end -}} + diff --git a/stable/fluent-bit/values.yaml b/stable/fluent-bit/values.yaml index 04536f72e718..87ad3cf44043 100644 --- a/stable/fluent-bit/values.yaml +++ b/stable/fluent-bit/values.yaml @@ -84,6 +84,20 @@ parsers: ## Regex required fields are name and regex. JSON required field ## is name. regex: [] + ## json parser config can be defined by providing an extraEntries field. + ## The following entry: + ## json: + ## - extraEntries: | + ## Decode_Field_As escaped log do_next + ## Decode_Field_As json log + ## + ## translates into + ## + ## Command | Decoder | Field | Optional Action | + ## ==============|===========|=======|===================| + ## Decode_Field_As escaped log do_next + ## Decode_Field_As json log + ## json: [] env: [] From 197814a0b573ffd136df561b9c72e08e32221e3a Mon Sep 17 00:00:00 2001 From: mutron3k Date: Fri, 21 Dec 2018 14:51:10 -0500 Subject: [PATCH 098/136] adding SSL version option (#10176) * adding SSL version option Signed-off-by: Adam Sloan * adding SSL version option Signed-off-by: Adam Sloan * adding SSL version option Signed-off-by: Adam Sloan * adding SSL version option Signed-off-by: Adam Sloan * adding SSL version option depending on scheme being https Signed-off-by: Adam Sloan * adding SSL version option Signed-off-by: Adam Sloan Signed-off-by: Melissa Palmer --- stable/fluentd-elasticsearch/Chart.yaml | 2 +- stable/fluentd-elasticsearch/templates/daemonset.yaml | 2 ++ stable/fluentd-elasticsearch/values.yaml | 4 +++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/stable/fluentd-elasticsearch/Chart.yaml b/stable/fluentd-elasticsearch/Chart.yaml index 85d8491b0476..205c1cbcaf35 100644 --- a/stable/fluentd-elasticsearch/Chart.yaml +++ b/stable/fluentd-elasticsearch/Chart.yaml @@ -1,5 +1,5 @@ name: fluentd-elasticsearch -version: 2.0.0 +version: 2.0.1 appVersion: 2.3.2 home: https://www.fluentd.org/ description: A Fluentd Helm chart for Kubernetes with Elasticsearch output diff --git a/stable/fluentd-elasticsearch/templates/daemonset.yaml b/stable/fluentd-elasticsearch/templates/daemonset.yaml index ea4fa5214d5b..fdcd67e8cd1e 100644 --- a/stable/fluentd-elasticsearch/templates/daemonset.yaml +++ b/stable/fluentd-elasticsearch/templates/daemonset.yaml @@ -50,6 +50,8 @@ spec: value: {{ .Values.elasticsearch.logstash_prefix | quote }} - name: OUTPUT_SCHEME value: {{ .Values.elasticsearch.scheme | quote }} + - name: OUTPUT_SSL_VERSION + value: {{ .Values.elasticsearch.ssl_version | quote }} - name: OUTPUT_BUFFER_CHUNK_LIMIT value: {{ .Values.elasticsearch.buffer_chunk_limit | quote }} - name: OUTPUT_BUFFER_QUEUE_LIMIT diff --git a/stable/fluentd-elasticsearch/values.yaml b/stable/fluentd-elasticsearch/values.yaml index bc6624161145..b0f5e794ce9b 100644 --- a/stable/fluentd-elasticsearch/values.yaml +++ b/stable/fluentd-elasticsearch/values.yaml @@ -20,10 +20,11 @@ resources: {} elasticsearch: host: 'elasticsearch-client' port: 9200 + scheme: 'http' + ssl_version: TLSv1_2 buffer_chunk_limit: 2M buffer_queue_limit: 8 logstash_prefix: 'logstash' - scheme: 'http' # If you want to add custom environment variables, use the env dict # You can then reference these in your config file e.g.: @@ -452,6 +453,7 @@ configMaps: host "#{ENV['OUTPUT_HOST']}" port "#{ENV['OUTPUT_PORT']}" scheme "#{ENV['OUTPUT_SCHEME']}" + ssl_version "#{ENV['OUTPUT_SSL_VERSION']}" logstash_format true logstash_prefix "#{ENV['LOGSTASH_PREFIX']}" From e00a737ab2e8f6ff76bdf7ae54d65fa5aae53511 Mon Sep 17 00:00:00 2001 From: Greg Hill Date: Fri, 21 Dec 2018 20:11:56 +0000 Subject: [PATCH 099/136] overhaul burrow chart (#10146) Signed-off-by: greg Signed-off-by: Melissa Palmer --- stable/burrow/Chart.yaml | 9 +- stable/burrow/OWNERS | 2 + stable/burrow/README.md | 225 +++++++++--------- stable/burrow/ci/keys-values.yaml | 6 - stable/burrow/ci/test-values.yaml | 21 ++ .../examples/1.human_deployment/README.md | 41 ---- .../examples/2.service_deployment/README.md | 116 --------- stable/burrow/initialize.sh | 108 +++++++++ stable/burrow/templates/NOTES.txt | 23 +- stable/burrow/templates/_helpers.tpl | 56 ++++- stable/burrow/templates/config-burrow.yaml | 47 ++++ stable/burrow/templates/config-configs.yaml | 100 -------- stable/burrow/templates/deployments.yaml | 176 ++++++++------ .../{ingress.yaml => ingress-grpc.yaml} | 18 +- stable/burrow/templates/ingress-info.yaml | 43 ++++ stable/burrow/templates/pvc-data.yaml | 23 -- stable/burrow/templates/pvc-work.yaml | 23 -- stable/burrow/templates/pvc.yaml | 31 +++ stable/burrow/templates/secret-genesis.yaml | 12 - stable/burrow/templates/secret-keys.yaml | 12 - stable/burrow/templates/service-api.yaml | 23 -- stable/burrow/templates/service-grpc.yaml | 28 +++ stable/burrow/templates/service-info.yaml | 25 ++ stable/burrow/templates/service-peers.yaml | 21 +- stable/burrow/templates/service-rpc.yaml | 25 -- stable/burrow/templates/test-config.yaml | 14 ++ stable/burrow/templates/test-secret.yaml | 25 ++ stable/burrow/values.yaml | 129 ++++++---- 28 files changed, 745 insertions(+), 637 deletions(-) delete mode 100644 stable/burrow/ci/keys-values.yaml create mode 100644 stable/burrow/ci/test-values.yaml delete mode 100644 stable/burrow/examples/1.human_deployment/README.md delete mode 100644 stable/burrow/examples/2.service_deployment/README.md create mode 100755 stable/burrow/initialize.sh create mode 100644 stable/burrow/templates/config-burrow.yaml delete mode 100644 stable/burrow/templates/config-configs.yaml rename stable/burrow/templates/{ingress.yaml => ingress-grpc.yaml} (50%) create mode 100644 stable/burrow/templates/ingress-info.yaml delete mode 100644 stable/burrow/templates/pvc-data.yaml delete mode 100644 stable/burrow/templates/pvc-work.yaml create mode 100644 stable/burrow/templates/pvc.yaml delete mode 100644 stable/burrow/templates/secret-genesis.yaml delete mode 100644 stable/burrow/templates/secret-keys.yaml delete mode 100644 stable/burrow/templates/service-api.yaml create mode 100644 stable/burrow/templates/service-grpc.yaml create mode 100644 stable/burrow/templates/service-info.yaml delete mode 100644 stable/burrow/templates/service-rpc.yaml create mode 100644 stable/burrow/templates/test-config.yaml create mode 100644 stable/burrow/templates/test-secret.yaml diff --git a/stable/burrow/Chart.yaml b/stable/burrow/Chart.yaml index d14c8b31978b..567ae1529d3c 100644 --- a/stable/burrow/Chart.yaml +++ b/stable/burrow/Chart.yaml @@ -1,6 +1,6 @@ name: burrow -version: 0.4.5 -appVersion: 0.17.1 +version: 1.0.0 +appVersion: 0.23.2 description: Burrow is a permissionable smart contract machine home: https://github.com/hyperledger/burrow icon: https://wiki.hyperledger.org/_media/projects/hyperledger_burrow_logo_color.png @@ -15,7 +15,10 @@ keywords: maintainers: - name: compleatang email: casey@monax.io +- name: gregdhill + email: greg.hill@monax.io sources: - https://github.com/hyperledger/burrow -- https://quay.io/monax/db +apiVersion: v1 engine: gotpl +deprecated: false diff --git a/stable/burrow/OWNERS b/stable/burrow/OWNERS index 0191a8e163c8..43fe38e9d2f4 100644 --- a/stable/burrow/OWNERS +++ b/stable/burrow/OWNERS @@ -1,4 +1,6 @@ approvers: - compleatang +- gregdhill reviewers: - compleatang +- gregdhill diff --git a/stable/burrow/README.md b/stable/burrow/README.md index 95471dcf6490..96bd71acdff4 100644 --- a/stable/burrow/README.md +++ b/stable/burrow/README.md @@ -1,30 +1,36 @@ -# burrow +# Burrow -[burrow](https://github.com/hyperledger/burrow) is a permissioned Ethereum smart-contract blockchain node. It executes Ethereum smart contract code on a permissioned virtual machine. Burrow provides transaction finality and high transaction throughput on a proof-of-stake Tendermint consensus engine. - -## TL;DR; - -```console -$ helm install stable/burrow -``` +[Burrow](https://github.com/hyperledger/burrow) is a permissioned Ethereum smart-contract blockchain node which provides transaction finality and high transaction throughput on a proof-of-stake [Tendermint](https://tendermint.com) consensus engine. ## Introduction This chart bootstraps a burrow network on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. -## Installing the Chart +## Installation -To install the chart with the release name `my-release`: +### Prerequisites -```console -$ helm install stable/burrow --name my-release +To deploy a new blockchain network, this chart requires that two objects be present in the same Kubernetes namespace: a configmap should house the genesis file and a secret should hold any validator keys. The provided script, `initialize.sh` automatically provisions a number of files using the [burrow](https://github.com/hyperledger/burrow) toolkit, so please first ensure that `burrow --version` matches the `image.tag` in the [configuration](#configuration). This sequence also requires that the [jq](https://stedolan.github.io/jq/) binary is installed. Two files will be generated, the first of note is `chain-info.yaml` which contains the two necessary Kubernetes specifications to be added to the cluster: + +```bash +curl -LO https://raw.githubusercontent.com/helm/charts/master/initialize.sh +CHAIN_NODES=4 CHAIN_NAME="my-release" ./initialize.sh +kubectl apply --filename chain-info.yaml ``` -The command deploys burrow on the Kubernetes cluster in the default configuration. The [configuration](#configuration) section lists the parameters that can be configured during installation. +Please note that the variable `$CHAIN_NAME` should be the same as the helm release name specified below. Another file, `initialize.yaml` contains the the equivalent validator addresses to set in the charts. + +### Deployment -There is a zero percent chance that you will want the default configuration. Please see the [runtime configuration](#runtime) section for more information on how to setup your network properly. +To install the chart with the release name `my-release` with the set of custom validator addresses: -## Uninstalling the Chart +```bash +helm install stable/burrow --name my-release --values initialize.yaml +``` + +The [configuration](#configuration) section below lists all possible parameters that can be configured during installation. Please also see the [runtime configuration](#runtime) section for more information on how to setup your network properly. + +## Uninstall To uninstall/delete the `my-release` deployment: @@ -32,71 +38,97 @@ To uninstall/delete the `my-release` deployment: $ helm delete my-release ``` -The command removes all the Kubernetes components associated with the chart and deletes the release. +This command removes all the Kubernetes components associated with the chart and deletes the release. To remove the configmap and secret created in the [prerequisites](#prerequisites), follow these steps: + +```bash +kubectl delete secret ${CHAIN_NAME}-keys +kubectl delete configmap ${CHAIN_NAME}-genesis +``` ## Configuration -The following table lists the configurable parameters of the kibana chart and their default values. - -Parameter | Description | Default ---- | --- | --- -`affinity` | node/pod affinities | None -`chain.extraSeeds` | network seeds to dial in addition to the cluster booted by the chart; each entry in the array should be in the form `ip:port` (noting that because the p2p connects over tcp that the port is absolutely required) | `[]` -`chain.id` | machine readable (and preferably unique) ID for the blockchain network | `simpleTestChain` -`chain.logLevel` | log level for the nodes (`debug`, `info`, `warn`) | `info` -`chain.name` | human readable name of the blockchain network | `simpleTestChain` -`chain.numberOfNodes` | number of nodes for the blockchain network | `1` -`env` | Environment variables to configure burrow | `{}` -`extraArgs` | extra arguments to give to the build in `burrow serve` command | `{}` -`genesisFile` | base64 encoded string for the genesis.json file | `""` -`image.pullPolicy` | Image pull policy | `IfNotPresent` -`image.repository` | Image repository | `quay.io/monax/db` -`image.tag` | Image tag | `0.17.1` -`ingress.annotations` | Ingress annotations | None -`ingress.enabled` | Enables Ingress | `false` -`ingress.hosts` | Ingress accepted hostnames | None -`ingress.tls` | Ingress TLS configuration | None -`keysFiles` | base64 encoded strings for the priv_validator.json files | `{}` -`nodeSelector` | node labels for pod assignment | `{}` -`organization` | name of the organization running these nodes (used in the peer's moniker) | `myOrg` -`persistence.accessMode` | access mode for the chain data pvc | None -`persistence.annotations` | annotations for the chain data pvc | None -`persistence.enabled` | enable pvc for the chain data | `false` -`persistence.size` | size of the chain data pvc | None -`persistence.storageClass` | storage class for the chain data pvc | None -`podAnnotations` | annotations to add to each pod | `{}` -`podLabels` | labels to add to each pod | `{}` -`resources` | pod resource requests & limits | `{}` -`service.api.loadBalance` | if `true` then the api service will load balance across the nodes | `true` -`service.api.node` | node number to link the api service to (ignored if loadBalance is `true`) | `""` -`service.api.port` | api port | `46656` -`service.api.type` | service type for the api port | `ClusterIP` -`service.peer.port` | peer port | `46656` -`service.peer.type` | service type for the peer port | `ClusterIP` -`service.rpc.loadBalance` | if `true` then the rpc service will load balance across the nodes | `false` -`service.rpc.node` | node number to link the rpc service to (ignored if loadBalance is `true`) | `000` -`service.rpc.port` | rpc port | `46656` -`service.rpc.type` | service type for the rpc port | `ClusterIP` -`tolerations` | List of node taints to tolerate | `[]` +The following table lists the configurable parameters of the Burrow chart and its default values. + +| Parameter | Description | Default | +| --------- | ----------- | ------- | +| `image.repository` | image repository | `"hyperledger/burrow"` | +| `image.tag` | image tag | `"0.23.1"` | +| `image.pullPolicy` | image pull policy | `"IfNotPresent"` | +| `chain.nodes` | number of nodes for the blockchain network | `1` | +| `chain.logLevel` | log level for the nodes (`debug`, `info`, `warn`) | `"info"` | +| `chain.extraSeeds` | network seeds to dial in addition to the cluster booted by the chart; each entry in the array should be in the form `ip:port` (note: because P2P connects over tcp, the port is absolutely required) | `[]` | +| `chain.testing` | toggle pre-generated keys & genesis for ci testing | `false` | +| `validatorAddresses` | list of validators to deploy | `[]` | +| `env` | environment variables to configure burrow | `{}` | +| `extraArgs` | extra arguments to give to the build in `burrow start` command | `{}` | +| `organization` | name of the organization running these nodes (used in the peer's moniker) | `""` | +| `persistence.enabled` | enable pvc for the chain data | `true` | +| `persistence.size` | size of the chain data pvc | `"80Gi"` | +| `persistence.storageClass` | storage class for the chain data pvc | `"standard"` | +| `persistence.accessMode` | access mode for the chain data pvc | `"ReadWriteOnce"` | +| `persistence.persistentVolumeReclaimPolicy` | does not delete on node restart | `"Retain"` | +| `peer.service.type` | service type | `"ClusterIP"` | +| `peer.service.port` | peer port | `26656` | +| `peer.ingress.enabled` | expose port | `false` | +| `peer.ingress.hosts` | - | `[]` | +| `rpcGRPC.enabled` | enable grpc service | `true` | +| `rpcGRPC.service.port` | grpc port | `10997` | +| `rpcGRPC.service.type` | service type | `"ClusterIP"` | +| `rpcGRPC.service.loadBalance` | enable load balancing across nodes | `true` | +| `rpcGRPC.ingress.enabled` | expose port | `false` | +| `rpcGRPC.ingress.hosts` | - | `[]` | +| `rpcGRPC.ingress.annotations` | extra annotations | `` | +| `rpcGRPC.ingress.tls` | - | `` | +| `rpcInfo.enabled` | enable Info service | `true` | +| `rpcInfo.service.port` | Info port | `26658` | +| `rpcInfo.service.type` | service type | `"ClusterIP"` | +| `rpcInfo.service.loadBalance` | enable load balancing across nodes | `true` | +| `rpcInfo.ingress.enabled` | expose port | `false` | +| `rpcInfo.ingress.partial` | exposes the `/accounts` and `/blocks` paths externally | `false` | +| `rpcInfo.ingress.pathLeader` | - | `"/"` | +| `rpcInfo.ingress.annotations` | extra annotations | `` | +| `rpcInfo.ingress.hosts` | - | `[]` | +| `rpcInfo.ingress.tls` | - | `` | +| `rpcMetrics.enabled` | enable Info service | `true` | +| `rpcMetrics.port` | Info port | `9102` | +| `rpcMetrics.path` | http endpoint | `"/metrics"` | +| `rpcMetrics.blockSampleSize` | number of previous blocks to utilize in calculating the histograms and summaries which are sent to prometheus | `100` | +| `rpcProfiler.enabled` | enable Info service | `false` | +| `rpcProfiler.port` | Info port | `6060` | +| `resources.limits.cpu` | - | `"500m"` | +| `resources.limits.memory` | - | `"1Gi"` | +| `resources.requests.cpu` | - | `"100m"` | +| `resources.requests.memory` | - | `"256Mi"` | +| `livenessProbe.enabled` | enable liveness checks | `true` | +| `livenessProbe.path` | http endpoint | `"/status?block_seen_time_within=3m"` | +| `livenessProbe.initialDelaySeconds` | start after | `240` | +| `livenessProbe.timeoutSeconds` | retry after | `1` | +| `livenessProbe.periodSeconds` | check every | `30` | +| `readinessProbe.enabled` | enable readiness checks | `true` | +| `readinessProbe.path` | http endpoint | `"/status"` | +| `readinessProbe.initialDelaySeconds` | start after | `5` | +| `podAnnotations` | annotations to add to each pod | `{}` | +| `podLabels` | labels to add to each pod | `{}` | +| `affinity` | node/pod affinities | `{}` | +| `tolerations` | list of node taints to tolerate | `[]` | +| `nodeSelector` | node labels for pod assignment | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, -```console -$ helm install stable/burrow --name my-release \ - --set=image.tag=0.16.0,resources.limits.cpu=200m +```bash +helm install stable/burrow --name my-release \ + --set=image.tag=0.23.2,resources.limits.cpu=200m -f initialize.yaml ``` -Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, +Alternatively, append additional values to the YAML file generated in the [prerequisites](#prerequisites). For example, -```console -$ helm install stable/burrow --name my-release -f values.yaml +```bash +helm install stable/burrow --name my-release -f initialize.yaml ``` -> **Tip**: You can use the default [values.yaml](values.yaml) - ## Runtime -As noted above, there is a zero percent chance that you will want to deploy this chart with the default runtime configuration. When booting permissioned blockchains in a cloud environment there are three predominant considerations in addition to the normal configuration of any cloud application. +It is unlikely that you will want to deploy this chart with the default runtime configuration. When booting permissioned blockchains in a cloud environment there are three predominant considerations in addition to the normal configuration of any cloud application. 1. What access rights to place on the ports? 2. What is the set of initial accounts and validators for the chain? @@ -104,61 +136,32 @@ As noted above, there is a zero percent chance that you will want to deploy this Each of these considerations will be dealt with in more detail below. -### Configuration of the Ports +### Port Configuration Burrow utilizes three different ports by default: -* `peer`: Burrow's peer port is the port on which the p2p communication within the blockchain network is conducted. The peer port is utilized by burrow's consensus engine (which is the [Tendermint](https://github.com/tendermint/tendermint) engine) to perform bilateral gossiping communication. -* `rpc`: Burrow's rpc port is the port on which remote procedures are conducted. It is utilized by tools such as, e.g., the [Monax](https://github.com/monax/monax) tools which can be utilized to deploy smart contracts and perform other functions. -* `api`: Burrow's api port is the port on which javascript libraries interact with the chain utilizing websockets. It is generally utilized by tools. +* `Peer`: Burrow's peer port is used for P2P communication within the blockchain network as part of the consensus engine ([Tendermint](https://github.com/tendermint/tendermint)) to perform bilateral gossiping communication. +* `Info`: Burrow's info port is used for conducting remote procedures. +* `GRPC`: Burrow's grpc port can be used by JavaScript libraries to interact with the chain over websockets. The default configuration for the chart sets up the port access rights in the following manner: -* `peer`: Peer ports are **only** opened within the cluster. By default, there is no p2p communication exposed to the general internet. Each node within the cluster has its own distinct peer service built by the chart which utilizes a `ClusterIP` service type. -* `rpc`: The RPC port is **only** opened within the cluster. By default, there is no rpc communication exposed to the general internet. There is **one** rpc service built by the chart which utilizes a `ClusterIP` service type. The default rpc service used by the chart is strongly linked to node number `000` and is not load balanced across the nodes by default so as to reduce any challenges with tooling that conduct long-polling after sending transactions. The chart offers an ingress which is connected to the `rpc` service. This is `disabled` by default. -* `api`: The API port is **only** opened within the cluster. By default, there is no api communication exposed to the general internet. There is **one** api service built by the chart which utilizes a `ClusterIP` service type. The default api service used by the chart is load balanced across the nodes within the cluster by default because libraries which utilize this port typical do so on websockets and the service is able to utilize a sessionAffinity setting. - -The following options are available to increase the exposure of the `peer` port: - -* In order to expose the peers to the general internet change the `service.peer.type` to `NodePort`. It is not advised to run p2p traffic through an ingress or other load balancing service as there is uncertainty with respect to the IP address which the blockchain node advertises and gossips. As such, the best way to expose p2p traffic to the internet is to utilize a `NodePort` service type. While such service types can be a challenge to work with in many instances, the p2p libraries that blockchains utilize are very resilient to movement between machine nodes by a blockchain node. The biggest gotcha with `NodePort` service types is the ensure that the machine nodes have proper egress within the cloud or data center provider. As long as the machine nodes do not have egress restrictions disabling the utilization of `NodePort` service types the p2p traffic will be exposed fluidly. - -The following options are available to increase the exposure of the `rpc` port: - -* To expose the rpc service to the general internet change the default `ingress.enabled` to `true` and add the appropriate fields to the ingress for your Kubernetes cluster. This will enable developers to connect to the rpc from their local machines and the general internet will be able to access the rpc service. -* To change from a non-loadBalanced rpc service to a loadBalanced service change the `service.rpc.loadBalance` to `true`. Making this change is not advised if developers or services will be deploying contracts, however it is helpful if developers or services will simply be accessing the informational aspects of the rpc with the caveat that some of the `rpc` end points (e.g., `net_info`) will only return information for a single node and as such will be non-deterministic. -* To change the node that a non-loadBalanced rpc service connects to change the default `service.rpc.node` from `000` to another node number. - -The following options are available to increase the exposure of the `api` port: - -* To change from a loadBalanced api service to a non-loadBalanced servie change the `service.api.loadBalance` to `false` and add the node number to the `service.api.node` field. -* To denote the node that a non-loadBalanced api service connects to add the `service.api.node` to a node number such as `000`. - -### Configuration of the `genesis.json` - -Burrow initializes any single blockchain via use of a `genesis.json` which defines what validators and accounts are given access to the permissioned blockchain when it is booted. - -Anyone that works with either the `monax` toolkit or `burrow` will be familiar with the `genesis.json`. This file is utilized by the blockchain nodes within the cluster to set up their initial state. - -The chart imports the `genesis.json` file as a Kubernetes secret and then mounts the secret in each of the deployments utilized. The chart provides a default genesis file so as to ensure this chart is testable. The genesis file may be used to test out the blockchain, but otherwise should **absolutely not be used**. For more information on how to integrate your own genesis file for this chart see the [examples](examples/) folder. - -### Configuration of the validator keys - -**NOTE the chart has not been security audited and as such one should use the validator keys functionality of the chart at one's own risk**. - -Burrow blockchain nodes need to have a key available to them which has been properly registered within the `genesis.json` initial state. The registered key is what enables a blockchain node to participate in the p2p validation of the network. +* `Peer`: Peer ports are **only** opened within the cluster. By default, there is no P2P communication exposed to the general internet. Each node within the cluster has its own distinct peer service built by the chart which utilizes a `ClusterIP` service type. +* `Info`: The info port is **only** opened within the cluster. By default, there is no info communication exposed to the general internet. There is **one** info service built by the chart which utilizes a `ClusterIP` service type. The default info service used by the chart is strongly linked to node number `000` and is not load balanced across the nodes by default so as to reduce any challenges with tooling that conduct long-polling after sending transactions. The chart offers an ingress which is connected to the info service, but this is `disabled` by default. +* `GRPC`: The grpc port is **only** opened within the cluster. By default, there is no grpc communication exposed to the general internet. There is **one** grpc service built by the chart which utilizes a `ClusterIP` service type. The default grpc service used by the chart is load balanced across the nodes within the cluster by default because libraries which utilize this port typical do so on websockets and the service is able to utilize a sessionAffinity setting. -Anyone that works with either the `monax` toolkit, `burrow`, or `tendermint` will be familiar with the key files known as: `priv_validator.json` files used to initialize an individual blockchain node. +In order to expose the peers to the general internet change the `peer.service.type` to `NodePort`. It is not advised to run P2P traffic through an ingress or other load balancing service as there is uncertainty with respect to the IP address which the blockchain node advertises and gossips. As such, the best way to expose P2P traffic to the internet is to utilize a `NodePort` service type. While such service types can be a challenge to work with in many instances, the P2P libraries that these blockchains utilize are very resilient to movement between machine nodes. The biggest gotcha with `NodePort` service types is to ensure that the machine nodes have proper egress within the cloud or data center provider. As long as the machine nodes do not have egress restrictions disabling the utilization of `NodePort` service types, the P2P traffic will be exposed fluidly. -The chart imports the `priv_validator.json` files as Kubernetes secrets, as such the security of the blockchain is only as strong as the Kubernetes secrets utilized via helm. The chart provides a default keys file so as to ensure that this chart is testable. The key file may be used to test out the blockchain, but otherwise should **absolutely not be used**. For more information on how to integrate your own keys files for this chart see the [examples](examples/) folder. +To expose the info service to the general internet change the default `rpcInfo.ingress.enabled` to `true` and add the appropriate fields to the ingress for your Kubernetes cluster. This will allow developers to connect to the info service from their local machines. -## Other considerations +To disable load balancing on the grpc service, change the `rpcGRPC.service.loadBalance` to `false`. -There are a few other considerations underpinning how this chart was developed. +### Genesis -### Deployments versus StatefulSets +Burrow initializes any single blockchain via use of a `genesis.json` which defines what validators and accounts are given access to the permissioned blockchain when it is booted. The chart imports the `genesis.json` file as a Kubernetes configmap and then mounts it in each node deployment. -The first consideration is whether to utilize multiple deployments or a statefulSet. The chart maintainer has (to date) found it significantly easier to work with multiple deployments than with a statefulSet because the config files and keys differ subltely between and across each blockchain node. StatefulSets are currently not able to as elegantly handle the 1-to-1 linkages between the various key secrets and config files that are necessary to operate each blockchain node within the cluster. +### Validator Keys -### Running multiple chains within your cluster +**NOTE: The chart has not been security audited and as such one should use the validator keys functionality of the chart at one's own risk.** -Many users run multiple blockchains within their cluster. To run more than one blockchain it is best to utilize the `nameOverride` Value and set that to the `$CHAIN_ID` of any one blockchain network. That will allow easy use of multiple chains within a single cluster. For an example of this see the examples directory. +Burrow blockchain nodes need to have a key available to them which has been properly registered within the `genesis.json` initial state. The registered key is what enables a blockchain node to participate in the P2P validation of the network. The chart imports the validator key files as Kubernetes secrets, so the security of the blockchain is only as strong as the cluster's integrity. diff --git a/stable/burrow/ci/keys-values.yaml b/stable/burrow/ci/keys-values.yaml deleted file mode 100644 index a5e9603f6f10..000000000000 --- a/stable/burrow/ci/keys-values.yaml +++ /dev/null @@ -1,6 +0,0 @@ -# The below file is used **only** for testing and quick evaluation purposes. Please see the examples. -genesisFile: "eyJnZW5lc2lzX3RpbWUiOiIyMDE3LTEyLTA4VDEwOjEwOjQ5Ljc4MloiLCJjaGFpbl9pZCI6InNpbXBsZVRlc3RDaGFpbiIsInBhcmFtcyI6eyJnbG9iYWxfcGVybWlzc2lvbnMiOnsiYmFzZSI6eyJwZXJtcyI6MjMwMiwic2V0IjoxNjM4M30sInJvbGVzIjpbXX19LCJhY2NvdW50cyI6W3siYWRkcmVzcyI6IjgzRjBEMTk5NzhGQjFDMkFBNzc2MUUxQ0Q2QUZCOTQxNzYxRkE2NUQiLCJhbW91bnQiOjk5OTk5OTk5OTk5OTk5LCJuYW1lIjoic2ltcGxldGVzdGNoYWluX2Z1bGxfMDAwIiwicGVybWlzc2lvbnMiOnsiYmFzZSI6eyJwZXJtcyI6MTYzODMsInNldCI6MTYzODN9LCJyb2xlcyI6W119fV0sInZhbGlkYXRvcnMiOlt7InB1Yl9rZXkiOlsxLCJENEU4MTRBMjFFMjU2QkZGQTNENzkyOEI4N0Q0NDU1OUJGOTQzN0YzMzg2REI4MUMyNDk0RUM4RDVGN0QzMDkwIl0sImFtb3VudCI6OTk5OTk5OTk5OSwibmFtZSI6InNpbXBsZXRlc3RjaGFpbl9mdWxsXzAwMCIsInVuYm9uZF90byI6W3siYWRkcmVzcyI6IjgzRjBEMTk5NzhGQjFDMkFBNzc2MUUxQ0Q2QUZCOTQxNzYxRkE2NUQiLCJhbW91bnQiOjk5OTk5OTk5OTl9XX1dfQ==" - -# The below file is used **only** for testing and quick evaluation purposes. Please see the examples. -keysFiles: - key-000: "eyJhZGRyZXNzIjoiODNGMEQxOTk3OEZCMUMyQUE3NzYxRTFDRDZBRkI5NDE3NjFGQTY1RCIsInB1Yl9rZXkiOlsxLCJENEU4MTRBMjFFMjU2QkZGQTNENzkyOEI4N0Q0NDU1OUJGOTQzN0YzMzg2REI4MUMyNDk0RUM4RDVGN0QzMDkwIl0sInByaXZfa2V5IjpbMSwiMkVGMjNDRTE0MkFGMEEwNUY0MzY1NzY3NTk5MzA4QkUzOUNBODBBODg2N0M1OTQxMzAwMjc0MjJEQjY2OTU3OUQ0RTgxNEEyMUUyNTZCRkZBM0Q3OTI4Qjg3RDQ0NTU5QkY5NDM3RjMzODZEQjgxQzI0OTRFQzhENUY3RDMwOTAiXSwibGFzdF9oZWlnaHQiOjAsImxhc3Rfcm91bmQiOjAsImxhc3Rfc3RlcCI6MH0=" diff --git a/stable/burrow/ci/test-values.yaml b/stable/burrow/ci/test-values.yaml new file mode 100644 index 000000000000..08a971e68ec9 --- /dev/null +++ b/stable/burrow/ci/test-values.yaml @@ -0,0 +1,21 @@ +# CI Testing Values + +chain: + nodes: 4 + testing: true + +organization: "monax" + +validatorAddresses: + Validator_0: + Address: 744630EA9A7CBD310AE7B8EDAFCBF94E54D23F37 + NodeAddress: 9367CCE15205DC38DA61F5B348AF2AFEED2FE77A + Validator_1: + Address: 2C1B7046183387E63C17898235D3C0FDE4943BC7 + NodeAddress: 5B624373E8EE692ACDAF408F5B8E0831E78FEC50 + Validator_2: + Address: C5291CE95749A2DE1D992946B683280D75EDBE8C + NodeAddress: C13AEAC6523429A1ED244255D2BBAA7CB4AB7CB4 + Validator_3: + Address: A5BCAF761B774A61FADA691AB40C4E9A20D82B7B + NodeAddress: A85AE5C27FEDEFA57F425B7762A1BB5CCA095E64 diff --git a/stable/burrow/examples/1.human_deployment/README.md b/stable/burrow/examples/1.human_deployment/README.md deleted file mode 100644 index 5aa0e30da47b..000000000000 --- a/stable/burrow/examples/1.human_deployment/README.md +++ /dev/null @@ -1,41 +0,0 @@ -The steps to utilize the chart with a human deploying the blockchain network to the Kubernetes cluster and then deploying smart contracts and configuring the accounts on the blockchain, the following sequence can be utilized. - -## Prerequisites - -The easiest way to interact with `burrow` is via the [monax](https://github.com/monax/monax) toolkit. This command line application is built to provide a seamless toolkit for developers seeking to provision and operate burrow networks. The below deployment sequence relies upon a developer having that toolkit installed on their local machine. - -This sequence also requires the very fine [jq](https://stedolan.github.io/jq/) binary to be installed. - -## Deployment Sequence - -The following is an example deployment sequence. - -```bash -CHAIN_NODES=4 -CHAIN_ID=myTestChain -monax chains make $CHAIN_ID \ - --account-types=Root:1,Validator:$CHAIN_NODES - -genesisFile=$(cat \ - $HOME/.monax/chains/$CHAIN_ID/$(echo $CHAIN_ID \ - | tr '[:upper:]' '[:lower:]')_root_000/genesis.json \ - | jq -rc '@base64') - -keysFilesPrefix="keysFiles." -keysFiles="" -for d in $HOME/.monax/chains/$CHAIN_ID/*validator*/; do - key=key-$(basename $d | cut -d "_" -f 3) - val=$(cat $d/priv_validator.json | jq -rc '@base64') - keysFiles+=$keysFilesPrefix$key=$val, -done - -helm install \ - --set chain.name=$CHAIN_ID \ - --set chain.id=$CHAIN_ID \ - --set chain.numberOfNodes=$CHAIN_NODES \ - --set genesisFile=$genesisFile \ - --set $keysFiles \ - stable/burrow - -unset keysFiles genesisFile -``` diff --git a/stable/burrow/examples/2.service_deployment/README.md b/stable/burrow/examples/2.service_deployment/README.md deleted file mode 100644 index 7c028445d5a9..000000000000 --- a/stable/burrow/examples/2.service_deployment/README.md +++ /dev/null @@ -1,116 +0,0 @@ -The steps to utilize the chart with a service (predominantly a CI/CD service) deploying the blockchain network to the Kubernetes cluster and then deploying smart contracts and configuring the accounts on the blockchain, the following sequence can be utilized. - -## Prerequisites - -The easiest way to interact with `burrow` is via the [monax](https://github.com/monax/monax) toolkit. This command line application is built to provide a seamless toolkit for developers seeking to provision and operate burrow networks. The below deployment sequence relies upon a developer having that toolkit installed on their local machine. This sequence also requires the very fine [jq](https://stedolan.github.io/jq/) binary to be installed. - -Monax offers a [docker image](https://quay.io/repository/monax/monax?tag=latest&tab=tags) that includes various tools necessary for deploying blockchains and contracts to Kubernetes clusters via a CI/CD system. If your CI/CD system offers an ability to utilize a custom docker image as the base of the CI/CD sequence then the easiest way to utilize this chart is to use the image: `quay.io/monax/monax-$VERSION-platform_deployer`. That image includes both the monax binary and the jq binary which will be used below. - -Obviously the container performing the CI/CD sequence will need to be able to connect with tiller within the cluster you are seeking to deploy to with the proper credentials. - -## Deployment Script - -The following is an example `.gitlab-ci.yml` that can be used, obviously if you use a different CI/CD system you will need to adjust the fields accordingly to fit your system. However, the yaml below should be approachable for most operators. - -```yaml -image: quay.io/monax/monax:0.18.0-platform_deployer - -stages: - - test - - deploy - -before_script: - - monax init --yes --pull-images=false - -variables: - DOCKER_DRIVER: overlay2 - MONAX_PULL_APPROVE: "true" - -test: - stage: test - script: - - true - -deploy: - stage: deploy - only: - - master@YOUR_REPO - environment: - name: production - url: https://YOUR_URL - variables: - CHAIN_SOURCE_DIRECTORY: "deploy/chain" - CHAIN_DEPLOY_NAME: "YOUR_NAME" - CHAIN_ID: "YOUR_ID" - CHAIN_NODES: 7 - KUBERNETES_NAMESPACE: "YOUR_NAMESPACE" - ORGANIZATION_NAME: "YOUR_ORG" - script: - - deploy/deploy - after_script: - - rm -rf $HOME/.monax/keys; true - retry: 1 -``` - -The following is a sample deploy/deploy script that could be used. - -```bash -#!/usr/bin/env bash -start=`pwd` -export MONAX_PULL_APPROVE="true" - -main() { - make_chain - deploy_chain - exit 0 -} - -make_chain() { - monax chains make $CHAIN_ID \ - --account-types=Full:0,Validator:$CHAIN_NODES 2>/dev/null - mv ~/.monax/chains/$CHAIN_ID/* $CHAIN_SOURCE_DIRECTORY/. - rm -rf ~/.monax/chains/$CHAIN_ID - cat $CHAIN_SOURCE_DIRECTORY/accounts.csv.default >> $CHAIN_SOURCE_DIRECTORY/accounts.csv - GENESIS_FILE=$(monax chains make $CHAIN_ID \ - --known \ - --accounts $CHAIN_SOURCE_DIRECTORY/accounts.csv \ - --validators $CHAIN_SOURCE_DIRECTORY/validators.csv \ - | jq -rc '@base64') - keysFilesPrefix="keysFiles." - KEYS_FILES="" - for d in $CHAIN_SOURCE_DIRECTORY/*validator*/; do - key=key-$(basename $d | cut -d "_" -f 3) - val=$(cat $d/priv_validator.json | jq -rc '@base64') - KEYS_FILES+=$keysFilesPrefix$key=$val, - done - rm -rf $CHAIN_SOURCE_DIRECTORY/*validator*/ && unset keysFilesPrefix KEYS_FILES GENESIS_FILE -} - -deploy_chain() { - set +e - helm delete --purge $CHAIN_DEPLOY_NAME - set -e - helm install \ - --name $CHAIN_DEPLOY_NAME \ - --values $CHAIN_SOURCE_DIRECTORY/values.yaml \ - --namespace $KUBERNETES_NAMESPACE \ - --set chain.name=$CHAIN_ID \ - --set chain.id=$CHAIN_ID \ - --set chain.numberOfNodes=$CHAIN_NODES \ - --set nameOverride=$CHAIN_ID \ - --set organization=$ORGANIZATION_NAME \ - --set genesisFile=$GENESIS_FILE \ - --set $KEYS_FILES \ - stable/burrow - unset $KEYS_FILES -} - -set -e -main $@ -``` - -A few notes about the above script. - -* `CHAIN_SOURCE_DIR`: It is likely convenient when running this chart via CI/CD system to establish within the application's repository a place where default files such as a configured values.yaml and also a csv with accounts can be kept. The above script utilizes such a directory. -* `values.yaml`: The above script utilizes a relatively fixed values.yaml that is kept within the application repository. This is used to configure variables that move infrequently such as the `image.tag` or ingress|persistence which is utilized by the cluster. -* `accounts.csv.default`: The chain that is made uses dynamic validator keys and combines those with fixed keys that are used by the application developers. These keys have been collected during the development process and a .csv was built in the form that is outputted by `monax chains make`. This enables a combination of the accounts with a simple `cat ... >> ...` call as demonstrated in the script. diff --git a/stable/burrow/initialize.sh b/stable/burrow/initialize.sh new file mode 100755 index 000000000000..386cf66506dc --- /dev/null +++ b/stable/burrow/initialize.sh @@ -0,0 +1,108 @@ +#!/usr/bin/env bash + +# Preflight checks +if [[ "$(which mktemp)" == "" ]] +then + echo "Please install mktemp and then rerun me. Exiting." + exit 1 +fi +if [[ "$(which burrow)" == "" ]] +then + echo "Please install Hyperledger Burrow and then rerun me. Exiting." + exit 1 +fi + +export CHAIN_NODES=${CHAIN_NODES:-4} +export CHAIN_NAME=${CHAIN_NAME:-"my-release"} +if [ -z $CHAIN_OUTPUT_DIRECTORY ]; then + export CHAIN_OUTPUT_DIRECTORY=`pwd` +fi + +set -e + +title="Initializing $((CHAIN_NODES)) Validator Nodes" +echo -e "\n${title}\n${title//?/-}\n" + +echo "Writing kubernetes template files for validators secrets, and configmaps." +keysTemplate=$(mktemp) +valsTemplate=$(mktemp) +genSpec=$(mktemp) +genesis=$(mktemp) +keys=$(mktemp -d) + + +cat >$keysTemplate <>-keys +data: + <<- \$keys:=.Keys ->> + <<- range .Keys ->> + <<- if index \$keys .Address >> + << .Address >>.json: << base64 (index \$keys .Address).KeyJSON >> + <<- end ->> + <<- end ->> + <<- range .Validators ->> + <<- if index \$keys .NodeAddress >> + nodekey-<< .Name >>: << base64 (index \$keys .NodeAddress).KeyJSON >> + <<- end ->> + <<- end ->> +EOF + +cat >$valsTemplate <> + << .Name >>: + Address: << .Address ->> + <> + NodeAddress: << .NodeAddress >> + <<- end ->> + <<- end >> +EOF + +echo "Building the genesis spec with burrow ($(burrow --version))." +burrow spec \ + --toml \ + --validator-accounts=$CHAIN_NODES \ + $CHAIN_SPEC_FILES > $genSpec + +echo "Creating keys and necessary deploy files..." +burrow configure \ + --generate-node-keys \ + --chain-name=$CHAIN_NAME \ + --keysdir=$keys \ + --genesis-spec=$genSpec \ + --config-template-in=$keysTemplate \ + --config-out=$CHAIN_OUTPUT_DIRECTORY/chain-info.yaml \ + --config-template-in=$valsTemplate \ + --config-out=$CHAIN_OUTPUT_DIRECTORY/initialize.yaml \ + --separate-genesis-doc=$genesis >/dev/null + +echo "Saved Kubernetes specification as $CHAIN_OUTPUT_DIRECTORY/chain-info.yaml" +echo "Saved example 'values.yaml' as $CHAIN_OUTPUT_DIRECTORY/initialize.yaml" + +cat >>$CHAIN_OUTPUT_DIRECTORY/chain-info.yaml < Date: Sat, 22 Dec 2018 02:17:47 +0100 Subject: [PATCH 100/136] [stable/postgresql] Enable synchronous replication (#10214) * [stable/postgresql] Enable synchronous replication Signed-off-by: Javier J. Salmeron Garcia * Update values-production.yaml Signed-off-by: Javier J. Salmeron Garcia * Lint Signed-off-by: Javier J. Salmeron Garcia Signed-off-by: Melissa Palmer --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/README.md | 3 +++ stable/postgresql/templates/statefulset-slaves.yaml | 2 ++ stable/postgresql/templates/statefulset.yaml | 8 ++++++++ stable/postgresql/values-production.yaml | 10 +++++++++- stable/postgresql/values.yaml | 8 ++++++++ 6 files changed, 31 insertions(+), 2 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 0ad9aa0e8b0a..3f4438b4eb26 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.6.0 +version: 3.7.0 appVersion: 10.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/README.md b/stable/postgresql/README.md index cc55f8149137..5d98f4834cf4 100644 --- a/stable/postgresql/README.md +++ b/stable/postgresql/README.md @@ -64,6 +64,9 @@ The following tables lists the configurable parameters of the PostgreSQL chart a | `replication.user` | Replication user | `repl_user` | | `replication.password` | Replication user password | `repl_password` | | `replication.slaveReplicas` | Number of slaves replicas | `1` | +| `replication.synchronousCommit` | Set synchronous commit mode. Allowed values: `on`, `remote_apply`, `remote_write`, `local` and `off` | `off` | +| `replication.numSynchronousReplicas` | Number of replicas that will have synchronous replication. Note: Cannot be greater than `replication.slaveReplicas`. | `0` | +| `replication.applicationName` | Cluster application name. Useful for advanced replication settings | `my_application` | | `existingSecret` | Name of existing secret to use for PostgreSQL passwords | `nil` | | `postgresqlUsername` | PostgreSQL admin user | `postgres` | | `postgresqlPassword` | PostgreSQL admin password | _random 10 character alphanumeric string_ | diff --git a/stable/postgresql/templates/statefulset-slaves.yaml b/stable/postgresql/templates/statefulset-slaves.yaml index c862c17ec3aa..29d8e8834c75 100644 --- a/stable/postgresql/templates/statefulset-slaves.yaml +++ b/stable/postgresql/templates/statefulset-slaves.yaml @@ -98,6 +98,8 @@ spec: name: {{ template "postgresql.secretName" . }} key: postgresql-replication-password {{- end }} + - name: POSTGRESQL_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} - name: POSTGRESQL_MASTER_HOST value: {{ template "postgresql.fullname" . }} - name: POSTGRESQL_MASTER_PORT_NUMBER diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index 3c7ac8429889..6502808dc9be 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -103,6 +103,14 @@ spec: name: {{ template "postgresql.secretName" . }} key: postgresql-replication-password {{- end }} + {{- if not (eq .Values.replication.synchronousCommit "off")}} + - name: POSTGRESQL_SYNCHRONOUS_COMMIT_MODE + value: {{ .Values.replication.synchronousCommit }} + - name: POSTGRESQL_NUM_SYNCHRONOUS_REPLICAS + value: {{ .Values.replication.numSynchronousReplicas }} + {{- end }} + - name: POSTGRESQL_CLUSTER_APP_NAME + value: {{ .Values.replication.applicationName }} {{- end }} - name: POSTGRESQL_USERNAME value: {{ .Values.postgresqlUsername | quote }} diff --git a/stable/postgresql/values-production.yaml b/stable/postgresql/values-production.yaml index 4868be2d9b82..204dfe9b095e 100644 --- a/stable/postgresql/values-production.yaml +++ b/stable/postgresql/values-production.yaml @@ -60,7 +60,15 @@ replication: enabled: true user: repl_user password: repl_password - slaveReplicas: 1 + slaveReplicas: 2 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: "on" + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 1 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application ## PostgreSQL admin user ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run diff --git a/stable/postgresql/values.yaml b/stable/postgresql/values.yaml index 3666d232c090..a41f0f385717 100644 --- a/stable/postgresql/values.yaml +++ b/stable/postgresql/values.yaml @@ -61,6 +61,14 @@ replication: user: repl_user password: repl_password slaveReplicas: 1 + ## Set synchronous commit mode: on, off, remote_apply, remote_write and local + ## ref: https://www.postgresql.org/docs/9.6/runtime-config-wal.html#GUC-WAL-LEVEL + synchronousCommit: "off" + ## From the number of `slaveReplicas` defined above, set the number of those that will have synchronous replication + ## NOTE: It cannot be > slaveReplicas + numSynchronousReplicas: 0 + ## Replication Cluster application name. Useful for defining multiple replication policies + applicationName: my_application ## PostgreSQL admin user ## ref: https://github.com/bitnami/bitnami-docker-postgresql/blob/master/README.md#setting-the-root-password-on-first-run From 8ce1d3c628274c8e2f2c278c31bc00b2dc46567b Mon Sep 17 00:00:00 2001 From: Rafael Fonseca Date: Sat, 22 Dec 2018 15:48:27 +1300 Subject: [PATCH 101/136] [stable/traefik] Parameterize metrics port exposure (#9430) * Parameterize exposure of metrics port on main service Signed-off-by: Rafael Fonseca * Add default values Signed-off-by: Rafael Fonseca * Update documentation Signed-off-by: Rafael Fonseca * Bump chart version Signed-off-by: Rafael Fonseca Signed-off-by: Melissa Palmer --- stable/traefik/Chart.yaml | 2 +- stable/traefik/README.md | 1 + stable/traefik/templates/service.yaml | 2 +- stable/traefik/values.yaml | 3 +++ 4 files changed, 6 insertions(+), 2 deletions(-) diff --git a/stable/traefik/Chart.yaml b/stable/traefik/Chart.yaml index db82bb942312..0e4c38138bd5 100755 --- a/stable/traefik/Chart.yaml +++ b/stable/traefik/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: traefik -version: 1.55.2 +version: 1.56.0 appVersion: 1.7.6 description: A Traefik based Kubernetes ingress controller with Let's Encrypt support keywords: diff --git a/stable/traefik/README.md b/stable/traefik/README.md index ec2fb4097100..53693678fac2 100644 --- a/stable/traefik/README.md +++ b/stable/traefik/README.md @@ -181,6 +181,7 @@ The following table lists the configurable parameters of the Traefik chart and t | `accessLogs.fields.headers.defaultMode`| The default behaviour for logging HTTP headers in JSON access logs. Either `keep`, `drop` or `redact` | `keep` | | `accessLogs.fields.headers.names` | A map of HTTP-header-specific logging behaviours in JSON access logs, with HTTP header names as keys, and `keep`, `drop` or `redact` as the value for each map entry | None | | `metrics.prometheus.enabled` | Whether to enable the `/metrics` endpoint for metric collection by Prometheus. | `false` | +| `metrics.prometheus.restrictAccess` | Whether to limit access to the metrics port (8080) to the dashboard service. When `false`, it is accessible on the main Traefik service as well. | `false` | | `metrics.prometheus.buckets` | A list of response times (in seconds) - for each list element, Traefik will report all response times less than the element. | `[0.1,0.3,1.2,5]` | | `metrics.datadog.enabled` | Whether to enable pushing metrics to Datadog. | `false` | | `metrics.datadog.address` | Datadog host in the format : | `localhost:8125` | diff --git a/stable/traefik/templates/service.yaml b/stable/traefik/templates/service.yaml index fe11b3a071ad..92ee7c96d653 100644 --- a/stable/traefik/templates/service.yaml +++ b/stable/traefik/templates/service.yaml @@ -54,7 +54,7 @@ spec: {{- if not .Values.ssl.enabled }} targetPort: httpn {{- end }} - {{- if .Values.metrics.prometheus.enabled }} + {{- if (and (.Values.metrics.prometheus.enabled) (not (.Values.metrics.prometheus.restrictAccess)))}} - port: 8080 name: metrics targetPort: dash diff --git a/stable/traefik/values.yaml b/stable/traefik/values.yaml index d555632af386..e982c63ab8d0 100755 --- a/stable/traefik/values.yaml +++ b/stable/traefik/values.yaml @@ -316,6 +316,9 @@ rbac: metrics: prometheus: enabled: false + ## If true, prevents exposing port 8080 on the main Traefik service, reserving + ## it to the dashboard service only + restrictAccess: false # buckets: [0.1,0.3,1.2,5] datadog: enabled: false From 5185b0c81d53ce0bcf14fdda1dc5e41ea6645b44 Mon Sep 17 00:00:00 2001 From: Jacob Block Date: Sat, 22 Dec 2018 08:18:27 -0600 Subject: [PATCH 102/136] [stable/unifi] Add UID and GID options. (#10218) Signed-off-by: Jacob Block Signed-off-by: Melissa Palmer --- stable/unifi/Chart.yaml | 2 +- stable/unifi/README.md | 2 ++ stable/unifi/templates/deployment.yaml | 4 ++++ stable/unifi/values.yaml | 2 ++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/unifi/Chart.yaml b/stable/unifi/Chart.yaml index 0d9238229804..1fbc059f86e6 100644 --- a/stable/unifi/Chart.yaml +++ b/stable/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.2.3 +version: 0.2.4 keywords: - ubiquiti - unifi diff --git a/stable/unifi/README.md b/stable/unifi/README.md index 599ff38e73dc..90b09bfb6ec1 100644 --- a/stable/unifi/README.md +++ b/stable/unifi/README.md @@ -75,6 +75,8 @@ The following tables lists the configurable parameters of the Sentry chart and t | `ingress.tls` | Ingress TLS configuration | `[]` | | `timezone` | Timezone the Unifi controller should run as, e.g. 'America/New York' | `UTC` | | `runAsRoot` | Run the controller as UID0 (root user) | `false` | +| `UID` | Run the controller as user UID | `999` | +| `GID` | Run the controller as group GID | `999` | | `addSetfcap` | Give the controller container the SETFCAP capability; this is necessary when not running as root | `true` | | `mongodb.enabled` | Use external MongoDB for data storage | `false` | | `mongodb.dbUri` | external MongoDB URI | `mongodb://mongo/unifi` | diff --git a/stable/unifi/templates/deployment.yaml b/stable/unifi/templates/deployment.yaml index 354859381583..33dc6ed8684f 100644 --- a/stable/unifi/templates/deployment.yaml +++ b/stable/unifi/templates/deployment.yaml @@ -65,6 +65,10 @@ spec: value: "{{ .Values.timezone }}" - name: RUNAS_UID0 value: "{{ .Values.runAsRoot }}" + - name: UNIFI_UID + value: "{{ .Values.UID }}" + - name: UNIFI_GID + value: "{{ .Values.GID }}" {{- if .Values.mongodb.enabled }} - name: DB_URI value: "{{ .Values.mongodb.dbUri }}" diff --git a/stable/unifi/values.yaml b/stable/unifi/values.yaml index 51f00c899a43..a6bd34f64739 100644 --- a/stable/unifi/values.yaml +++ b/stable/unifi/values.yaml @@ -110,6 +110,8 @@ timezone: UTC runAsRoot: false addSetfcap: true +UID: 999 +GID: 999 # define an external mongoDB instead of using the built-in mongodb mongodb: From 3927607aff62f7b1bfeafb166bd0d99dc0237a91 Mon Sep 17 00:00:00 2001 From: Nisan Itzhakov Date: Sat, 22 Dec 2018 18:08:15 +0200 Subject: [PATCH 103/136] Added options to allow custom variables from secrets (#10221) Signed-off-by: Nisan Itzhakov Signed-off-by: Melissa Palmer --- stable/fluentd-elasticsearch/Chart.yaml | 2 +- stable/fluentd-elasticsearch/README.md | 1 + stable/fluentd-elasticsearch/templates/daemonset.yaml | 9 +++++++++ stable/fluentd-elasticsearch/values.yaml | 6 ++++++ 4 files changed, 17 insertions(+), 1 deletion(-) diff --git a/stable/fluentd-elasticsearch/Chart.yaml b/stable/fluentd-elasticsearch/Chart.yaml index 205c1cbcaf35..eddfd10e8762 100644 --- a/stable/fluentd-elasticsearch/Chart.yaml +++ b/stable/fluentd-elasticsearch/Chart.yaml @@ -1,5 +1,5 @@ name: fluentd-elasticsearch -version: 2.0.1 +version: 2.0.2 appVersion: 2.3.2 home: https://www.fluentd.org/ description: A Fluentd Helm chart for Kubernetes with Elasticsearch output diff --git a/stable/fluentd-elasticsearch/README.md b/stable/fluentd-elasticsearch/README.md index b1a81b1a0b8b..3443179f3f53 100644 --- a/stable/fluentd-elasticsearch/README.md +++ b/stable/fluentd-elasticsearch/README.md @@ -54,6 +54,7 @@ The following table lists the configurable parameters of the Fluentd elasticsear | `elasticsearch.buffer_queue_limit` | Elasticsearch buffer queue limit | `8` | | `elasticsearch.scheme` | Elasticsearch scheme setting | `http` | | `env` | List of environment variables that are added to the fluentd pods | `{}` | +| `secret` | List of environment variables that are set from secrets and added to the fluentd pods | `[]` | | `extraVolumeMounts` | Mount an extra volume, required to mount ssl certificates when elasticsearch has tls enabled | | | `extraVolume` | Extra volume | | | `image.repository` | Image | `gcr.io/google-containers/fluentd-elasticsearch` | diff --git a/stable/fluentd-elasticsearch/templates/daemonset.yaml b/stable/fluentd-elasticsearch/templates/daemonset.yaml index fdcd67e8cd1e..b0a67330f193 100644 --- a/stable/fluentd-elasticsearch/templates/daemonset.yaml +++ b/stable/fluentd-elasticsearch/templates/daemonset.yaml @@ -62,6 +62,15 @@ spec: value: {{ $value | quote }} {{- end }} {{- end }} + {{- if .Values.secret }} + {{- range $key, $value := .Values.secret }} + - name: {{ .name }} + valueFrom: + secretKeyRef: + name: {{ $value.secret_name }} + key: {{ $value.secret_key | quote }} + {{- end }} + {{- end }} - name: K8S_NODE_NAME valueFrom: fieldRef: diff --git a/stable/fluentd-elasticsearch/values.yaml b/stable/fluentd-elasticsearch/values.yaml index b0f5e794ce9b..510628262f60 100644 --- a/stable/fluentd-elasticsearch/values.yaml +++ b/stable/fluentd-elasticsearch/values.yaml @@ -32,6 +32,12 @@ elasticsearch: env: # OUTPUT_USER: my_user +# If you want to add custom environment variables from secrets, use the secret list +secret: +# - name: ELASTICSEARCH_PASSWORD +# secret_name: elasticsearch +# secret_key: password + rbac: create: true From 73a4bda4df35da7777c759b746bce0e5f16d399e Mon Sep 17 00:00:00 2001 From: sekka1 Date: Mon, 24 Dec 2018 10:22:08 -0800 Subject: [PATCH 104/136] [stable/kong] add support to enable HTTP and HTTPS traffic simultaneously (#10182) * Separating control for tls and http proxy ports Signed-off-by: garland * Updating readme with new params Signed-off-by: garland * Bumping chart version Signed-off-by: garland * simplifying if logic Signed-off-by: garland * Updating default proxy service port Signed-off-by: garland * Simplifying if statement Signed-off-by: garland * mentioning protocol in the port selection Signed-off-by: garland * removing unused params Signed-off-by: garland * Update unused variable usage Signed-off-by: garland * Enabling http and tls by default Signed-off-by: garland * Commenting out nodePort usage Signed-off-by: garland * Adding starting space to comment Signed-off-by: garland Signed-off-by: Melissa Palmer --- stable/kong/Chart.yaml | 2 +- stable/kong/README.md | 12 +++++--- stable/kong/templates/NOTES.txt | 12 ++++++-- stable/kong/templates/_helpers.tpl | 29 +++++++++++++++++++ stable/kong/templates/deployment.yaml | 16 +++++----- stable/kong/templates/ingress-proxy.yaml | 4 +-- stable/kong/templates/service-kong-proxy.yaml | 21 +++++++++++--- stable/kong/values.yaml | 20 +++++++++---- 8 files changed, 90 insertions(+), 26 deletions(-) diff --git a/stable/kong/Chart.yaml b/stable/kong/Chart.yaml index 04c57c1a079e..863f73445718 100644 --- a/stable/kong/Chart.yaml +++ b/stable/kong/Chart.yaml @@ -12,5 +12,5 @@ maintainers: name: kong sources: - https://github.com/Kong/kong -version: 0.6.9 +version: 0.7.0 appVersion: 0.14.1 diff --git a/stable/kong/README.md b/stable/kong/README.md index a6e85fb6fdbe..65e353879e6a 100644 --- a/stable/kong/README.md +++ b/stable/kong/README.md @@ -67,10 +67,14 @@ and their default values. | admin.ingress.hosts | List of ingress hosts. | `[]` | | admin.ingress.path | Ingress path. | `/` | | admin.ingress.annotations | Ingress annotations. See documentation for your ingress controller for details | `{}` | -| proxy.useTLS | Secure Proxy traffic | `true` | -| proxy.servicePort | TCP port on which the Kong Proxy Service is exposed | `8443` | -| proxy.containerPort | TCP port on which the Kong app listens for Proxy traffic | `8443` | -| proxy.nodePort | Node port when service type is `NodePort` | | +| proxy.http.enabled | Enables http on the proxy | true | +| proxy.http.servicePort | Service port to use for http | 80 | +| proxy.http.containerPort | Container port to use for http | 8000 | +| proxy.http.nodePort | Node port to use for http | 32080 | +| proxy.tls.enabled | Enables TLS on the proxy | true | +| proxy.tls.containerPort | Container port to use for TLS | 8443 | +| proxy.tls.servicePort | Service port to use for TLS | 8443 | +| proxy.tls.nodePort | Node port to use for TLS | 32443 | | proxy.type | k8s service type. Options: NodePort, ClusterIP, LoadBalancer | `NodePort` | | proxy.loadBalancerSourceRanges | Limit proxy access to CIDRs if set and service type is `LoadBalancer` | `[]` | | proxy.loadBalancerIP | To reuse an existing ingress static IP for the admin service | | diff --git a/stable/kong/templates/NOTES.txt b/stable/kong/templates/NOTES.txt index ec6fadd3efec..7724fdcde929 100644 --- a/stable/kong/templates/NOTES.txt +++ b/stable/kong/templates/NOTES.txt @@ -37,7 +37,11 @@ use one of the addresses listed below 2. Kong Proxy can be accessed inside the cluster using: DNS={{ template "kong.fullname" . }}-proxy.{{ .Release.Namespace }}.svc.cluster.local - PORT={{ .Values.proxy.servicePort }} + {{- if .Values.proxy.tls.enabled -}} + PORT={{ .Values.proxy.tls.servicePort }} + {{- else -}} + PORT={{ .Values.proxy.http.servicePort }} + {{- end -}} To connect from outside the K8s cluster: @@ -69,5 +73,9 @@ use one of the addresses listed below # Execute the following commands to route the connection to proxy SSL port: export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "release={{ .Release.Name }}, app={{ template "kong.name" . }}" -o jsonpath="{.items[0].metadata.name}") - kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.proxy.servicePort }}:{{ .Values.proxy.servicePort }} + {{- if .Values.proxy.tls.enabled -}} + kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.proxy.tls.servicePort }}:{{ .Values.proxy.tls.servicePort }} + {{- else -}} + kubectl port-forward --namespace {{ .Release.Namespace }} $POD_NAME {{ .Values.proxy.http.servicePort }}:{{ .Values.proxy.http.servicePort }} + {{- end -}} {{- end }} diff --git a/stable/kong/templates/_helpers.tpl b/stable/kong/templates/_helpers.tpl index d3a3d2152314..9b1350917b39 100644 --- a/stable/kong/templates/_helpers.tpl +++ b/stable/kong/templates/_helpers.tpl @@ -33,3 +33,32 @@ Create the name of the service account to use {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} + +{{/* +Create the KONG_PROXY_LISTEN value string +*/}} +{{- define "kong.kongProxyListenValue" -}} + +{{- if and .Values.proxy.http.enabled .Values.proxy.tls.enabled -}} + 0.0.0.0:{{ .Values.proxy.http.containerPort }},0.0.0.0:{{ .Values.proxy.tls.containerPort }} ssl +{{- else -}} +{{- if .Values.proxy.http.enabled -}} + 0.0.0.0:{{ .Values.proxy.http.containerPort }} +{{- end -}} +{{- if .Values.proxy.tls.enabled -}} + 0.0.0.0:{{ .Values.proxy.tls.containerPort }} ssl +{{- end -}} +{{- end -}} + +{{- end }} + +{{/* +Create the ingress servicePort value string +*/}} +{{- define "kong.ingress.servicePort" -}} +{{- if .Values.proxy.tls.enabled -}} + {{ .Values.proxy.tls.servicePort }} +{{- else -}} + {{ .Values.proxy.http.servicePort }} +{{- end -}} +{{- end -}} diff --git a/stable/kong/templates/deployment.yaml b/stable/kong/templates/deployment.yaml index d7b19dfc8b3c..807d35758867 100644 --- a/stable/kong/templates/deployment.yaml +++ b/stable/kong/templates/deployment.yaml @@ -76,13 +76,8 @@ spec: - name: KONG_ADMIN_LISTEN value: 0.0.0.0:{{ .Values.admin.containerPort }} {{- end }} - {{- if .Values.proxy.useTLS }} - name: KONG_PROXY_LISTEN - value: "0.0.0.0:{{ .Values.proxy.containerPort }} ssl" - {{- else }} - - name: KONG_PROXY_LISTEN - value: 0.0.0.0:{{ .Values.proxy.containerPort }} - {{- end }} + value: {{ template "kong.kongProxyListenValue" . }} - name: KONG_NGINX_DAEMON value: "off" - name: KONG_PROXY_ACCESS_LOG @@ -116,9 +111,16 @@ spec: - name: admin containerPort: {{ .Values.admin.containerPort }} protocol: TCP + {{- if .Values.proxy.http.enabled }} - name: proxy - containerPort: {{ .Values.proxy.containerPort }} + containerPort: {{ .Values.proxy.http.containerPort }} protocol: TCP + {{- end }} + {{- if .Values.proxy.tls.enabled }} + - name: proxy-tls + containerPort: {{ .Values.proxy.tls.containerPort }} + protocol: TCP + {{- end }} readinessProbe: {{ toYaml .Values.readinessProbe | indent 10 }} livenessProbe: diff --git a/stable/kong/templates/ingress-proxy.yaml b/stable/kong/templates/ingress-proxy.yaml index f96dfadaf71b..82b23e81d2c7 100644 --- a/stable/kong/templates/ingress-proxy.yaml +++ b/stable/kong/templates/ingress-proxy.yaml @@ -1,6 +1,6 @@ {{- if .Values.proxy.ingress.enabled -}} {{- $serviceName := include "kong.fullname" . -}} -{{- $servicePort := .Values.proxy.servicePort -}} +{{- $servicePort := include "kong.ingress.servicePort" . -}} {{- $path := .Values.proxy.ingress.path -}} apiVersion: extensions/v1beta1 kind: Ingress @@ -30,4 +30,4 @@ spec: tls: {{ toYaml .Values.proxy.ingress.tls | indent 4 }} {{- end -}} -{{- end -}} \ No newline at end of file +{{- end -}} diff --git a/stable/kong/templates/service-kong-proxy.yaml b/stable/kong/templates/service-kong-proxy.yaml index 090839e5665f..f48faff3bec4 100644 --- a/stable/kong/templates/service-kong-proxy.yaml +++ b/stable/kong/templates/service-kong-proxy.yaml @@ -25,13 +25,26 @@ spec: {{- end }} {{- end }} ports: + {{- if .Values.proxy.http.enabled }} - name: kong-proxy - port: {{ .Values.proxy.servicePort }} - targetPort: {{ .Values.proxy.containerPort }} - {{- if (and (eq .Values.proxy.type "NodePort") (not (empty .Values.proxy.nodePort))) }} - nodePort: {{ .Values.proxy.nodePort }} + port: {{ .Values.proxy.http.servicePort }} + targetPort: {{ .Values.proxy.http.containerPort }} + {{- if (and (eq .Values.proxy.type "NodePort") (not (empty .Values.proxy.http.nodePort))) }} + nodePort: {{ .Values.proxy.http.nodePort }} {{- end }} protocol: TCP + {{- end }} + {{- if or .Values.proxy.tls.enabled }} + - name: kong-proxy-tls + port: {{ .Values.proxy.tls.servicePort }} + targetPort: {{ .Values.proxy.tls.containerPort }} + {{- if (and (eq .Values.proxy.type "NodePort") (not (empty .Values.proxy.tls.nodePort))) }} + nodePort: {{ .Values.proxy.tls.nodePort }} + {{- end }} + protocol: TCP + {{- end }} + + selector: app: {{ template "kong.name" . }} release: {{ .Release.Name }} diff --git a/stable/kong/values.yaml b/stable/kong/values.yaml index e9456b5d853c..6f2041aeb5c3 100644 --- a/stable/kong/values.yaml +++ b/stable/kong/values.yaml @@ -51,13 +51,21 @@ proxy: annotations: {} # service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: "*" - # HTTPS traffic on the proxy port - useTLS: true - servicePort: 8443 - containerPort: 8443 + # HTTP plain-text traffic + http: + enabled: true + servicePort: 80 + containerPort: 8000 + # nodePort: 32080 + + tls: + enabled: true + servicePort: 443 + containerPort: 8443 + # nodePort: 32443 + type: NodePort - # Set a nodePort which is available - # nodePort: 32443 + # Kong proxy ingress settings. ingress: # Enable/disable exposure using ingress. From f5152002e78824e746bc3cbba02b0d203d9d4922 Mon Sep 17 00:00:00 2001 From: Renat Galiev Date: Tue, 25 Dec 2018 13:57:23 +0300 Subject: [PATCH 105/136] [stable/mysql] Support defining PriorityClass (#10240) Signed-off-by: Renat Galiev Signed-off-by: Melissa Palmer --- stable/mysql/Chart.yaml | 2 +- stable/mysql/README.md | 1 + stable/mysql/templates/deployment.yaml | 3 +++ stable/mysql/values.yaml | 3 +++ 4 files changed, 8 insertions(+), 1 deletion(-) diff --git a/stable/mysql/Chart.yaml b/stable/mysql/Chart.yaml index 2cd106b3cfef..f4de1f18c0c4 100755 --- a/stable/mysql/Chart.yaml +++ b/stable/mysql/Chart.yaml @@ -1,5 +1,5 @@ name: mysql -version: 0.11.0 +version: 0.12.0 appVersion: 5.7.14 description: Fast, reliable, scalable, and easy to use open-source relational database system. diff --git a/stable/mysql/README.md b/stable/mysql/README.md index 5bba345e5167..f1abaa2705b8 100755 --- a/stable/mysql/README.md +++ b/stable/mysql/README.md @@ -100,6 +100,7 @@ The following table lists the configurable parameters of the MySQL chart and the | `initializationFiles` | List of SQL files which are run after the container started | `nil` | | `timezone` | Container and mysqld timezone (TZ env) | `nil` (UTC depending on image) | | `podAnnotations` | Map of annotations to add to the pods | `{}` | +| `priorityClassName` | Set pod priorityClassName | `{}` | Some of the parameters above map to the env variables defined in the [MySQL DockerHub image](https://hub.docker.com/_/mysql/). diff --git a/stable/mysql/templates/deployment.yaml b/stable/mysql/templates/deployment.yaml index e07031a10c0d..e1320015c262 100644 --- a/stable/mysql/templates/deployment.yaml +++ b/stable/mysql/templates/deployment.yaml @@ -20,6 +20,9 @@ spec: {{- if .Values.imagePullSecrets }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 8 }} + {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: "{{ .Values.priorityClassName }}" {{- end }} initContainers: - name: "remove-lost-found" diff --git a/stable/mysql/values.yaml b/stable/mysql/values.yaml index ed00b1f01c97..a87de8382264 100644 --- a/stable/mysql/values.yaml +++ b/stable/mysql/values.yaml @@ -166,3 +166,6 @@ ssl: # To be added to the database server pod(s) podAnnotations: {} + +## Set pod priorityClassName +# priorityClassName: {} From 0a53d162f3e91abe4ed167fed9f9bbcda9d2773b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Javier=20J=2E=20Salmer=C3=B3n-Garc=C3=ADa?= Date: Wed, 26 Dec 2018 10:09:54 +0100 Subject: [PATCH 106/136] [stable/postgresql] Fix quote bug (#10224) Signed-off-by: Javier J. Salmeron Garcia Signed-off-by: Melissa Palmer --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/templates/statefulset.yaml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 3f4438b4eb26..48b382536062 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.7.0 +version: 3.7.1 appVersion: 10.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index 6502808dc9be..328190a5d59f 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -105,9 +105,9 @@ spec: {{- end }} {{- if not (eq .Values.replication.synchronousCommit "off")}} - name: POSTGRESQL_SYNCHRONOUS_COMMIT_MODE - value: {{ .Values.replication.synchronousCommit }} + value: {{ .Values.replication.synchronousCommit | quote }} - name: POSTGRESQL_NUM_SYNCHRONOUS_REPLICAS - value: {{ .Values.replication.numSynchronousReplicas }} + value: {{ .Values.replication.numSynchronousReplicas | quote }} {{- end }} - name: POSTGRESQL_CLUSTER_APP_NAME value: {{ .Values.replication.applicationName }} From 28e2978e9e380a75889fbab511b17d0824410ce2 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Thu, 27 Dec 2018 00:05:47 +0100 Subject: [PATCH 107/136] prestashop: update to `1.7.5-0` (#10254) Signed-off-by: Bitnami Containers Signed-off-by: Melissa Palmer --- stable/prestashop/Chart.yaml | 8 +++----- stable/prestashop/values.yaml | 2 +- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/stable/prestashop/Chart.yaml b/stable/prestashop/Chart.yaml index 75539d89377e..c6b861d694ab 100644 --- a/stable/prestashop/Chart.yaml +++ b/stable/prestashop/Chart.yaml @@ -1,9 +1,7 @@ name: prestashop -version: 5.0.1 -appVersion: 1.7.4-4 -description: A popular open source ecommerce solution. Professional tools are easily - accessible to increase online sales including instant guest checkout, abandoned - cart reminders and automated Email marketing. +version: 5.0.2 +appVersion: 1.7.5-0 +description: A popular open source ecommerce solution. Professional tools are easily accessible to increase online sales including instant guest checkout, abandoned cart reminders and automated Email marketing. keywords: - prestashop - e-commerce diff --git a/stable/prestashop/values.yaml b/stable/prestashop/values.yaml index 69c0bc0965a2..ab8d470524a1 100644 --- a/stable/prestashop/values.yaml +++ b/stable/prestashop/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/prestashop - tag: 1.7.4-4 + tag: 1.7.5-0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From 0caa050ffbb040a6542450545c9114a61051af99 Mon Sep 17 00:00:00 2001 From: Maor Friedman Date: Thu, 27 Dec 2018 12:04:26 +0200 Subject: [PATCH 108/136] [incubator/cassandra] add backup support for Minio S3 (#10250) Signed-off-by: Maor Signed-off-by: Melissa Palmer --- incubator/cassandra/Chart.yaml | 2 +- incubator/cassandra/OWNERS | 1 + incubator/cassandra/README.md | 2 +- incubator/cassandra/values.yaml | 4 ++-- 4 files changed, 5 insertions(+), 4 deletions(-) diff --git a/incubator/cassandra/Chart.yaml b/incubator/cassandra/Chart.yaml index 2ab671bd09c8..2760d305464f 100644 --- a/incubator/cassandra/Chart.yaml +++ b/incubator/cassandra/Chart.yaml @@ -1,5 +1,5 @@ name: cassandra -version: 0.10.0 +version: 0.10.1 appVersion: 3.11.3 description: Apache Cassandra is a free and open-source distributed database management system designed to handle large amounts of data across many commodity servers, providing diff --git a/incubator/cassandra/OWNERS b/incubator/cassandra/OWNERS index b8103167037f..18bfaf1bc4e2 100644 --- a/incubator/cassandra/OWNERS +++ b/incubator/cassandra/OWNERS @@ -1,6 +1,7 @@ approvers: - KongZ - maver1ck +- maorfr reviewers: - KongZ - maver1ck diff --git a/incubator/cassandra/README.md b/incubator/cassandra/README.md index bba89615b2c3..6cdbb8aa0cd4 100644 --- a/incubator/cassandra/README.md +++ b/incubator/cassandra/README.md @@ -129,7 +129,7 @@ The following table lists the configurable parameters of the Cassandra chart and | `backup.schedule` | Keyspaces to backup, each with cron time | | | `backup.annotations` | Backup pod annotations | iam.amazonaws.com/role: `cain` | | `backup.image.repo` | Backup image repository | `nuvo/cain` | -| `backup.image.tag` | Backup image tag | `0.3.0` | +| `backup.image.tag` | Backup image tag | `0.4.1` | | `backup.extraArgs` | Additional arguments for cain | `[]` | | `backup.env` | Backup environment variables | AWS_REGION: `us-east-1` | | `backup.resources` | Backup CPU/Memory resource requests/limits | Memory: `1Gi`, CPU: `1` | diff --git a/incubator/cassandra/values.yaml b/incubator/cassandra/values.yaml index 7caaaa128e67..86cec364e33c 100644 --- a/incubator/cassandra/values.yaml +++ b/incubator/cassandra/values.yaml @@ -168,7 +168,7 @@ backup: image: repos: nuvo/cain - tag: 0.3.0 + tag: 0.4.1 # Additional arguments for cain # Ref: https://github.com/nuvo/cain#usage @@ -189,7 +189,7 @@ backup: cpu: 1 # Destination to store the backup artifacts - # Supported cloud storage services: AWS S3, Azure Blob Storage + # Supported cloud storage services: AWS S3, Minio S3, Azure Blob Storage # Additional support can added. Visit this repository for details # Ref: https://github.com/nuvo/skbn destination: s3://bucket/cassandra From 1736968d92f186dfe97c8f0e82980a0db138e536 Mon Sep 17 00:00:00 2001 From: Gudjon Date: Thu, 27 Dec 2018 15:34:39 +0000 Subject: [PATCH 109/136] Quote all values under 'etcd.tls' (#9184) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Guðjón Jónsson Signed-off-by: Melissa Palmer --- stable/traefik/Chart.yaml | 2 +- stable/traefik/templates/configmap.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/traefik/Chart.yaml b/stable/traefik/Chart.yaml index 0e4c38138bd5..eddfa5854035 100755 --- a/stable/traefik/Chart.yaml +++ b/stable/traefik/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 name: traefik -version: 1.56.0 +version: 1.56.1 appVersion: 1.7.6 description: A Traefik based Kubernetes ingress controller with Let's Encrypt support keywords: diff --git a/stable/traefik/templates/configmap.yaml b/stable/traefik/templates/configmap.yaml index a20f758217b9..7c1ac6e159aa 100644 --- a/stable/traefik/templates/configmap.yaml +++ b/stable/traefik/templates/configmap.yaml @@ -182,7 +182,7 @@ data: [etcd.tls] {{- end }} {{ range $key, $value := .Values.kvprovider.etcd.tls }} - {{ $key }} = {{ $value }} + {{ $key }} = {{ $value | quote }} {{ end }} {{- end }} {{- if .Values.kvprovider.consul }} From 5e3be93b2e65a70f837aee3c7afaacce4d58a1d9 Mon Sep 17 00:00:00 2001 From: Ben Tucker Date: Fri, 28 Dec 2018 02:56:15 +1100 Subject: [PATCH 110/136] [incubator/schema-registry] improve/fix secrets to allow JKS (#10226) * [incubator/schema-registry] improve/fix secrets to allow JKS Signed-off-by: Ben Tucker * [incubator/schema-registry] improve/fix secrets to allow JKS - fix lint error (trailing-space) Signed-off-by: Ben Tucker Signed-off-by: Melissa Palmer --- incubator/schema-registry/Chart.yaml | 2 +- .../schema-registry/templates/deployment.yaml | 13 +++++++++++++ incubator/schema-registry/values.yaml | 19 ++++++++++++++----- 3 files changed, 28 insertions(+), 6 deletions(-) diff --git a/incubator/schema-registry/Chart.yaml b/incubator/schema-registry/Chart.yaml index 71017bd81203..3c75c4465a43 100644 --- a/incubator/schema-registry/Chart.yaml +++ b/incubator/schema-registry/Chart.yaml @@ -1,6 +1,6 @@ name: schema-registry home: https://docs.confluent.io/current/schema-registry/docs/index.html -version: 1.1.1 +version: 1.1.2 appVersion: 5.0.1 keywords: - confluent diff --git a/incubator/schema-registry/templates/deployment.yaml b/incubator/schema-registry/templates/deployment.yaml index cdafffcdf30c..8bb62d0eee2e 100644 --- a/incubator/schema-registry/templates/deployment.yaml +++ b/incubator/schema-registry/templates/deployment.yaml @@ -126,6 +126,19 @@ spec: - name: JMX_PORT value: "{{ .Values.jmx.port }}" {{- end }} + {{- if .Values.secrets }} + {{- range $secret := .Values.secrets }} + {{- if not $secret.mountPath }} + {{- range $key := $secret.keys }} + - name: {{ (print $secret.name "_" $key) | upper | replace "." "_" | replace "-" "_"}} + valueFrom: + secretKeyRef: + name: {{ $secret.name }} + key: {{ $key }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} resources: {{ toYaml .Values.resources | indent 12 }} volumeMounts: diff --git a/incubator/schema-registry/values.yaml b/incubator/schema-registry/values.yaml index 6ed1459f2224..08d2fd3ab1bf 100644 --- a/incubator/schema-registry/values.yaml +++ b/incubator/schema-registry/values.yaml @@ -128,9 +128,18 @@ jmx: enabled: true port: 5555 -## Useful if using any Keystore/Trusttore for Authorization. -## Pass any secrets to the pods. The secret will be mounted to a -## specific path (in addition to environment variable) if required. +## Pass any secrets to the pods. The secrets will be mounted to a specfic path +## OR presented as Environment Variables. Environment variable names are +## generated as: `_` (All upper case) +## note: Keystore/Truststore are binary and should always be presented as files. secrets: [] -# - name: myZkSecret -# mountPath: /opt/zookeeper/secret +# - name: schema-registry-jks +# keys: +# - ksr-server.truststore.jks +# - ksr-server.keystore.jks +# mountPath: /secrets +# - name: schema-registry-jks-pw +# keys: +# - ssl_truststore_password +# - ssl_keystore_password +# - ssl_key_password From 4c0c4965b7838cbdbdee103cf64a5c80b4dc4e12 Mon Sep 17 00:00:00 2001 From: Ali Kahoot Date: Thu, 27 Dec 2018 23:25:04 +0500 Subject: [PATCH 111/136] Add optional annotation for Daemonset and its pods (#10268) Signed-off-by: kahootali Signed-off-by: Melissa Palmer --- stable/fluentd-elasticsearch/Chart.yaml | 2 +- stable/fluentd-elasticsearch/README.md | 1 + stable/fluentd-elasticsearch/templates/daemonset.yaml | 8 ++++++-- stable/fluentd-elasticsearch/values.yaml | 2 ++ 4 files changed, 10 insertions(+), 3 deletions(-) diff --git a/stable/fluentd-elasticsearch/Chart.yaml b/stable/fluentd-elasticsearch/Chart.yaml index eddfd10e8762..aeb7d038237e 100644 --- a/stable/fluentd-elasticsearch/Chart.yaml +++ b/stable/fluentd-elasticsearch/Chart.yaml @@ -1,5 +1,5 @@ name: fluentd-elasticsearch -version: 2.0.2 +version: 2.0.3 appVersion: 2.3.2 home: https://www.fluentd.org/ description: A Fluentd Helm chart for Kubernetes with Elasticsearch output diff --git a/stable/fluentd-elasticsearch/README.md b/stable/fluentd-elasticsearch/README.md index 3443179f3f53..e90ab0f3bcc9 100644 --- a/stable/fluentd-elasticsearch/README.md +++ b/stable/fluentd-elasticsearch/README.md @@ -46,6 +46,7 @@ The following table lists the configurable parameters of the Fluentd elasticsear | Parameter | Description | Default | | ---------------------------------- | ------------------------------------------ | ---------------------------------------------------------- | | `annotations` | Optional daemonset annotations | `NULL` | +| `podAnnotations` | Optional daemonset's pods annotations | `NULL` | | `configMaps` | Fluentd configmaps | `default conf files` | | `elasticsearch.host` | Elasticsearch Host | `elasticsearch-client` | | `elasticsearch.port` | Elasticsearch Port | `9200` | diff --git a/stable/fluentd-elasticsearch/templates/daemonset.yaml b/stable/fluentd-elasticsearch/templates/daemonset.yaml index b0a67330f193..0529205e3875 100644 --- a/stable/fluentd-elasticsearch/templates/daemonset.yaml +++ b/stable/fluentd-elasticsearch/templates/daemonset.yaml @@ -9,6 +9,10 @@ metadata: app.kubernetes.io/managed-by: {{ .Release.Service }} kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile +{{- if .Values.annotations }} + annotations: +{{ toYaml .Values.annotations | indent 4 }} +{{- end }} spec: updateStrategy: {{ toYaml .Values.updateStrategy | indent 4 }} @@ -30,8 +34,8 @@ spec: annotations: scheduler.alpha.kubernetes.io/critical-pod: '' checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} -{{- if .Values.annotations }} -{{ toYaml .Values.annotations | indent 8 }} +{{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} {{- end }} spec: serviceAccountName: {{ template "fluentd-elasticsearch.fullname" . }} diff --git a/stable/fluentd-elasticsearch/values.yaml b/stable/fluentd-elasticsearch/values.yaml index 510628262f60..27622bbb5439 100644 --- a/stable/fluentd-elasticsearch/values.yaml +++ b/stable/fluentd-elasticsearch/values.yaml @@ -67,6 +67,8 @@ livenessProbe: enabled: true annotations: {} + +podAnnotations: {} # prometheus.io/scrape: "true" # prometheus.io/port: "24231" From f31b65f7d138825bc450088c5f017ca934492d7b Mon Sep 17 00:00:00 2001 From: Jason Ertel Date: Thu, 27 Dec 2018 15:45:50 -0500 Subject: [PATCH 112/136] upgrade to elastalert 0.1.38 (#10266) Signed-off-by: Jason Ertel Signed-off-by: Melissa Palmer --- stable/elastalert/Chart.yaml | 4 ++-- stable/elastalert/README.md | 2 +- stable/elastalert/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/elastalert/Chart.yaml b/stable/elastalert/Chart.yaml index c29b85e56438..c7f1f6ba3895 100644 --- a/stable/elastalert/Chart.yaml +++ b/stable/elastalert/Chart.yaml @@ -1,7 +1,7 @@ description: ElastAlert is a simple framework for alerting on anomalies, spikes, or other patterns of interest from data in Elasticsearch. name: elastalert -version: 0.9.0 -appVersion: 0.1.36 +version: 0.10.0 +appVersion: 0.1.38 home: https://github.com/Yelp/elastalert icon: https://static-www.elastic.co/assets/blteb1c97719574938d/logo-elastic-elasticsearch-lt.svg sources: diff --git a/stable/elastalert/README.md b/stable/elastalert/README.md index 93967828b221..cba71710a212 100644 --- a/stable/elastalert/README.md +++ b/stable/elastalert/README.md @@ -52,7 +52,7 @@ The command removes all the Kubernetes components associated with the chart and | Parameter | Description | Default | | ------------------------ | ------------------------------------------------- | ------------------------------- | | `image.repository` | docker image | jertel/elastalert-docker | -| `image.tag` | docker image tag | 0.1.36 | +| `image.tag` | docker image tag | 0.1.38 | | `image.pullPolicy` | image pull policy | IfNotPresent | | `command` | command override for container | `NULL` | | `args` | args override for container | `NULL` | diff --git a/stable/elastalert/values.yaml b/stable/elastalert/values.yaml index 08f0f3492036..efb3be285104 100644 --- a/stable/elastalert/values.yaml +++ b/stable/elastalert/values.yaml @@ -28,7 +28,7 @@ image: # docker image repository: jertel/elastalert-docker # docker image tag - tag: 0.1.36 + tag: 0.1.38 pullPolicy: IfNotPresent resources: {} From e691e6ae0ff79c3699e2ce2a64d6dfc7040f3951 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rauny=20Brand=C3=A3o?= Date: Fri, 28 Dec 2018 11:25:57 -0200 Subject: [PATCH 113/136] Add reconnect_on_error to elasticsearch plugin (#10279) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Rauny Brandão Signed-off-by: Melissa Palmer --- stable/fluentd-elasticsearch/Chart.yaml | 2 +- stable/fluentd-elasticsearch/values.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/stable/fluentd-elasticsearch/Chart.yaml b/stable/fluentd-elasticsearch/Chart.yaml index aeb7d038237e..8a0194673ab5 100644 --- a/stable/fluentd-elasticsearch/Chart.yaml +++ b/stable/fluentd-elasticsearch/Chart.yaml @@ -1,5 +1,5 @@ name: fluentd-elasticsearch -version: 2.0.3 +version: 2.0.4 appVersion: 2.3.2 home: https://www.fluentd.org/ description: A Fluentd Helm chart for Kubernetes with Elasticsearch output diff --git a/stable/fluentd-elasticsearch/values.yaml b/stable/fluentd-elasticsearch/values.yaml index 27622bbb5439..8e5fea0c4a69 100644 --- a/stable/fluentd-elasticsearch/values.yaml +++ b/stable/fluentd-elasticsearch/values.yaml @@ -464,6 +464,7 @@ configMaps: ssl_version "#{ENV['OUTPUT_SSL_VERSION']}" logstash_format true logstash_prefix "#{ENV['LOGSTASH_PREFIX']}" + reconnect_on_error true @type file path /var/log/fluentd-buffers/kubernetes.system.buffer From 447e3aa9b6e7130a734f583e835428720d5d2be2 Mon Sep 17 00:00:00 2001 From: Bitnami Bot Date: Sat, 29 Dec 2018 10:58:30 +0100 Subject: [PATCH 114/136] phabricator: update to `2018.51.0` (#10295) Signed-off-by: Bitnami Containers Signed-off-by: Melissa Palmer --- stable/phabricator/Chart.yaml | 4 ++-- stable/phabricator/values.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/stable/phabricator/Chart.yaml b/stable/phabricator/Chart.yaml index 5e4b99449c60..41a8db4c2a5d 100644 --- a/stable/phabricator/Chart.yaml +++ b/stable/phabricator/Chart.yaml @@ -1,6 +1,6 @@ name: phabricator -version: 4.0.4 -appVersion: 2018.50.0 +version: 4.0.5 +appVersion: 2018.51.0 description: Collection of open source web applications that help software companies build better software. keywords: - phabricator diff --git a/stable/phabricator/values.yaml b/stable/phabricator/values.yaml index c36195fdd208..35ba251af3d0 100644 --- a/stable/phabricator/values.yaml +++ b/stable/phabricator/values.yaml @@ -10,7 +10,7 @@ image: registry: docker.io repository: bitnami/phabricator - tag: 2018.50.0 + tag: 2018.51.0 ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images From e01cf9be331d6f66022119edbf8e01bb19203bc0 Mon Sep 17 00:00:00 2001 From: Faizan Ahmad Date: Sat, 29 Dec 2018 19:28:39 +0500 Subject: [PATCH 115/136] Add support for annotations in deployment of kibana (#10283) Signed-off-by: faizanahmad055 Signed-off-by: Melissa Palmer --- stable/kibana/Chart.yaml | 2 +- stable/kibana/README.md | 1 + stable/kibana/templates/deployment.yaml | 4 ++++ stable/kibana/values.yaml | 3 +++ 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/kibana/Chart.yaml b/stable/kibana/Chart.yaml index 8abb96a146a0..fe02b8c6e45d 100644 --- a/stable/kibana/Chart.yaml +++ b/stable/kibana/Chart.yaml @@ -1,5 +1,5 @@ name: kibana -version: 1.1.0 +version: 1.1.1 appVersion: 6.5.3 description: Kibana is an open source data visualization plugin for Elasticsearch icon: https://raw.githubusercontent.com/elastic/kibana/master/src/ui/public/icons/kibana-color.svg diff --git a/stable/kibana/README.md b/stable/kibana/README.md index c947ae55f542..e735661509a9 100644 --- a/stable/kibana/README.md +++ b/stable/kibana/README.md @@ -101,6 +101,7 @@ The following table lists the configurable parameters of the kibana chart and th | `securityContext.runAsUser` | User id to run in pods | `1000` | | `securityContext.fsGroup` | fsGroup id to run in pods | `2000` | | `extraConfigMapMounts` | Additional configmaps to be mounted | `[]` | +| `deployment.annotations` | Annotations for deployment | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/kibana/templates/deployment.yaml b/stable/kibana/templates/deployment.yaml index 56e31341dcd0..8b6fa6758e2a 100644 --- a/stable/kibana/templates/deployment.yaml +++ b/stable/kibana/templates/deployment.yaml @@ -7,6 +7,10 @@ metadata: heritage: {{ .Release.Service }} release: {{ .Release.Name }} name: {{ template "kibana.fullname" . }} +{{- if .Values.deployment.annotations }} + annotations: +{{ toYaml .Values.deployment.annotations | indent 4 }} +{{- end }} spec: replicas: {{ .Values.replicaCount }} revisionHistoryLimit: {{ .Values.revisionHistoryLimit }} diff --git a/stable/kibana/values.yaml b/stable/kibana/values.yaml index d0b132abaa28..748e415d4330 100644 --- a/stable/kibana/values.yaml +++ b/stable/kibana/values.yaml @@ -29,6 +29,9 @@ files: # logging.verbose: "true" # server.defaultRoute: "/app/kibana" +deployment: + annotations: {} + service: type: ClusterIP externalPort: 443 From cd64bbf582e0fde21ec8497479612d73752b1986 Mon Sep 17 00:00:00 2001 From: Will Hughes Date: Sun, 30 Dec 2018 04:21:23 +1300 Subject: [PATCH 116/136] [stable/home-assistant] Add option to inject environment vars from secrets (#10297) Signed-off-by: William Hughes Signed-off-by: Melissa Palmer --- stable/home-assistant/Chart.yaml | 2 +- stable/home-assistant/README.md | 1 + stable/home-assistant/templates/deployment.yaml | 7 +++++++ stable/home-assistant/values.yaml | 12 +++++++++++- 4 files changed, 20 insertions(+), 2 deletions(-) diff --git a/stable/home-assistant/Chart.yaml b/stable/home-assistant/Chart.yaml index f9eea23bd259..7b0a66a6cde0 100644 --- a/stable/home-assistant/Chart.yaml +++ b/stable/home-assistant/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.81.2 description: Home Assistant name: home-assistant -version: 0.4.1 +version: 0.4.2 keywords: - home-assistant - hass diff --git a/stable/home-assistant/README.md b/stable/home-assistant/README.md index e7b194f3d5b2..60cb551c7bbb 100644 --- a/stable/home-assistant/README.md +++ b/stable/home-assistant/README.md @@ -58,6 +58,7 @@ The following tables lists the configurable parameters of the Sentry chart and t | `persistence.storageClass` | Type of persistent volume claim | `-` | | `persistence.accessMode` | Persistence access modes | `ReadWriteMany` | | `extraEnv` | Extra ENV vars to pass to the home-assistant container | `{}` | +| `extraEnvSecrets` | Extra env vars to pass to the home-assistant container from k8s secrets - see `values.yaml` for an example | `{}` | | `configurator.enabled` | Enable the optional [configuration UI](https://github.com/danielperna84/hass-configurator) | `false` | | `configurator.image.repository` | Image repository | `billimek/hass-configurator-docker` | | `configurator.image.tag` | Image tag | `x86_64-0.3.0`| diff --git a/stable/home-assistant/templates/deployment.yaml b/stable/home-assistant/templates/deployment.yaml index a1d4fecc6f47..b77f43614534 100644 --- a/stable/home-assistant/templates/deployment.yaml +++ b/stable/home-assistant/templates/deployment.yaml @@ -49,6 +49,13 @@ spec: - name: {{ $key }} value: {{ $value }} {{- end }} + {{- range $name, $opts := .Values.extraEnvSecrets }} + - name: {{ $name }} + valueFrom: + secretKeyRef: + name: {{ $opts.secret }} + key: {{ $opts.key }} + {{- end }} volumeMounts: - mountPath: /config name: config diff --git a/stable/home-assistant/values.yaml b/stable/home-assistant/values.yaml index 7becfaaf4903..ca449f90808c 100644 --- a/stable/home-assistant/values.yaml +++ b/stable/home-assistant/values.yaml @@ -55,11 +55,21 @@ persistence: accessMode: ReadWriteOnce size: 5Gi -## Additional hass-configurator container environment variable +## Additional hass container environment variable ## For instance to add a http_proxy ## extraEnv: {} +## Additional hass container environment variable from k8s secrets +## For instance to add a password +## can use `!env_var` in the home assistant configuration to reference these variables +extraEnvSecrets: + # Example + # This will set ${MQTT_PASSWORD} to the 'password' key from the 'mqtt' secret + # MQTT_PASSWORD: + # secret: mqtt + # key: password + configurator: enabled: false From 0d47ab5f85441524b3d8261422665cf871b8a56e Mon Sep 17 00:00:00 2001 From: Jesse Stuart Date: Sat, 29 Dec 2018 15:52:26 -0500 Subject: [PATCH 117/136] [stable/unifi] Fix typos/formatting in README. (#10277) Signed-off-by: Jesse Stuart Signed-off-by: Melissa Palmer --- stable/unifi/Chart.yaml | 2 +- stable/unifi/README.md | 150 ++++++++++++++++++++++------------------ 2 files changed, 84 insertions(+), 68 deletions(-) diff --git a/stable/unifi/Chart.yaml b/stable/unifi/Chart.yaml index 1fbc059f86e6..2b1a277269fa 100644 --- a/stable/unifi/Chart.yaml +++ b/stable/unifi/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 5.9.29 description: Ubiquiti Network's Unifi Controller name: unifi -version: 0.2.4 +version: 0.2.5 keywords: - ubiquiti - unifi diff --git a/stable/unifi/README.md b/stable/unifi/README.md index 90b09bfb6ec1..72ce24ee1c82 100644 --- a/stable/unifi/README.md +++ b/stable/unifi/README.md @@ -1,6 +1,6 @@ -# Ubiqiti Network's Unifi Controller +# Ubiquiti Network's Unifi Controller -This is a helm chart for [Ubiqiti Network's](https://www.ubnt.com/) [Unifi Controller](https://unifi-sdn.ubnt.com/) +This is a helm chart for [Ubiquiti Network's][ubnt] [Unifi Controller][ubnt 2]. ## TL;DR; @@ -10,7 +10,7 @@ helm install stable/unifi ## Introduction -This code is adopted from [this original repo](https://github.com/jacobalberty/unifi-docker) +This code is adopted from [this original repo][github]. ## Installing the Chart @@ -32,66 +32,66 @@ The command removes all the Kubernetes components associated with the chart and ## Configuration -The following tables lists the configurable parameters of the Sentry chart and their default values. - -| Parameter | Description | Default | -|----------------------------|-------------------------------------|---------------------------------------------------------| -| `image.repository` | Image repository | `jacobalberty/unifi` | -| `image.tag` | Image tag. Possible values listed [here](https://hub.docker.com/r/jacobalberty/unifi/tags/).| `5.8.23`| -| `image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `guiService.type` | Kubernetes service type for the Unifi GUI | `ClusterIP` | -| `guiService.port` | Kubernetes port where the Unifi GUI is exposed| `8443` | -| `guiService.annotations` | Service annotations for the Unifi GUI | `{}` | -| `guiService.labels` | Custom labels | `{}` | -| `guiService.loadBalancerIP` | Loadbalance IP for the Unifi GUI | `{}` | -| `guiService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None -| `guiService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` -| `controllerService.type` | Kubernetes service type for the Unifi Controller communication | `NodePort` | -| `controllerService.port` | Kubernetes port where the Unifi Controller is exposed - this needs to be reachable by the unifi devices on the network | `8080` | -| `controllerService.annotations` | Service annotations for the Unifi Controller | `{}` | -| `controllerService.labels` | Custom labels | `{}` | -| `controllerService.loadBalancerIP` | Loadbalance IP for the Unifi Controller | `{}` | -| `controllerService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None -| `controllerService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` -| `stunService.type` | Kubernetes service type for the Unifi STUN | `NodePort` | -| `stunService.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | -| `stunService.annotations` | Service annotations for the Unifi STUN | `{}` | -| `stunService.labels` | Custom labels | `{}` | -| `stunService.loadBalancerIP` | Loadbalance IP for the Unifi STUN | `{}` | -| `stunService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None -| `stunService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` -| `discoveryService.type` | Kubernetes service type for AP discovery | `NodePort` | -| `discoveryService.port` | Kubernetes UDP port for AP discovery | `10001` | -| `discoveryService.annotations` | Service annotations for AP discovery | `{}` | -| `discoveryService.labels` | Custom labels | `{}` | -| `discoveryService.loadBalancerIP` | Loadbalance IP for AP discovery | `{}` | -| `discoveryService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None -| `discoveryService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` -| `ingress.enabled` | Enables Ingress | `false` | -| `ingress.annotations` | Ingress annotations | `{}` | -| `ingress.labels` | Custom labels | `{}` -| `ingress.path` | Ingress path | `/` | -| `ingress.hosts` | Ingress accepted hostnames | `chart-example.local` | -| `ingress.tls` | Ingress TLS configuration | `[]` | -| `timezone` | Timezone the Unifi controller should run as, e.g. 'America/New York' | `UTC` | -| `runAsRoot` | Run the controller as UID0 (root user) | `false` | -| `UID` | Run the controller as user UID | `999` | -| `GID` | Run the controller as group GID | `999` | -| `addSetfcap` | Give the controller container the SETFCAP capability; this is necessary when not running as root | `true` | -| `mongodb.enabled` | Use external MongoDB for data storage | `false` | -| `mongodb.dbUri` | external MongoDB URI | `mongodb://mongo/unifi` | -| `mongodb.statDbUri` | external MongoDB statdb URI | `mongodb://mongo/unifi_stat` | -| `mongodb.databaseName` | external MongoDB database name | `unifi` | -| `persistence.enabled` | Use persistent volume to store data | `true` | -| `persistence.size` | Size of persistent volume claim | `5Gi` | -| `persistence.existingClaim`| Use an existing PVC to persist data | `nil` | -| `persistence.storageClass` | Type of persistent volume claim | `-` | -| `persistence.accessModes` | Persistence access modes | `[]` | -| `resources` | CPU/Memory resource requests/limits | `{}` | -| `nodeSelector` | Node labels for pod assignment | `{}` | -| `tolerations` | Toleration labels for pod assignment | `[]` | -| `affinity` | Affinity settings for pod assignment | `{}` | -| `podAnnotations` | Key-value pairs to add as pod annotations | `{}` | +The following tables lists the configurable parameters of the Unifi chart and their default values. + +| Parameter | Description | Default | +| -------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------- | ---------------------------- | +| `image.repository` | Image repository | `jacobalberty/unifi` | +| `image.tag` | Image tag. Possible values listed [here][docker]. | `5.8.23` | +| `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `guiService.type` | Kubernetes service type for the Unifi GUI | `ClusterIP` | +| `guiService.port` | Kubernetes port where the Unifi GUI is exposed | `8443` | +| `guiService.annotations` | Service annotations for the Unifi GUI | `{}` | +| `guiService.labels` | Custom labels | `{}` | +| `guiService.loadBalancerIP` | Loadbalance IP for the Unifi GUI | `{}` | +| `guiService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | +| `guiService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | +| `controllerService.type` | Kubernetes service type for the Unifi Controller communication | `NodePort` | +| `controllerService.port` | Kubernetes port where the Unifi Controller is exposed - this needs to be reachable by the unifi devices on the network | `8080` | +| `controllerService.annotations` | Service annotations for the Unifi Controller | `{}` | +| `controllerService.labels` | Custom labels | `{}` | +| `controllerService.loadBalancerIP` | Loadbalance IP for the Unifi Controller | `{}` | +| `controllerService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | +| `controllerService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | +| `stunService.type` | Kubernetes service type for the Unifi STUN | `NodePort` | +| `stunService.port` | Kubernetes UDP port where the Unifi STUN is exposed | `3478` | +| `stunService.annotations` | Service annotations for the Unifi STUN | `{}` | +| `stunService.labels` | Custom labels | `{}` | +| `stunService.loadBalancerIP` | Loadbalance IP for the Unifi STUN | `{}` | +| `stunService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | +| `stunService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | +| `discoveryService.type` | Kubernetes service type for AP discovery | `NodePort` | +| `discoveryService.port` | Kubernetes UDP port for AP discovery | `10001` | +| `discoveryService.annotations` | Service annotations for AP discovery | `{}` | +| `discoveryService.labels` | Custom labels | `{}` | +| `discoveryService.loadBalancerIP` | Loadbalance IP for AP discovery | `{}` | +| `discoveryService.loadBalancerSourceRanges` | List of IP CIDRs allowed access to load balancer (if supported) | None | +| `discoveryService.externalTrafficPolicy` | Set the externalTrafficPolicy in the Service to either Cluster or Local | `Cluster` | +| `ingress.enabled` | Enables Ingress | `false` | +| `ingress.annotations` | Ingress annotations | `{}` | +| `ingress.labels` | Custom labels | `{}` | +| `ingress.path` | Ingress path | `/` | +| `ingress.hosts` | Ingress accepted hostnames | `chart-example.local` | +| `ingress.tls` | Ingress TLS configuration | `[]` | +| `timezone` | Timezone the Unifi controller should run as, e.g. 'America/New York' | `UTC` | +| `runAsRoot` | Run the controller as UID0 (root user) | `false` | +| `UID` | Run the controller as user UID | `999` | +| `GID` | Run the controller as group GID | `999` | +| `addSetfcap` | Give the controller container the SETFCAP capability; this is necessary when not running as root | `true` | +| `mongodb.enabled` | Use external MongoDB for data storage | `false` | +| `mongodb.dbUri` | external MongoDB URI | `mongodb://mongo/unifi` | +| `mongodb.statDbUri` | external MongoDB statdb URI | `mongodb://mongo/unifi_stat` | +| `mongodb.databaseName` | external MongoDB database name | `unifi` | +| `persistence.enabled` | Use persistent volume to store data | `true` | +| `persistence.size` | Size of persistent volume claim | `5Gi` | +| `persistence.existingClaim` | Use an existing PVC to persist data | `nil` | +| `persistence.storageClass` | Type of persistent volume claim | `-` | +| `persistence.accessModes` | Persistence access modes | `[]` | +| `resources` | CPU/Memory resource requests/limits | `{}` | +| `nodeSelector` | Node labels for pod assignment | `{}` | +| `tolerations` | Toleration labels for pod assignment | `[]` | +| `affinity` | Affinity settings for pod assignment | `{}` | +| `podAnnotations` | Key-value pairs to add as pod annotations | `{}` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, @@ -111,7 +111,23 @@ Read through the [values.yaml](values.yaml) file. It has several commented out s ## Regarding the services -* `guiService`: represents the main web UI and is what one would normally point the ingress to -* `controllerService`: This is needed in order for the unifi devices to talk to the controller and must be otherwise exposed to the network where the unifi devices run. If you run this as a NodePort (the default setting), make sure that there is an external loadbalancer that is directing traffic from port 8080 to the NodePort for this service -* `discoveryService`: This needs to be reachable by the unifi devices on the network similar to the controllerService but only during the discovery phase. This is a UDP service -* `stunService`: Also used periodically by the unifi devices to communicate with the controller using UDP. See [this article](https://help.ubnt.com/hc/en-us/articles/204976094-UniFi-What-protocol-does-the-controller-use-to-communicate-with-the-UAP-) and [this other article](https://help.ubnt.com/hc/en-us/articles/115015457668-UniFi-Troubleshooting-STUN-Communication-Errors) for more information +- `guiService`: Represents the main web UI and is what one would normally point + the ingress to. +- `controllerService`: This is needed in order for the unifi devices to talk to + the controller and must be otherwise exposed to the network where the unifi + devices run. If you run this as a `NodePort` (the default setting), make sure + that there is an external load balancer that is directing traffic from port + 8080 to the `NodePort` for this service. +- `discoveryService`: This needs to be reachable by the unifi devices on the + network similar to the controller `Service` but only during the discovery + phase. This is a UDP service. +- `stunService`: Also used periodically by the unifi devices to communicate + with the controller using UDP. See [this article][ubnt 3] and [this other + article][ubnt 4] for more information. + +[docker]: https://hub.docker.com/r/jacobalberty/unifi/tags/ +[github]: https://github.com/jacobalberty/unifi-docker +[ubnt]: https://www.ubnt.com/ +[ubnt 2]: https://unifi-sdn.ubnt.com/ +[ubnt 3]: https://help.ubnt.com/hc/en-us/articles/204976094-UniFi-What-protocol-does-the-controller-use-to-communicate-with-the-UAP- +[ubnt 4]: https://help.ubnt.com/hc/en-us/articles/115015457668-UniFi-Troubleshooting-STUN-Communication-Errors From 39aeabc1b1270c4465593147d42ff9048a8a64a4 Mon Sep 17 00:00:00 2001 From: "David J. M. Karlsen" Date: Sat, 29 Dec 2018 23:20:42 +0100 Subject: [PATCH 118/136] upgrade home assistant (#10302) Signed-off-by: David J. M. Karlsen Signed-off-by: Melissa Palmer --- stable/home-assistant/Chart.yaml | 4 ++-- stable/home-assistant/README.md | 2 +- stable/home-assistant/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/home-assistant/Chart.yaml b/stable/home-assistant/Chart.yaml index 7b0a66a6cde0..aa3e84163d31 100644 --- a/stable/home-assistant/Chart.yaml +++ b/stable/home-assistant/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 0.81.2 +appVersion: 0.84.6 description: Home Assistant name: home-assistant -version: 0.4.2 +version: 0.5.0 keywords: - home-assistant - hass diff --git a/stable/home-assistant/README.md b/stable/home-assistant/README.md index 60cb551c7bbb..1f598399579e 100644 --- a/stable/home-assistant/README.md +++ b/stable/home-assistant/README.md @@ -36,7 +36,7 @@ The following tables lists the configurable parameters of the Sentry chart and t | Parameter | Description | Default | |----------------------------|-------------------------------------|---------------------------------------------------------| | `image.repository` | Image repository | `homeassistant/home-assistant` | -| `image.tag` | Image tag. Possible values listed [here](https://hub.docker.com/r/jacobalberty/home-assistant/tags/).| `0.72.1`| +| `image.tag` | Image tag. Possible values listed [here](https://hub.docker.com/r/homeassistant/home-assistant/tags/).| `0.84.6`| | `image.pullPolicy` | Image pull policy | `IfNotPresent` | | `service.type` | Kubernetes service type for the home-assistant GUI | `ClusterIP` | | `service.port` | Kubernetes port where the home-assistant GUI is exposed| `8123` | diff --git a/stable/home-assistant/values.yaml b/stable/home-assistant/values.yaml index ca449f90808c..1dbc4a0b5d7b 100644 --- a/stable/home-assistant/values.yaml +++ b/stable/home-assistant/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 image: repository: homeassistant/home-assistant - tag: 0.81.2 + tag: 0.84.6 pullPolicy: IfNotPresent service: From e39521d9679c9a569f77993d0777c4bb65b8a9c3 Mon Sep 17 00:00:00 2001 From: Will Hughes Date: Sun, 30 Dec 2018 13:42:36 +1300 Subject: [PATCH 119/136] [stable/home-assistant] Add option to pass imagePullSecrets to Home Assistant pod (#10300) Signed-off-by: William Hughes Signed-off-by: Melissa Palmer --- stable/home-assistant/Chart.yaml | 2 +- stable/home-assistant/README.md | 1 + stable/home-assistant/templates/deployment.yaml | 6 ++++++ stable/home-assistant/values.yaml | 1 + 4 files changed, 9 insertions(+), 1 deletion(-) diff --git a/stable/home-assistant/Chart.yaml b/stable/home-assistant/Chart.yaml index aa3e84163d31..9d459ca936cd 100644 --- a/stable/home-assistant/Chart.yaml +++ b/stable/home-assistant/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 0.84.6 description: Home Assistant name: home-assistant -version: 0.5.0 +version: 0.5.1 keywords: - home-assistant - hass diff --git a/stable/home-assistant/README.md b/stable/home-assistant/README.md index 1f598399579e..d42a3e7d88a9 100644 --- a/stable/home-assistant/README.md +++ b/stable/home-assistant/README.md @@ -38,6 +38,7 @@ The following tables lists the configurable parameters of the Sentry chart and t | `image.repository` | Image repository | `homeassistant/home-assistant` | | `image.tag` | Image tag. Possible values listed [here](https://hub.docker.com/r/homeassistant/home-assistant/tags/).| `0.84.6`| | `image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `image.pullSecrets` | Secrets to use when pulling the image | `[]` | | `service.type` | Kubernetes service type for the home-assistant GUI | `ClusterIP` | | `service.port` | Kubernetes port where the home-assistant GUI is exposed| `8123` | | `service.annotations` | Service annotations for the home-assistant GUI | `{}` | diff --git a/stable/home-assistant/templates/deployment.yaml b/stable/home-assistant/templates/deployment.yaml index b77f43614534..def1c0626ece 100644 --- a/stable/home-assistant/templates/deployment.yaml +++ b/stable/home-assistant/templates/deployment.yaml @@ -19,6 +19,12 @@ spec: app: {{ template "home-assistant.name" . }} release: {{ .Release.Name }} spec: + {{- with .Values.image.pullSecrets }} + imagePullSecrets: + {{- range . }} + - name: {{ . }} + {{- end }} + {{- end }} {{- if .Values.hostNetwork }} hostNetwork: {{ .Values.hostNetwork }} {{- end }} diff --git a/stable/home-assistant/values.yaml b/stable/home-assistant/values.yaml index 1dbc4a0b5d7b..316f1a723561 100644 --- a/stable/home-assistant/values.yaml +++ b/stable/home-assistant/values.yaml @@ -8,6 +8,7 @@ image: repository: homeassistant/home-assistant tag: 0.84.6 pullPolicy: IfNotPresent + pullSecrets: [] service: type: ClusterIP From a5181f226c890e3630803ffe4b827d164eb0d333 Mon Sep 17 00:00:00 2001 From: Naseem Date: Sun, 30 Dec 2018 06:24:00 -0500 Subject: [PATCH 120/136] [stable/fluentd-elasticsearch] replace template with include (#8590) * replace template with include, fix app labels, and helpers.tpl Signed-off-by: Naseem Ullah * chart bump Signed-off-by: Naseem Ullah * Update service.yaml Signed-off-by: Naseem Ullah * bump chart version Signed-off-by: Naseem Ullah Signed-off-by: Melissa Palmer --- stable/fluentd-elasticsearch/Chart.yaml | 2 +- stable/fluentd-elasticsearch/templates/clusterrole.yaml | 2 +- .../templates/clusterrolebinding.yaml | 4 ++-- stable/fluentd-elasticsearch/templates/configmap.yaml | 2 +- stable/fluentd-elasticsearch/templates/daemonset.yaml | 8 ++++---- .../fluentd-elasticsearch/templates/service-account.yaml | 2 +- stable/fluentd-elasticsearch/templates/service.yaml | 2 +- 7 files changed, 11 insertions(+), 11 deletions(-) diff --git a/stable/fluentd-elasticsearch/Chart.yaml b/stable/fluentd-elasticsearch/Chart.yaml index 8a0194673ab5..801c0f74332e 100644 --- a/stable/fluentd-elasticsearch/Chart.yaml +++ b/stable/fluentd-elasticsearch/Chart.yaml @@ -1,5 +1,5 @@ name: fluentd-elasticsearch -version: 2.0.4 +version: 2.0.5 appVersion: 2.3.2 home: https://www.fluentd.org/ description: A Fluentd Helm chart for Kubernetes with Elasticsearch output diff --git a/stable/fluentd-elasticsearch/templates/clusterrole.yaml b/stable/fluentd-elasticsearch/templates/clusterrole.yaml index 34e3569b7af8..9004af9a533c 100644 --- a/stable/fluentd-elasticsearch/templates/clusterrole.yaml +++ b/stable/fluentd-elasticsearch/templates/clusterrole.yaml @@ -2,7 +2,7 @@ kind: ClusterRole apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ template "fluentd-elasticsearch.fullname" . }} + name: {{ include "fluentd-elasticsearch.fullname" . }} labels: app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} diff --git a/stable/fluentd-elasticsearch/templates/clusterrolebinding.yaml b/stable/fluentd-elasticsearch/templates/clusterrolebinding.yaml index d5d28b4753c4..a932560f962f 100644 --- a/stable/fluentd-elasticsearch/templates/clusterrolebinding.yaml +++ b/stable/fluentd-elasticsearch/templates/clusterrolebinding.yaml @@ -2,7 +2,7 @@ kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: - name: {{ template "fluentd-elasticsearch.fullname" . }} + name: {{ include "fluentd-elasticsearch.fullname" . }} labels: app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} @@ -16,6 +16,6 @@ subjects: namespace: {{ .Release.Namespace }} roleRef: kind: ClusterRole - name: {{ template "fluentd-elasticsearch.fullname" . }} + name: {{ include "fluentd-elasticsearch.fullname" . }} apiGroup: rbac.authorization.k8s.io {{- end -}} diff --git a/stable/fluentd-elasticsearch/templates/configmap.yaml b/stable/fluentd-elasticsearch/templates/configmap.yaml index 6f26f83a69ca..38c71a10ca43 100644 --- a/stable/fluentd-elasticsearch/templates/configmap.yaml +++ b/stable/fluentd-elasticsearch/templates/configmap.yaml @@ -1,7 +1,7 @@ apiVersion: v1 kind: ConfigMap metadata: - name: {{ template "fluentd-elasticsearch.fullname" . }} + name: {{ include "fluentd-elasticsearch.fullname" . }} labels: app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} diff --git a/stable/fluentd-elasticsearch/templates/daemonset.yaml b/stable/fluentd-elasticsearch/templates/daemonset.yaml index 0529205e3875..5d5fba9f9f44 100644 --- a/stable/fluentd-elasticsearch/templates/daemonset.yaml +++ b/stable/fluentd-elasticsearch/templates/daemonset.yaml @@ -1,7 +1,7 @@ apiVersion: apps/v1 kind: DaemonSet metadata: - name: {{ template "fluentd-elasticsearch.fullname" . }} + name: {{ include "fluentd-elasticsearch.fullname" . }} labels: app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} @@ -38,9 +38,9 @@ spec: {{ toYaml .Values.podAnnotations | indent 8 }} {{- end }} spec: - serviceAccountName: {{ template "fluentd-elasticsearch.fullname" . }} + serviceAccountName: {{ include "fluentd-elasticsearch.fullname" . }} containers: - - name: {{ template "fluentd-elasticsearch.fullname" . }} + - name: {{ include "fluentd-elasticsearch.fullname" . }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy | quote }} env: @@ -151,7 +151,7 @@ spec: path: /usr/lib64 - name: config-volume configMap: - name: {{ template "fluentd-elasticsearch.fullname" . }} + name: {{ include "fluentd-elasticsearch.fullname" . }} {{- if .Values.extraVolumes }} {{ toYaml .Values.extraVolumes | indent 6 }} {{- end }} diff --git a/stable/fluentd-elasticsearch/templates/service-account.yaml b/stable/fluentd-elasticsearch/templates/service-account.yaml index 91ace19bbcc0..db0994d0002c 100644 --- a/stable/fluentd-elasticsearch/templates/service-account.yaml +++ b/stable/fluentd-elasticsearch/templates/service-account.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: ServiceAccount metadata: - name: {{ template "fluentd-elasticsearch.fullname" . }} + name: {{ include "fluentd-elasticsearch.fullname" . }} labels: app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} diff --git a/stable/fluentd-elasticsearch/templates/service.yaml b/stable/fluentd-elasticsearch/templates/service.yaml index a0fb53bba911..41fef035e6e1 100644 --- a/stable/fluentd-elasticsearch/templates/service.yaml +++ b/stable/fluentd-elasticsearch/templates/service.yaml @@ -2,7 +2,7 @@ apiVersion: v1 kind: Service metadata: - name: {{ template "fluentd-elasticsearch.fullname" . }} + name: {{ include "fluentd-elasticsearch.fullname" . }} labels: app.kubernetes.io/name: {{ include "fluentd-elasticsearch.name" . }} helm.sh/chart: {{ include "fluentd-elasticsearch.chart" . }} From f98103bb21f10e9f5355c989ab1fb5f44e5b9a5b Mon Sep 17 00:00:00 2001 From: Aaron Friel Date: Sun, 30 Dec 2018 13:19:48 -0800 Subject: [PATCH 121/136] [stable/graphite] Graphite statefulset (#10309) * [stable/graphite] Fix missing image tag in init container spec Graphite recently changed their initialization scripts in 1.1.5-x. The init container using `:latest` resulted in a failure to run the init script and a crash loop. Signed-off-by: Aaron Friel * [stable/graphite] Update to 1.1.5, use StatefulSet Update to 1.1.5 significantly improves performance/reliability and uses services on startup to configure the user accounts, obviating the need for an init container. The Deployment is replaced by a StatefulSet because Graphite is sensitive to the identity of the machines. Although this chart does not currently handle Graphite clusters, it is probably not a good thing that every Graphite pod should register as a new carbon agent and carbon aggregator. There doesn't appear to be any process to clean up "old" agents/aggregators or other container identity pieces. tl;dr: StatefulSet better models the behavior Graphite has than a deployment. Signed-off-by: Aaron Friel * [stable/graphite] Bump minor version number. Signed-off-by: Aaron Friel * [stable/graphite] Use apps/v1 api version in stateful set Signed-off-by: Aaron Friel Signed-off-by: Melissa Palmer --- stable/graphite/Chart.yaml | 4 ++-- stable/graphite/README.md | 2 +- .../{deployment.yaml => statefulset.yaml} | 14 ++++---------- stable/graphite/values.yaml | 2 +- 4 files changed, 8 insertions(+), 14 deletions(-) rename stable/graphite/templates/{deployment.yaml => statefulset.yaml} (88%) diff --git a/stable/graphite/Chart.yaml b/stable/graphite/Chart.yaml index 1accf3e73399..ad9e4d490926 100644 --- a/stable/graphite/Chart.yaml +++ b/stable/graphite/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v1 -version: 0.1.4 -appVersion: "1.1.4-10" +version: 0.2.0 +appVersion: "1.1.5-3" description: Graphite metrics server name: graphite home: https://graphiteapp.org/ diff --git a/stable/graphite/README.md b/stable/graphite/README.md index d1b39ad5e411..4a12331bb6ba 100644 --- a/stable/graphite/README.md +++ b/stable/graphite/README.md @@ -37,7 +37,7 @@ The following table lists the configurable parameters of the Graphite chart and | Parameter | Description | Default | |--------------------------------|----------------------------------------------|----------------------------------------| | `image.repository` | Docker image repo | `graphiteapp/graphite-statsd` | -| `image.tag` | Docker image | `1.1.4-10` | +| `image.tag` | Docker image | `1.1.5-3` | | `image.pullPolicy` | Docker image pull policy | `IfNotPresent` | | `service.type` | Service type | `ClusterIP` | | `service.port` | Service port of Graphite UI | `8080` | diff --git a/stable/graphite/templates/deployment.yaml b/stable/graphite/templates/statefulset.yaml similarity index 88% rename from stable/graphite/templates/deployment.yaml rename to stable/graphite/templates/statefulset.yaml index 437f4984867b..57b861b68e59 100644 --- a/stable/graphite/templates/deployment.yaml +++ b/stable/graphite/templates/statefulset.yaml @@ -1,5 +1,5 @@ apiVersion: apps/v1 -kind: Deployment +kind: StatefulSet metadata: name: {{ template "graphite.fullname" . }} labels: @@ -8,25 +8,19 @@ metadata: release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: - strategy: - type: Recreate + updateStrategy: + type: RollingUpdate selector: matchLabels: app: {{ template "graphite.name" . }} release: {{ .Release.Name }} + serviceName: {{ template "graphite.name" . }} template: metadata: labels: app: {{ template "graphite.name" . }} release: {{ .Release.Name }} spec: - initContainers: - - name: create-syncdb - image: {{ .Values.image.repository }} - command: [ "sh", "-c", "test -f /opt/graphite/storage/graphite.db || /usr/bin/expect /usr/local/bin/django_admin_init.exp"] - volumeMounts: - - name: {{ template "graphite.fullname" . }}-pvc - mountPath: /opt/graphite/storage/ containers: - image: {{ .Values.image.repository }}:{{ .Values.image.tag }} name: {{ .Chart.Name }} diff --git a/stable/graphite/values.yaml b/stable/graphite/values.yaml index 4390854302cb..880eb84cd93f 100644 --- a/stable/graphite/values.yaml +++ b/stable/graphite/values.yaml @@ -2,7 +2,7 @@ image: repository: graphiteapp/graphite-statsd - tag: 1.1.4-10 + tag: 1.1.5-3 pullPolicy: IfNotPresent service: From 46f1bcb8a11fe04a2ab0cf54e8162eaa43346ff3 Mon Sep 17 00:00:00 2001 From: Salvatore Mazzarino Date: Mon, 31 Dec 2018 14:10:08 +0100 Subject: [PATCH 122/136] [stable/prometheus-node-exporter] Node exporter endpoints (#10243) * add endpoints resource Signed-off-by: Salvatore Mazzarino * add param in README Signed-off-by: Salvatore Mazzarino * bump version Signed-off-by: Salvatore Mazzarino Signed-off-by: Melissa Palmer --- stable/prometheus-node-exporter/Chart.yaml | 2 +- stable/prometheus-node-exporter/README.md | 2 ++ .../templates/endpoints.yaml | 17 +++++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 stable/prometheus-node-exporter/templates/endpoints.yaml diff --git a/stable/prometheus-node-exporter/Chart.yaml b/stable/prometheus-node-exporter/Chart.yaml index d2bd0ab44056..89f76634ab6e 100644 --- a/stable/prometheus-node-exporter/Chart.yaml +++ b/stable/prometheus-node-exporter/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: "0.17.0" description: A Helm chart for prometheus node-exporter name: prometheus-node-exporter -version: 1.0.1 +version: 1.1.0 home: https://github.com/prometheus/node_exporter/ sources: - https://github.com/prometheus/node_exporter/ diff --git a/stable/prometheus-node-exporter/README.md b/stable/prometheus-node-exporter/README.md index 4bd4b4120b42..e5027062a78e 100644 --- a/stable/prometheus-node-exporter/README.md +++ b/stable/prometheus-node-exporter/README.md @@ -58,6 +58,8 @@ The following table lists the configurable parameters of the Node Exporter chart | `securityContext` | SecurityContext | `{"runAsNonRoot": true, "runAsUser": 65534}` | | | `tolerations` | List of node taints to tolerate | `- effect: NoSchedule operator: Exists` | | | `priorityClassName` | Name of Priority Class to assign pods | `nil` | | +| `endpoints` | list of addresses that have node exporter deployed outside of the cluster | `[]` | | + Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/prometheus-node-exporter/templates/endpoints.yaml b/stable/prometheus-node-exporter/templates/endpoints.yaml new file mode 100644 index 000000000000..4c5c75fa9d4a --- /dev/null +++ b/stable/prometheus-node-exporter/templates/endpoints.yaml @@ -0,0 +1,17 @@ +{{- if .Values.endpoints }} +apiVersion: v1 +kind: Endpoints +metadata: + name: {{ template "prometheus-node-exporter.fullname" . }} + labels: +{{ include "prometheus-node-exporter.labels" . | indent 4 }} +subsets: + - addresses: + {{- range .Values.endpoints }} + - ip: {{ . }} + {{- end }} + ports: + - name: metrics + port: 9100 + protocol: TCP +{{- end }} \ No newline at end of file From 7d194526dbef08868a20a40bfaa1c9cfaee0618b Mon Sep 17 00:00:00 2001 From: Naseem Date: Mon, 31 Dec 2018 12:43:39 -0500 Subject: [PATCH 123/136] [stable/fluent-bit] Use .name for app label (#8620) * Use .name for app label Signed-off-by: Naseem Ullah * Bump chart Signed-off-by: Naseem Ullah * bumpity Signed-off-by: Naseem Ullah * bump Signed-off-by: Naseem Ullah Signed-off-by: Melissa Palmer --- stable/fluent-bit/Chart.yaml | 2 +- stable/fluent-bit/templates/config.yaml | 2 +- stable/fluent-bit/templates/daemonset.yaml | 4 ++-- stable/fluent-bit/templates/secret.yaml | 2 +- stable/fluent-bit/templates/service.yaml | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/stable/fluent-bit/Chart.yaml b/stable/fluent-bit/Chart.yaml index 6678671dac5d..b352106f5a9a 100755 --- a/stable/fluent-bit/Chart.yaml +++ b/stable/fluent-bit/Chart.yaml @@ -1,5 +1,5 @@ name: fluent-bit -version: 1.2.1 +version: 1.2.2 appVersion: 1.0.1 description: Fast and Lightweight Log/Data Forwarder for Linux, BSD and OSX keywords: diff --git a/stable/fluent-bit/templates/config.yaml b/stable/fluent-bit/templates/config.yaml index afe4cf3d253e..165a6826bfe3 100644 --- a/stable/fluent-bit/templates/config.yaml +++ b/stable/fluent-bit/templates/config.yaml @@ -4,7 +4,7 @@ kind: ConfigMap metadata: name: {{ template "fluent-bit.fullname" . }}-config labels: - app: {{ template "fluent-bit.fullname" . }} + app: {{ template "fluent-bit.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} diff --git a/stable/fluent-bit/templates/daemonset.yaml b/stable/fluent-bit/templates/daemonset.yaml index e8e1ca65100b..4e0896362e6b 100644 --- a/stable/fluent-bit/templates/daemonset.yaml +++ b/stable/fluent-bit/templates/daemonset.yaml @@ -3,7 +3,7 @@ kind: DaemonSet metadata: name: fluent-bit labels: - app: {{ template "fluent-bit.fullname" . }} + app: {{ template "fluent-bit.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} @@ -13,7 +13,7 @@ spec: template: metadata: labels: - app: {{ template "fluent-bit.fullname" . }} + app: {{ template "fluent-bit.name" . }} release: {{ .Release.Name }} annotations: checksum/config: {{ include (print $.Template.BasePath "/config.yaml") . | sha256sum }} diff --git a/stable/fluent-bit/templates/secret.yaml b/stable/fluent-bit/templates/secret.yaml index 527d82838659..999c2dac8162 100644 --- a/stable/fluent-bit/templates/secret.yaml +++ b/stable/fluent-bit/templates/secret.yaml @@ -3,7 +3,7 @@ kind: Secret metadata: name: "{{ template "fluent-bit.fullname" . }}-es-tls-secret" labels: - app: {{ template "fluent-bit.fullname" . }} + app: {{ template "fluent-bit.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} diff --git a/stable/fluent-bit/templates/service.yaml b/stable/fluent-bit/templates/service.yaml index 238f18dd7d3b..df06ed1c28cc 100644 --- a/stable/fluent-bit/templates/service.yaml +++ b/stable/fluent-bit/templates/service.yaml @@ -8,7 +8,7 @@ metadata: {{- end }} name: {{ template "fluent-bit.fullname" . }}-metrics labels: - app: {{ template "fluent-bit.fullname" . }} + app: {{ template "fluent-bit.name" . }} chart: {{ .Chart.Name }}-{{ .Chart.Version }} heritage: {{ .Release.Service }} release: {{ .Release.Name }} @@ -20,6 +20,6 @@ spec: targetPort: metrics name: metrics selector: - app: {{ template "fluent-bit.fullname" . }} + app: {{ template "fluent-bit.name" . }} release: {{ .Release.Name }} {{- end }} From cf54e325cef6357f00bf8f3c499916a20af731d3 Mon Sep 17 00:00:00 2001 From: Niclas Mietz Date: Tue, 1 Jan 2019 23:55:26 +0100 Subject: [PATCH 124/136] [stable/bookstack] upgrade bookstack to 0.24.3 (#10323) Signed-off-by: solidnerd Signed-off-by: Melissa Palmer --- stable/bookstack/Chart.yaml | 4 ++-- stable/bookstack/README.md | 2 +- stable/bookstack/values.yaml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/bookstack/Chart.yaml b/stable/bookstack/Chart.yaml index 3f94b39937f0..0ac5fe36c1e6 100644 --- a/stable/bookstack/Chart.yaml +++ b/stable/bookstack/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 0.24.2 +appVersion: 0.24.3 description: BookStack is a simple, self-hosted, easy-to-use platform for organising and storing information. name: bookstack -version: 0.1.2 +version: 0.1.3 home: https://www.bookstackapp.com/ sources: - https://github.com/BookStackApp/BookStack diff --git a/stable/bookstack/README.md b/stable/bookstack/README.md index 36f895f022f8..b1dcf22177ae 100644 --- a/stable/bookstack/README.md +++ b/stable/bookstack/README.md @@ -49,7 +49,7 @@ The following table lists the configurable parameters of the Redmine chart and t | --------------------------------- | ---------------------------------------- | ------------------------------------------------------- | | `replicaCount` | Number of replicas to start | `1` | | `image.repository` | Bookstack image name | `solidnerd/bookstack` | -| `image.tag` | Bookstack image tag | `0.24.2` | +| `image.tag` | Bookstack image tag | `0.24.3` | | `image.pullPolicy` | Bookstack image pull policy | `IfNotPresent` | | `externalDatabase.host` | Host of the external database | `nil` | | `externalDatabase.port` | Port of the external database | `3306` | diff --git a/stable/bookstack/values.yaml b/stable/bookstack/values.yaml index 6043a5cf2d78..96f55fe441e0 100644 --- a/stable/bookstack/values.yaml +++ b/stable/bookstack/values.yaml @@ -6,7 +6,7 @@ replicaCount: 1 image: repository: solidnerd/bookstack - tag: 0.24.2 + tag: 0.24.3 pullPolicy: IfNotPresent app: From 9de623ceb2ddb16a5025c2543f8e54974d28c3d5 Mon Sep 17 00:00:00 2001 From: Melissa Palmer Date: Wed, 2 Jan 2019 08:24:58 +0200 Subject: [PATCH 125/136] from merge Signed-off-by: Melissa Palmer --- stable/sonarqube/README.md | 1 + stable/sonarqube/templates/service.yaml | 3 +++ stable/sonarqube/values.yaml | 1 + 3 files changed, 5 insertions(+) mode change 100644 => 100755 stable/sonarqube/templates/service.yaml mode change 100644 => 100755 stable/sonarqube/values.yaml diff --git a/stable/sonarqube/README.md b/stable/sonarqube/README.md index 99ff2d44a7e2..ce9faa099ac2 100644 --- a/stable/sonarqube/README.md +++ b/stable/sonarqube/README.md @@ -46,6 +46,7 @@ The following table lists the configurable parameters of the Sonarqube chart and | `command` | command to run in the container | `nil` (need to be set prior to 6.7.6, and 7.4) | | `ingress.enabled` | Flag for enabling ingress | false | | `service.type` | Kubernetes service type | `LoadBalancer` | +| `service.labels` | Kubernetes service labels | None | | `service.annotations` | Kubernetes service annotations | None | | `service.loadBalancerSourceRanges` | Kubernetes service LB Allowed inbound IP addresses | 0.0.0.0/0 | | `service.loadBalancerIP` | Kubernetes service LB Optional fixed external IP | None | diff --git a/stable/sonarqube/templates/service.yaml b/stable/sonarqube/templates/service.yaml old mode 100644 new mode 100755 index 99b4f10d98dc..292a82249654 --- a/stable/sonarqube/templates/service.yaml +++ b/stable/sonarqube/templates/service.yaml @@ -7,6 +7,9 @@ metadata: chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + {{- range $key, $value := .Values.service.labels }} + {{ $key }}: {{ $value | quote }} + {{- end }} annotations: {{- range $key, $value := .Values.service.annotations }} {{ $key }}: {{ $value | quote }} diff --git a/stable/sonarqube/values.yaml b/stable/sonarqube/values.yaml old mode 100644 new mode 100755 index 6c28a225b674..681c49e3f43a --- a/stable/sonarqube/values.yaml +++ b/stable/sonarqube/values.yaml @@ -23,6 +23,7 @@ service: type: LoadBalancer externalPort: 9000 internalPort: 9000 + labels: annotations: # May be used in example for internal load balancing in GCP: # cloud.google.com/load-balancer-type: Internal From 732d8fc0f710538b0884b786cac9c3bbdcce4aac Mon Sep 17 00:00:00 2001 From: Melissa Palmer Date: Wed, 2 Jan 2019 08:26:06 +0200 Subject: [PATCH 126/136] bump minor version as requested Signed-off-by: Melissa Palmer --- stable/sonarqube/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/stable/sonarqube/Chart.yaml b/stable/sonarqube/Chart.yaml index 7f8c2383070d..173ff6be6841 100644 --- a/stable/sonarqube/Chart.yaml +++ b/stable/sonarqube/Chart.yaml @@ -1,6 +1,6 @@ name: sonarqube description: Sonarqube is an open sourced code quality scanning tool -version: 0.10.4 +version: 0.12.0 appVersion: 7.4 keywords: - coverage From 92c76211f6f565c6b5871f2b069bf4588943e7bd Mon Sep 17 00:00:00 2001 From: "David J. M. Karlsen" Date: Wed, 2 Jan 2019 08:38:51 +0100 Subject: [PATCH 127/136] upgrade elasticsearch (#10326) Signed-off-by: David J. M. Karlsen Signed-off-by: Melissa Palmer --- stable/elasticsearch/Chart.yaml | 4 ++-- stable/elasticsearch/README.md | 2 +- stable/elasticsearch/values.yaml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/elasticsearch/Chart.yaml b/stable/elasticsearch/Chart.yaml index 12a384d324f4..a2a26221fab8 100755 --- a/stable/elasticsearch/Chart.yaml +++ b/stable/elasticsearch/Chart.yaml @@ -1,7 +1,7 @@ name: elasticsearch home: https://www.elastic.co/products/elasticsearch -version: 1.15.1 -appVersion: 6.5.3 +version: 1.15.2 +appVersion: 6.5.4 description: Flexible and powerful open source, distributed real-time search and analytics engine. icon: https://static-www.elastic.co/assets/blteb1c97719574938d/logo-elastic-elasticsearch-lt.svg diff --git a/stable/elasticsearch/README.md b/stable/elasticsearch/README.md index a405b95c3237..84448c336b82 100644 --- a/stable/elasticsearch/README.md +++ b/stable/elasticsearch/README.md @@ -61,7 +61,7 @@ The following table lists the configurable parameters of the elasticsearch chart | Parameter | Description | Default | | ------------------------------------ | ------------------------------------------------------------------- | --------------------------------------------------- | -| `appVersion` | Application Version (Elasticsearch) | `6.5.3` | +| `appVersion` | Application Version (Elasticsearch) | `6.5.4` | | `image.repository` | Container image name | `docker.elastic.co/elasticsearch/elasticsearch-oss` | | `image.tag` | Container image tag | `6.5.1` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | diff --git a/stable/elasticsearch/values.yaml b/stable/elasticsearch/values.yaml index 56ace4a1638f..b90378869de2 100644 --- a/stable/elasticsearch/values.yaml +++ b/stable/elasticsearch/values.yaml @@ -1,7 +1,7 @@ # Default values for elasticsearch. # This is a YAML-formatted file. # Declare variables to be passed into your templates. -appVersion: "6.5.1" +appVersion: "6.5.4" ## Define serviceAccount names for components. Defaults to component's fully qualified name. ## @@ -33,7 +33,7 @@ podSecurityPolicy: image: repository: "docker.elastic.co/elasticsearch/elasticsearch-oss" - tag: "6.5.3" + tag: "6.5.4" pullPolicy: "IfNotPresent" # If specified, use these secrets to access the image # pullSecrets: From c522f708a66b1ac2b65f1644d474404f6a8d1165 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Bono?= Date: Wed, 2 Jan 2019 10:24:05 +0100 Subject: [PATCH 128/136] Add Ghost parameter to specify the URL protocol (#10330) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Andrés Bono Signed-off-by: Melissa Palmer --- stable/ghost/Chart.yaml | 2 +- stable/ghost/README.md | 1 + stable/ghost/templates/deployment.yaml | 2 ++ stable/ghost/values.yaml | 3 ++- 4 files changed, 6 insertions(+), 2 deletions(-) diff --git a/stable/ghost/Chart.yaml b/stable/ghost/Chart.yaml index 729801ba2586..e7bdcc28dc2c 100644 --- a/stable/ghost/Chart.yaml +++ b/stable/ghost/Chart.yaml @@ -1,5 +1,5 @@ name: ghost -version: 6.1.8 +version: 6.1.9 appVersion: 2.9.1 description: A simple, powerful publishing platform that allows you to share your stories with the world keywords: diff --git a/stable/ghost/README.md b/stable/ghost/README.md index 3375a72fcc4f..6319787f3105 100644 --- a/stable/ghost/README.md +++ b/stable/ghost/README.md @@ -60,6 +60,7 @@ The following table lists the configurable parameters of the Ghost chart and the | `volumePermissions.image.tag` | Init container volume-permissions image tag | `latest` | | `volumePermissions.image.pullPolicy`| Init container volume-permissions image pull policy | `Always` | | `ghostHost` | Ghost host to create application URLs | `nil` | +| `ghostProtocol` | Protocol (http or https) to use in the application URLs | `http` | | `ghostPath` | Ghost path to create application URLs | `nil` | | `ghostUsername` | User of the application | `user@example.com` | | `ghostPassword` | Application password | Randomly generated | diff --git a/stable/ghost/templates/deployment.yaml b/stable/ghost/templates/deployment.yaml index b828be447f10..398753f5039c 100644 --- a/stable/ghost/templates/deployment.yaml +++ b/stable/ghost/templates/deployment.yaml @@ -87,6 +87,8 @@ spec: {{- end }} - name: GHOST_HOST value: {{ include "ghost.host" . | quote }} + - name: GHOST_PROTOCOL + value: {{ .Values.ghostProtocol | quote }} - name: GHOST_PORT_NUMBER value: {{ .Values.service.port | quote }} - name: GHOST_USERNAME diff --git a/stable/ghost/values.yaml b/stable/ghost/values.yaml index 3e5fa1472dad..b2b93e630120 100644 --- a/stable/ghost/values.yaml +++ b/stable/ghost/values.yaml @@ -34,9 +34,10 @@ volumePermissions: tag: latest pullPolicy: Always -## Ghost host and path to create application URLs +## Ghost protocol, host and path to create application URLs ## ref: https://github.com/bitnami/bitnami-docker-ghost#configuration ## +ghostProtocol: https # ghostHost: ghostPath: / From da36b0a54f6710cc08c323581952fb595621b773 Mon Sep 17 00:00:00 2001 From: Tomas Pizarro Date: Wed, 2 Jan 2019 11:41:38 +0100 Subject: [PATCH 129/136] [bitnami/postgresql] Fix creating initdb scripts from values.yaml (#10332) Signed-off-by: tompizmor Signed-off-by: Melissa Palmer --- stable/postgresql/Chart.yaml | 2 +- stable/postgresql/templates/initialization-configmap.yaml | 6 +++++- stable/postgresql/templates/statefulset.yaml | 4 ++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/stable/postgresql/Chart.yaml b/stable/postgresql/Chart.yaml index 48b382536062..0b582b2b14cc 100644 --- a/stable/postgresql/Chart.yaml +++ b/stable/postgresql/Chart.yaml @@ -1,5 +1,5 @@ name: postgresql -version: 3.7.1 +version: 3.7.2 appVersion: 10.6.0 description: Chart for PostgreSQL, an object-relational database management system (ORDBMS) with an emphasis on extensibility and on standards-compliance. keywords: diff --git a/stable/postgresql/templates/initialization-configmap.yaml b/stable/postgresql/templates/initialization-configmap.yaml index 9565de7fff93..6223dfec18f4 100644 --- a/stable/postgresql/templates/initialization-configmap.yaml +++ b/stable/postgresql/templates/initialization-configmap.yaml @@ -1,4 +1,4 @@ -{{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") (not .Values.initdbScriptsConfigMap) }} +{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} apiVersion: v1 kind: ConfigMap metadata: @@ -8,13 +8,17 @@ metadata: chart: {{ template "postgresql.chart" . }} release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} +{{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz") (not .Values.initdbScriptsConfigMap) }} binaryData: {{- $root := . }} {{- range $path, $bytes := .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} {{ base $path }}: {{ $root.Files.Get $path | b64enc | quote }} {{- end }} +{{- end }} data: +{{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}") (not .Values.initdbScriptsConfigMap) }} {{ (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}").AsConfig | indent 2 }} +{{- end }} {{- with .Values.initdbScripts }} {{ toYaml . | indent 2 }} {{- end }} diff --git a/stable/postgresql/templates/statefulset.yaml b/stable/postgresql/templates/statefulset.yaml index 328190a5d59f..67052491d221 100644 --- a/stable/postgresql/templates/statefulset.yaml +++ b/stable/postgresql/templates/statefulset.yaml @@ -163,7 +163,7 @@ spec: failureThreshold: {{ .Values.readinessProbe.failureThreshold }} {{- end }} volumeMounts: - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d {{- end }} @@ -252,7 +252,7 @@ spec: secret: secretName: {{ template "postgresql.secretName" . }} {{- end }} - {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - name: custom-init-scripts configMap: name: {{ template "postgresql.initdbScriptsCM" . }} From a1063305fce4eff0a37c3a52b62e9eb8c2c26563 Mon Sep 17 00:00:00 2001 From: Denis Iskandarov Date: Wed, 2 Jan 2019 15:30:27 +0400 Subject: [PATCH 130/136] use proper k8s image registry (#10325) as by https://github.com/kubernetes/kubernetes/pull/54174 Signed-off-by: Denis Iskandarov Signed-off-by: Melissa Palmer --- stable/prometheus-operator/Chart.yaml | 2 +- stable/prometheus-operator/README.md | 2 +- stable/prometheus-operator/ci/test-values.yaml | 2 +- stable/prometheus-operator/values.yaml | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/stable/prometheus-operator/Chart.yaml b/stable/prometheus-operator/Chart.yaml index f70388ba37d0..8fc05ad0108a 100644 --- a/stable/prometheus-operator/Chart.yaml +++ b/stable/prometheus-operator/Chart.yaml @@ -9,7 +9,7 @@ name: prometheus-operator sources: - https://github.com/coreos/prometheus-operator - https://coreos.com/operators/prometheus -version: 1.1.0 +version: 1.2.0 appVersion: 0.26.0 home: https://github.com/coreos/prometheus-operator keywords: diff --git a/stable/prometheus-operator/README.md b/stable/prometheus-operator/README.md index 5079402bdc25..3af2e9d7b277 100644 --- a/stable/prometheus-operator/README.md +++ b/stable/prometheus-operator/README.md @@ -92,7 +92,7 @@ The following tables lists the configurable parameters of the prometheus-operato | `prometheusOperator.configmapReloadImage.tag` | Tag for configmapReload image | `v0.0.1` | | `prometheusOperator.prometheusConfigReloaderImage.repository` | Repository for config-reloader image | `quay.io/coreos/prometheus-config-reloader` | | `prometheusOperator.prometheusConfigReloaderImage.tag` | Tag for config-reloader image | `v0.26.0` | -| `prometheusOperator.hyperkubeImage.repository` | Repository for hyperkube image used to perform maintenance tasks | `gcr.io/google-containers/hyperkube` | +| `prometheusOperator.hyperkubeImage.repository` | Repository for hyperkube image used to perform maintenance tasks | `k8s.gcr.io/hyperkube` | | `prometheusOperator.hyperkubeImage.tag` | Tag for hyperkube image used to perform maintenance tasks | `v1.12.1` | | `prometheusOperator.hyperkubeImage.repository` | Image pull policy for hyperkube image used to perform maintenance tasks | `IfNotPresent` | diff --git a/stable/prometheus-operator/ci/test-values.yaml b/stable/prometheus-operator/ci/test-values.yaml index dea9111f9e67..534da96abad8 100644 --- a/stable/prometheus-operator/ci/test-values.yaml +++ b/stable/prometheus-operator/ci/test-values.yaml @@ -559,7 +559,7 @@ prometheusOperator: ## Hyperkube image to use when cleaning up ## hyperkubeImage: - repository: gcr.io/google-containers/hyperkube + repository: k8s.gcr.io/hyperkube tag: v1.12.1 pullPolicy: IfNotPresent diff --git a/stable/prometheus-operator/values.yaml b/stable/prometheus-operator/values.yaml index e1f763a57671..d1900b2f708a 100644 --- a/stable/prometheus-operator/values.yaml +++ b/stable/prometheus-operator/values.yaml @@ -559,7 +559,7 @@ prometheusOperator: ## Hyperkube image to use when cleaning up ## hyperkubeImage: - repository: gcr.io/google-containers/hyperkube + repository: k8s.gcr.io/hyperkube tag: v1.12.1 pullPolicy: IfNotPresent From d5ef2a9050dfc5ef0357b09e3fc468f15eec8aef Mon Sep 17 00:00:00 2001 From: Dinko Osrecki Date: Wed, 2 Jan 2019 13:32:15 +0100 Subject: [PATCH 131/136] [stable/redis] Process template directives in affinity parameters (#10312) * [stable/redis] Process template directives in affinity parameters Signed-off-by: Dinko Osrecki * [stable/redis] Update README Signed-off-by: Dinko Osrecki Signed-off-by: Melissa Palmer --- stable/redis/Chart.yaml | 2 +- stable/redis/README.md | 4 ++-- stable/redis/templates/redis-master-statefulset.yaml | 2 +- stable/redis/templates/redis-slave-deployment.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/stable/redis/Chart.yaml b/stable/redis/Chart.yaml index e8ed5acb061f..c7f1a6a0ea47 100644 --- a/stable/redis/Chart.yaml +++ b/stable/redis/Chart.yaml @@ -1,5 +1,5 @@ name: redis -version: 5.1.3 +version: 5.1.4 appVersion: 4.0.12 description: Open source, advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. keywords: diff --git a/stable/redis/README.md b/stable/redis/README.md index 340c49f52878..9c365d4411d1 100644 --- a/stable/redis/README.md +++ b/stable/redis/README.md @@ -141,7 +141,7 @@ The following table lists the configurable parameters of the Redis chart and the | `master.extraFlags` | Redis master additional command line flags | [] | | `master.nodeSelector` | Redis master Node labels for pod assignment | {"beta.kubernetes.io/arch": "amd64"} | | `master.tolerations` | Toleration labels for Redis master pod assignment | [] | -| `master.affinity ` | Affinity settings for Redis master pod assignment | [] | +| `master.affinity` | Affinity settings for Redis master pod assignment | {} | | `master.schedulerName` | Name of an alternate scheduler | `nil` | | `master.service.type` | Kubernetes Service type (redis master) | `ClusterIP` | | `master.service.port` | Kubernetes Service port (redis master) | `6379` | @@ -195,7 +195,7 @@ The following table lists the configurable parameters of the Redis chart and the | `slave.securityContext.fsGroup` | Group ID for the container (redis slave pod) | `master.securityContext.fsGroup` | | `slave.securityContext.runAsUser` | User ID for the container (redis slave pod) | `master.securityContext.runAsUser` | | `slave.resources` | Redis slave CPU/Memory resource requests/limits | `master.resources` | -| `slave.affinity` | Enable node/pod affinity for slaves | {} | +| `slave.affinity` | Affinity settings for Redis slave pod assignment | {} | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, diff --git a/stable/redis/templates/redis-master-statefulset.yaml b/stable/redis/templates/redis-master-statefulset.yaml index 4424ce5195cd..2d269db60312 100644 --- a/stable/redis/templates/redis-master-statefulset.yaml +++ b/stable/redis/templates/redis-master-statefulset.yaml @@ -46,7 +46,7 @@ spec: serviceAccountName: "{{ template "redis.serviceAccountName" . }}" {{- with .Values.master.affinity }} affinity: -{{ toYaml . | indent 8 }} +{{ tpl (toYaml .) $ | indent 8 }} {{- end }} {{- if .Values.master.nodeSelector }} nodeSelector: diff --git a/stable/redis/templates/redis-slave-deployment.yaml b/stable/redis/templates/redis-slave-deployment.yaml index ca8e1eadf4ad..8f6a1092b7cf 100644 --- a/stable/redis/templates/redis-slave-deployment.yaml +++ b/stable/redis/templates/redis-slave-deployment.yaml @@ -61,7 +61,7 @@ spec: {{- end }} {{- with .Values.slave.affinity }} affinity: -{{ toYaml . | indent 8 }} +{{ tpl (toYaml .) $ | indent 8 }} {{- end }} containers: - name: {{ template "redis.fullname" . }} From d8de771168c143cba091e2fa28aa1e55d7eabe64 Mon Sep 17 00:00:00 2001 From: Sylvain Rabot Date: Wed, 2 Jan 2019 15:41:51 +0100 Subject: [PATCH 132/136] Trim global section to avoid empty line to be indented (#10204) This fix prometheus.yml output display when using `kubectl get configmap prometheus-server` Signed-off-by: Sylvain Rabot Signed-off-by: Melissa Palmer --- stable/prometheus/Chart.yaml | 2 +- stable/prometheus/templates/server-configmap.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/stable/prometheus/Chart.yaml b/stable/prometheus/Chart.yaml index 12fddcbbaa32..aec992115a66 100755 --- a/stable/prometheus/Chart.yaml +++ b/stable/prometheus/Chart.yaml @@ -1,5 +1,5 @@ name: prometheus -version: 8.3.0 +version: 8.3.1 appVersion: 2.6.0 description: Prometheus is a monitoring system and time series database. home: https://prometheus.io/ diff --git a/stable/prometheus/templates/server-configmap.yaml b/stable/prometheus/templates/server-configmap.yaml index 372cb7a507e9..fa6e44a413e3 100644 --- a/stable/prometheus/templates/server-configmap.yaml +++ b/stable/prometheus/templates/server-configmap.yaml @@ -11,7 +11,7 @@ data: {{ $key }}: | {{- if eq $key "prometheus.yml" }} global: -{{ $root.Values.server.global | toYaml | indent 6 }} +{{ $root.Values.server.global | toYaml | trimSuffix "\n" | indent 6 }} {{- end }} {{ toYaml $value | default "{}" | indent 4 }} {{- if eq $key "prometheus.yml" -}} From 208657c27a9ddba4f3252636000c5c6f1a01b403 Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Wed, 2 Jan 2019 15:48:41 +0100 Subject: [PATCH 133/136] [stable/rabbitmq] Add Ingress Path parameter (#10336) * [stable/rabbitmq] Add Ingress Path parameter Signed-off-by: juan131 * Fix Typo Signed-off-by: juan131 Signed-off-by: Melissa Palmer --- stable/rabbitmq/Chart.yaml | 2 +- stable/rabbitmq/README.md | 14 ++++++++------ stable/rabbitmq/templates/ingress.yaml | 10 +++++----- stable/rabbitmq/values-production.yaml | 1 + stable/rabbitmq/values.yaml | 1 + 5 files changed, 16 insertions(+), 12 deletions(-) diff --git a/stable/rabbitmq/Chart.yaml b/stable/rabbitmq/Chart.yaml index 17920d5d31fa..1a3a20c4ab20 100644 --- a/stable/rabbitmq/Chart.yaml +++ b/stable/rabbitmq/Chart.yaml @@ -1,5 +1,5 @@ name: rabbitmq -version: 4.0.1 +version: 4.0.2 appVersion: 3.7.9 description: Open source message broker software that implements the Advanced Message Queuing Protocol (AMQP) keywords: diff --git a/stable/rabbitmq/README.md b/stable/rabbitmq/README.md index 6203dfdc78f1..02b40d955266 100644 --- a/stable/rabbitmq/README.md +++ b/stable/rabbitmq/README.md @@ -64,11 +64,11 @@ The following table lists the configurable parameters of the RabbitMQ chart and | `rabbitmq.clustering.k8s_domain` | Customize internal k8s cluster domain | `cluster.local` | | `rabbitmq.ulimitNofiles` | Max File Descriptor limit | `65536` | | `rabbitmq.configuration` | rabbitmq.conf content | see values.yaml | -| `service.type` | Kubernetes Service type | `ClusterIP` | -| `service.amqpPort` | Amqp port | `5672` | -| `service.distPort` | Erlang distribution server port | `25672` | -| `service.nodePort` | Node port override, if serviceType NodePort | _random available between 30000-32767_ | -| `service.managerPort` | RabbitMQ Manager port | `15672` | +| `service.type` | Kubernetes Service type | `ClusterIP` | +| `service.amqpPort` | Amqp port | `5672` | +| `service.distPort` | Erlang distribution server port | `25672` | +| `service.nodePort` | Node port override, if serviceType NodePort | _random available between 30000-32767_ | +| `service.managerPort` | RabbitMQ Manager port | `15672` | | `persistence.enabled` | Use a PVC to persist data | `false` | | `persistence.storageClass` | Storage class of backing PVC | `nil` (uses alpha storage class annotation) | | `persistence.accessMode` | Use volume as ReadOnly or ReadWrite | `ReadWriteOnce` | @@ -80,7 +80,9 @@ The following table lists the configurable parameters of the RabbitMQ chart and | `nodeSelector` | Node labels for pod assignment | {} | | `affinity` | Affinity settings for pod assignment | {} | | `tolerations` | Toleration labels for pod assignment | [] | -| `ingress.enabled` | enable ingress for management console | `false` | +| `ingress.enabled` | Enable ingress resource for Management console | `false` | +| `ingress.hostName` | Hostname to your RabbitMQ installation | `nil` | +| `ingress.path` | Path within the url structure | `/` | | `ingress.tls` | enable ingress with tls | `false` | | `ingress.tlsSecret` | tls type secret to be used | `myTlsSecret` | | `ingress.annotations` | ingress annotations as an array | [] | diff --git a/stable/rabbitmq/templates/ingress.yaml b/stable/rabbitmq/templates/ingress.yaml index 90f73e83ec24..4fa890d0026d 100644 --- a/stable/rabbitmq/templates/ingress.yaml +++ b/stable/rabbitmq/templates/ingress.yaml @@ -4,10 +4,10 @@ kind: Ingress metadata: name: "{{ template "rabbitmq.fullname" . }}" labels: - app: {{ template "rabbitmq.name" . }} - chart: {{ template "rabbitmq.chart" . }} - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + app: "{{ template "rabbitmq.name" . }}" + chart: "{{ template "rabbitmq.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} annotations: {{- if .Values.ingress.tls }} ingress.kubernetes.io/secure-backends: "true" @@ -24,7 +24,7 @@ spec: - http: {{- end }} paths: - - path: {{ default "/" .path }} + - path: {{ .Values.ingress.path }} backend: serviceName: {{ template "rabbitmq.fullname" . }} servicePort: {{ .Values.service.managerPort }} diff --git a/stable/rabbitmq/values-production.yaml b/stable/rabbitmq/values-production.yaml index c68e23769459..3da1867a684c 100644 --- a/stable/rabbitmq/values-production.yaml +++ b/stable/rabbitmq/values-production.yaml @@ -171,6 +171,7 @@ ingress: ## The list of hostnames to be covered with this ingress record. ## Most likely this will be just one host, but in the event more hosts are needed, this is an array ## hostName: foo.bar.com + path: / ## Set this to true in order to enable TLS on the ingress record ## A side effect of this will be that the backend wordpress service will be connected at port 443 diff --git a/stable/rabbitmq/values.yaml b/stable/rabbitmq/values.yaml index 30de70a0d03a..9a852b9723da 100644 --- a/stable/rabbitmq/values.yaml +++ b/stable/rabbitmq/values.yaml @@ -168,6 +168,7 @@ ingress: ## The list of hostnames to be covered with this ingress record. ## Most likely this will be just one host, but in the event more hosts are needed, this is an array ## hostName: foo.bar.com + path: / ## Set this to true in order to enable TLS on the ingress record ## A side effect of this will be that the backend wordpress service will be connected at port 443 From ff03077a5259db4646c39a915ecbc9c9df026acd Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Wed, 2 Jan 2019 15:55:30 +0100 Subject: [PATCH 134/136] [stable/prestashop] Add ingress (#10335) * [stable/prestashop] Add ingress Signed-off-by: juan131 * Remove debug message Signed-off-by: juan131 * Update labels to new format Signed-off-by: juan131 Signed-off-by: Melissa Palmer --- stable/prestashop/Chart.yaml | 2 +- stable/prestashop/README.md | 138 ++++++++++-------- stable/prestashop/templates/_helpers.tpl | 13 ++ stable/prestashop/templates/deployment.yaml | 14 +- .../templates/externaldb-secrets.yaml | 12 +- stable/prestashop/templates/ingress.yaml | 37 +++++ .../prestashop/templates/prestashop-pvc.yaml | 8 +- stable/prestashop/templates/secrets.yaml | 8 +- stable/prestashop/templates/svc.yaml | 10 +- stable/prestashop/templates/tls-secrets.yaml | 17 +++ stable/prestashop/values.yaml | 47 +++++- 11 files changed, 214 insertions(+), 92 deletions(-) create mode 100644 stable/prestashop/templates/ingress.yaml create mode 100644 stable/prestashop/templates/tls-secrets.yaml diff --git a/stable/prestashop/Chart.yaml b/stable/prestashop/Chart.yaml index c6b861d694ab..8fef39acffa8 100644 --- a/stable/prestashop/Chart.yaml +++ b/stable/prestashop/Chart.yaml @@ -1,5 +1,5 @@ name: prestashop -version: 5.0.2 +version: 6.0.0 appVersion: 1.7.5-0 description: A popular open source ecommerce solution. Professional tools are easily accessible to increase online sales including instant guest checkout, abandoned cart reminders and automated Email marketing. keywords: diff --git a/stable/prestashop/README.md b/stable/prestashop/README.md index 1d8a71823b52..a01b6432ebde 100644 --- a/stable/prestashop/README.md +++ b/stable/prestashop/README.md @@ -47,70 +47,80 @@ The command removes all the Kubernetes components associated with the chart and The following table lists the configurable parameters of the PrestaShop chart and their default values. -| Parameter | Description | Default | -|---------------------------------------|----------------------------------------------------------------------------------------------|---------------------------------------------------------| -| `global.imageRegistry` | Global Docker image registry | `nil` | -| `image.registry` | PrestaShop image registry | `docker.io` | -| `image.repository` | PrestaShop image name | `bitnami/prestashop` | -| `image.tag` | PrestaShop image tag | `{VERSION}` | -| `image.pullPolicy` | Image pull policy | `Always` if `imageTag` is `latest`, else `IfNotPresent` | -| `image.pullSecrets` | Specify image pull secrets | `nil` | -| `service.type` | Kubernetes Service type | `LoadBalancer` | -| `service.port` | Service HTTP port | `80` | -| `service.httpsPort` | Service HTTPS port | `443` | -| `service.nodePorts.http` | Kubernetes http node port | `""` | -| `service.nodePorts.https` | Kubernetes https node port | `""` | -| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | -| `service.loadBalancerIP` | LoadBalancer service IP address | `""` | -| `prestashopHost` | PrestaShop host to create application URLs | `nil` | -| `prestashopUsername` | User of the application | `user@example.com` | -| `prestashopPassword` | Application password | _random 10 character long alphanumeric string_ | -| `prestashopEmail` | Admin email | `user@example.com` | -| `prestashopFirstName` | First Name | `Bitnami` | -| `prestashopLastName` | Last Name | `Name` | -| `prestashopCookieCheckIP` | Whether to check the cookie's IP address or not | `no` | -| `smtpHost` | SMTP host | `nil` | -| `smtpPort` | SMTP port | `nil` | -| `smtpUser` | SMTP user | `nil` | -| `smtpPassword` | SMTP password | `nil` | -| `smtpProtocol` | SMTP protocol [`ssl`, `tls`] | `nil` | -| `allowEmptyPassword` | Allow DB blank passwords | `yes` | -| `externalDatabase.host` | Host of the external database | `nil` | -| `externalDatabase.port` | SMTP protocol [`ssl`, `none`] | `3306` | -| `externalDatabase.user` | Existing username in the external db | `bn_prestashop` | -| `externalDatabase.password` | Password for the above username | `nil` | -| `externalDatabase.database` | Name of the existing database | `bitnami_prestashop` | -| `mariadb.enabled` | Whether to use the MariaDB chart | `true` | -| `mariadb.db.name` | Database name to create | `bitnami_prestashop` | -| `mariadb.db.user` | Database user to create | `bn_prestashop` | -| `mariadb.db.password` | Password for the database | `nil` | -| `mariadb.rootUser.password` | MariaDB admin password | `nil` | -| `sessionAffinity` | Configures the session affinity | `None` | -| `persistence.enabled` | Enable persistence using PVC | `true` | -| `persistence.storageClass` | PVC Storage Class for PrestaShop volume | `nil` (uses alpha storage class annotation) | -| `persistence.existingClaim` | An Existing PVC name for Apache volume | `nil` (uses alpha storage class annotation) | -| `persistence.accessMode` | PVC Access Mode for PrestaShop volume | `ReadWriteOnce` | -| `persistence.size` | PVC Storage Request for PrestaShop volume | `8Gi` | -| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` | -| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 600 | -| `livenessProbe.periodSeconds` | How often to perform the probe | 3 | -| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | -| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | -| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 30 | -| `readinessProbe.periodSeconds` | How often to perform the probe | 3 | -| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | -| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | -| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | -| `podAnnotations` | Pod annotations | `{}` | -| `metrics.enabled` | Start a side-car prometheus exporter | `false` | -| `metrics.image.registry` | Apache exporter image registry | `docker.io` | -| `metrics.image.repository` | Apache exporter image name | `lusotycoon/apache-exporter` | -| `metrics.image.tag` | Apache exporter image tag | `v0.5.0` | -| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | -| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `nil` | -| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{prometheus.io/scrape: "true", prometheus.io/port: "9117"}` | -| `metrics.resources` | Exporter resource requests/limit | {} | +| Parameter | Description | Default | +|---------------------------------------|----------------------------------------------------------------------------------------------|--------------------------------------------------------------| +| `global.imageRegistry` | Global Docker image registry | `nil` | +| `image.registry` | PrestaShop image registry | `docker.io` | +| `image.repository` | PrestaShop image name | `bitnami/prestashop` | +| `image.tag` | PrestaShop image tag | `{VERSION}` | +| `image.pullPolicy` | Image pull policy | `Always` if `imageTag` is `latest`, else `IfNotPresent` | +| `image.pullSecrets` | Specify image pull secrets | `nil` | +| `service.type` | Kubernetes Service type | `LoadBalancer` | +| `service.port` | Service HTTP port | `80` | +| `service.httpsPort` | Service HTTPS port | `443` | +| `service.nodePorts.http` | Kubernetes http node port | `""` | +| `service.nodePorts.https` | Kubernetes https node port | `""` | +| `service.externalTrafficPolicy` | Enable client source IP preservation | `Cluster` | +| `service.loadBalancerIP ` | LoadBalancer service IP address | `""` | +| `ingress.enabled` | Enable ingress controller resource | `false` | +| `ingress.certManager` | Add annotations for cert-manager | `false` | +| `ingress.annotations` | Ingress annotations | `[]` | +| `ingress.hosts[0].name` | Hostname to your PrestaShop installation | `prestashop.local` | +| `ingress.hosts[0].path` | Path within the url structure | `/` | +| `ingress.hosts[0].tls` | Utilize TLS backend in ingress | `false` | +| `ingress.hosts[0].tlsSecret` | TLS Secret (certificates) | `prestashop.local-tls` | +| `ingress.secrets[0].name` | TLS Secret Name | `nil` | +| `ingress.secrets[0].certificate` | TLS Secret Certificate | `nil` | +| `ingress.secrets[0].key` | TLS Secret Key | `nil` | +| `prestashopHost` | PrestaShop host to create application URLs (when ingress, it will be ignored) | `nil` | +| `prestashopUsername` | User of the application | `user@example.com` | +| `prestashopPassword` | Application password | _random 10 character long alphanumeric string_ | +| `prestashopEmail` | Admin email | `user@example.com` | +| `prestashopFirstName` | First Name | `Bitnami` | +| `prestashopLastName` | Last Name | `Name` | +| `prestashopCookieCheckIP` | Whether to check the cookie's IP address or not | `no` | +| `smtpHost` | SMTP host | `nil` | +| `smtpPort` | SMTP port | `nil` | +| `smtpUser` | SMTP user | `nil` | +| `smtpPassword` | SMTP password | `nil` | +| `smtpProtocol` | SMTP protocol [`ssl`, `tls`] | `nil` | +| `allowEmptyPassword` | Allow DB blank passwords | `yes` | +| `externalDatabase.host` | Host of the external database | `nil` | +| `externalDatabase.port` | SMTP protocol [`ssl`, `none`] | `3306` | +| `externalDatabase.user` | Existing username in the external db | `bn_prestashop` | +| `externalDatabase.password` | Password for the above username | `nil` | +| `externalDatabase.database` | Name of the existing database | `bitnami_prestashop` | +| `mariadb.enabled` | Whether to use the MariaDB chart | `true` | +| `mariadb.db.name` | Database name to create | `bitnami_prestashop` | +| `mariadb.db.user` | Database user to create | `bn_prestashop` | +| `mariadb.db.password` | Password for the database | `nil` | +| `mariadb.rootUser.password` | MariaDB admin password | `nil` | +| `sessionAffinity` | Configures the session affinity | `None` | +| `persistence.enabled` | Enable persistence using PVC | `true` | +| `persistence.storageClass` | PVC Storage Class for PrestaShop volume | `nil` (uses alpha storage class annotation) | +| `persistence.existingClaim` | An Existing PVC name for Apache volume | `nil` (uses alpha storage class annotation) | +| `persistence.accessMode` | PVC Access Mode for PrestaShop volume | `ReadWriteOnce` | +| `persistence.size` | PVC Storage Request for PrestaShop volume | `8Gi` | +| `resources` | CPU/Memory resource requests/limits | Memory: `512Mi`, CPU: `300m` | +| `livenessProbe.initialDelaySeconds` | Delay before liveness probe is initiated | 600 | +| `livenessProbe.periodSeconds` | How often to perform the probe | 3 | +| `livenessProbe.timeoutSeconds` | When the probe times out | 5 | +| `livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `livenessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | +| `readinessProbe.initialDelaySeconds` | Delay before readiness probe is initiated | 30 | +| `readinessProbe.periodSeconds` | How often to perform the probe | 3 | +| `readinessProbe.timeoutSeconds` | When the probe times out | 5 | +| `readinessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded. | 6 | +| `readinessProbe.successThreshold` | Minimum consecutive successes for the probe to be considered successful after having failed. | 1 | +| `podAnnotations` | Pod annotations | `{}` | +| `metrics.enabled` | Start a side-car prometheus exporter | `false` | +| `metrics.image.registry` | Apache exporter image registry | `docker.io` | +| `metrics.image.repository` | Apache exporter image name | `lusotycoon/apache-exporter` | +| `metrics.image.tag` | Apache exporter image tag | `v0.5.0` | +| `metrics.image.pullPolicy` | Image pull policy | `IfNotPresent` | +| `metrics.image.pullSecrets` | Specify docker-registry secret names as an array | `nil` | +| `metrics.podAnnotations` | Additional annotations for Metrics exporter pod | `{prometheus.io/scrape: "true", prometheus.io/port: "9117"}` | +| `metrics.resources` | Exporter resource requests/limit | {} | The above parameters map to the env variables defined in [bitnami/prestashop](http://github.com/bitnami/bitnami-docker-prestashop). For more information please refer to the [bitnami/prestashop](http://github.com/bitnami/bitnami-docker-prestashop) image documentation. diff --git a/stable/prestashop/templates/_helpers.tpl b/stable/prestashop/templates/_helpers.tpl index 4a4fd46d0c6e..eb7e5d52619a 100644 --- a/stable/prestashop/templates/_helpers.tpl +++ b/stable/prestashop/templates/_helpers.tpl @@ -15,6 +15,13 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} {{- end -}} +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "prestashop.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} + {{/* Create a default fully qualified app name. We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). @@ -38,11 +45,17 @@ Note, returns 127.0.0.1 if using ClusterIP. {{/* Gets the host to be used for this application. If not using ClusterIP, or if a host or LoadBalancerIP is not defined, the value will be empty. +When using Ingress, it will be set to the Ingress hostname. */}} {{- define "prestashop.host" -}} +{{- if .Values.ingress.enabled }} +{{- $host := (index .Values.ingress.hosts 0).name | default "" -}} +{{- default (include "prestashop.serviceIP" .) $host -}} +{{- else -}} {{- $host := index .Values (printf "%sHost" .Chart.Name) | default "" -}} {{- default (include "prestashop.serviceIP" .) $host -}} {{- end -}} +{{- end -}} {{/* Return the proper Prestashop image name diff --git a/stable/prestashop/templates/deployment.yaml b/stable/prestashop/templates/deployment.yaml index 25e52a7d99db..c1e1d21d5ce2 100644 --- a/stable/prestashop/templates/deployment.yaml +++ b/stable/prestashop/templates/deployment.yaml @@ -4,10 +4,10 @@ kind: Deployment metadata: name: {{ template "prestashop.fullname" . }} labels: - app: {{ template "prestashop.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + app: "{{ template "prestashop.name" . }}" + chart: "{{ template "prestashop.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} spec: selector: matchLabels: @@ -16,9 +16,9 @@ spec: template: metadata: labels: - app: {{ template "prestashop.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" + app: "{{ template "prestashop.name" . }}" + chart: "{{ template "prestashop.chart" . }}" + release: {{ .Release.Name | quote }} {{- if or .Values.podAnnotations .Values.metrics.enabled }} annotations: {{- if .Values.podAnnotations }} diff --git a/stable/prestashop/templates/externaldb-secrets.yaml b/stable/prestashop/templates/externaldb-secrets.yaml index 4ceb148898b4..ebfb829f903c 100644 --- a/stable/prestashop/templates/externaldb-secrets.yaml +++ b/stable/prestashop/templates/externaldb-secrets.yaml @@ -2,13 +2,13 @@ apiVersion: v1 kind: Secret metadata: - name: {{ printf "%s-%s" .Release.Name "externaldb" }} + name: "{{ template "prestashop.fullname" . }}-externaldb" labels: - app: {{ printf "%s-%s" .Release.Name "externaldb" }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + app: "{{ template "prestashop.name" . }}-externaldb" + chart: "{{ template "prestashop.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} type: Opaque data: db-password: {{ default "" .Values.externalDatabase.password | b64enc | quote }} -{{- end }} \ No newline at end of file +{{- end }} diff --git a/stable/prestashop/templates/ingress.yaml b/stable/prestashop/templates/ingress.yaml new file mode 100644 index 000000000000..892ab0f0e9fe --- /dev/null +++ b/stable/prestashop/templates/ingress.yaml @@ -0,0 +1,37 @@ +{{- if .Values.ingress.enabled }} +apiVersion: extensions/v1beta1 +kind: Ingress +metadata: + name: {{ template "prestashop.fullname" . }} + labels: + app: "{{ template "prestashop.name" . }}" + chart: "{{ template "prestashop.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} + annotations: + {{- if .Values.ingress.certManager }} + kubernetes.io/tls-acme: "true" + {{- end }} + {{- range $key, $value := .Values.ingress.annotations }} + {{ $key }}: {{ $value | quote }} + {{- end }} +spec: + rules: + {{- range .Values.ingress.hosts }} + - host: {{ .name }} + http: + paths: + - path: {{ default "/" .path }} + backend: + serviceName: "{{ template "prestashop.fullname" $ }}" + servicePort: http + {{- end }} + tls: + {{- range .Values.ingress.hosts }} + {{- if .tls }} + - hosts: + - {{ .name }} + secretName: {{ .tlsSecret }} + {{- end }} + {{- end }} +{{- end }} diff --git a/stable/prestashop/templates/prestashop-pvc.yaml b/stable/prestashop/templates/prestashop-pvc.yaml index cbee4e6a696e..24cb3b6cf4b2 100644 --- a/stable/prestashop/templates/prestashop-pvc.yaml +++ b/stable/prestashop/templates/prestashop-pvc.yaml @@ -4,10 +4,10 @@ apiVersion: v1 metadata: name: {{ template "prestashop.fullname" . }}-prestashop labels: - app: {{ template "prestashop.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + app: "{{ template "prestashop.name" . }}" + chart: "{{ template "prestashop.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} spec: accessModes: - {{ .Values.persistence.accessMode | quote }} diff --git a/stable/prestashop/templates/secrets.yaml b/stable/prestashop/templates/secrets.yaml index 69bff8ca072d..a66abb6b6428 100644 --- a/stable/prestashop/templates/secrets.yaml +++ b/stable/prestashop/templates/secrets.yaml @@ -3,10 +3,10 @@ kind: Secret metadata: name: {{ template "prestashop.fullname" . }} labels: - app: {{ template "prestashop.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + app: "{{ template "prestashop.name" . }}" + chart: "{{ template "prestashop.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} type: Opaque data: {{ if .Values.prestashopPassword }} diff --git a/stable/prestashop/templates/svc.yaml b/stable/prestashop/templates/svc.yaml index 849bc0fa5faa..8a30231900d6 100644 --- a/stable/prestashop/templates/svc.yaml +++ b/stable/prestashop/templates/svc.yaml @@ -3,10 +3,10 @@ kind: Service metadata: name: {{ template "prestashop.fullname" . }} labels: - app: {{ template "prestashop.fullname" . }} - chart: "{{ .Chart.Name }}-{{ .Chart.Version }}" - release: "{{ .Release.Name }}" - heritage: "{{ .Release.Service }}" + app: "{{ template "prestashop.name" . }}" + chart: "{{ template "prestashop.chart" . }}" + release: {{ .Release.Name | quote }} + heritage: {{ .Release.Service | quote }} spec: type: {{ .Values.service.type }} {{- if (and (eq .Values.service.type "LoadBalancer") (not (empty .Values.service.loadBalancerIP))) }} @@ -29,4 +29,4 @@ spec: nodePort: {{ .Values.service.nodePorts.https }} {{- end }} selector: - app: {{ template "prestashop.fullname" . }} + app: "{{ template "prestashop.fullname" . }}" diff --git a/stable/prestashop/templates/tls-secrets.yaml b/stable/prestashop/templates/tls-secrets.yaml new file mode 100644 index 000000000000..245f8f3987ee --- /dev/null +++ b/stable/prestashop/templates/tls-secrets.yaml @@ -0,0 +1,17 @@ +{{- if .Values.ingress.enabled }} +{{- range .Values.ingress.secrets }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .name }} + labels: + app: {{ template "prestashop.name" $ }} + chart: {{ template "prestashop.chart" $ }} + release: {{ $.Release.Name }} + heritage: {{ $.Release.Service }} +type: kubernetes.io/tls +data: + tls.crt: {{ .certificate | b64enc }} + tls.key: {{ .key | b64enc }} +{{- end }} +{{- end }} diff --git a/stable/prestashop/values.yaml b/stable/prestashop/values.yaml index ab8d470524a1..d2a186c26d47 100644 --- a/stable/prestashop/values.yaml +++ b/stable/prestashop/values.yaml @@ -82,7 +82,6 @@ externalDatabase: ## Database name database: bitnami_prestashop - ## SMTP mail delivery configuration ## ref: https://github.com/bitnami/bitnami-docker-prestashop/#smtp-configuration ## @@ -161,6 +160,52 @@ service: ## externalTrafficPolicy: Local +## Configure the ingress resource that allows you to access the +## PrestaShop installation. Set up the URL +## ref: http://kubernetes.io/docs/user-guide/ingress/ +## +ingress: + ## Set to true to enable ingress record generation + enabled: false + + ## Set this to true in order to add the corresponding annotations for cert-manager + certManager: false + + ## Ingress annotations done as key:value pairs + ## For a full list of possible ingress annotations, please see + ## ref: https://github.com/kubernetes/ingress-nginx/blob/master/docs/annotations.md + ## + ## If tls is set to true, annotation ingress.kubernetes.io/secure-backends: "true" will automatically be set + ## If certManager is set to true, annotation kubernetes.io/tls-acme: "true" will automatically be set + annotations: + # kubernetes.io/ingress.class: nginx + + ## The list of hostnames to be covered with this ingress record. + ## Most likely this will be just one host, but in the event more hosts are needed, this is an array + hosts: + - name: prestashop.local + path: / + + # Set this to true in order to enable TLS on the ingress record + tls: false + + ## If TLS is set to true, you must declare what secret will store the key/certificate for TLS + tlsSecret: prestashop.local-tls + + secrets: + ## If you're providing your own certificates, please use this to add the certificates as secrets + ## key and certificate should start with -----BEGIN CERTIFICATE----- or + ## -----BEGIN RSA PRIVATE KEY----- + ## + ## name should line up with a tlsSecret set further up + ## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set + ## + ## It is also possible to create and manage the certificates outside of this helm chart + ## Please see README.md for more information + # - name: prestashop.local-tls + # key: + # certificate: + ## Control where client requests go, to the same pod or round-robin ## Values: ClientIP or None ## ref: https://kubernetes.io/docs/user-guide/services/ From 479b2b25f3c04bf8820bf454580b1fab0ddf8b14 Mon Sep 17 00:00:00 2001 From: Ben Klang Date: Wed, 2 Jan 2019 10:06:23 -0500 Subject: [PATCH 135/136] Tag roles for master and data (#10337) This follows role conventions seen in other Helm charts and allows graphing to break out activity stats per role Signed-off-by: Ben Klang Signed-off-by: Melissa Palmer --- stable/elasticsearch/Chart.yaml | 2 +- stable/elasticsearch/templates/data-statefulset.yaml | 1 + stable/elasticsearch/templates/master-statefulset.yaml | 1 + 3 files changed, 3 insertions(+), 1 deletion(-) diff --git a/stable/elasticsearch/Chart.yaml b/stable/elasticsearch/Chart.yaml index a2a26221fab8..b08658ad4db1 100755 --- a/stable/elasticsearch/Chart.yaml +++ b/stable/elasticsearch/Chart.yaml @@ -1,6 +1,6 @@ name: elasticsearch home: https://www.elastic.co/products/elasticsearch -version: 1.15.2 +version: 1.15.3 appVersion: 6.5.4 description: Flexible and powerful open source, distributed real-time search and analytics engine. diff --git a/stable/elasticsearch/templates/data-statefulset.yaml b/stable/elasticsearch/templates/data-statefulset.yaml index f6431ef5fae7..2ec34c667dec 100644 --- a/stable/elasticsearch/templates/data-statefulset.yaml +++ b/stable/elasticsearch/templates/data-statefulset.yaml @@ -17,6 +17,7 @@ spec: app: {{ template "elasticsearch.name" . }} component: "{{ .Values.data.name }}" release: {{ .Release.Name }} + role: data {{- if .Values.data.podAnnotations }} annotations: {{ toYaml .Values.data.podAnnotations | indent 8 }} diff --git a/stable/elasticsearch/templates/master-statefulset.yaml b/stable/elasticsearch/templates/master-statefulset.yaml index 0c238a581a38..4d194f3d629a 100644 --- a/stable/elasticsearch/templates/master-statefulset.yaml +++ b/stable/elasticsearch/templates/master-statefulset.yaml @@ -17,6 +17,7 @@ spec: app: {{ template "elasticsearch.name" . }} component: "{{ .Values.master.name }}" release: {{ .Release.Name }} + role: master {{- if .Values.master.podAnnotations }} annotations: {{ toYaml .Values.master.podAnnotations | indent 8 }} From 03e57569d9ca42b6673211c88976a2d2d039e012 Mon Sep 17 00:00:00 2001 From: Juan Ariza Toledano Date: Wed, 2 Jan 2019 16:14:33 +0100 Subject: [PATCH 136/136] [stable/mariadb] Add support to existing configMaps as init scripts (#10338) Signed-off-by: juan131 Signed-off-by: Melissa Palmer --- stable/mariadb/Chart.yaml | 2 +- stable/mariadb/README.md | 6 ++++++ stable/mariadb/templates/_helpers.tpl | 12 ++++++++++++ .../mariadb/templates/initialization-configmap.yaml | 11 +++++++++-- stable/mariadb/templates/master-statefulset.yaml | 6 +++--- stable/mariadb/values-production.yaml | 13 +++++++++++++ stable/mariadb/values.yaml | 13 +++++++++++++ 7 files changed, 57 insertions(+), 6 deletions(-) diff --git a/stable/mariadb/Chart.yaml b/stable/mariadb/Chart.yaml index 9ad534eac113..050e0165b2e8 100644 --- a/stable/mariadb/Chart.yaml +++ b/stable/mariadb/Chart.yaml @@ -1,5 +1,5 @@ name: mariadb -version: 5.2.6 +version: 5.3.0 appVersion: 10.1.37 description: Fast, reliable, scalable, and easy to use open-source relational database system. MariaDB Server is intended for mission-critical, heavy-load production systems as well as for embedding into mass-deployed software. Highly available MariaDB cluster. keywords: diff --git a/stable/mariadb/README.md b/stable/mariadb/README.md index 7b6144587f04..e6f50a132f4f 100644 --- a/stable/mariadb/README.md +++ b/stable/mariadb/README.md @@ -70,6 +70,8 @@ The following table lists the configurable parameters of the MariaDB chart and t | `replication.enabled` | MariaDB replication enabled | `true` | | `replication.user` | MariaDB replication user | `replicator` | | `replication.password` | MariaDB replication user password | _random 10 character alphanumeric string_ | +| `initdbScripts` | List of initdb scripts | `nil` | +| `initdbScriptsConfigMap` | ConfigMap with the initdb scripts (Note: Overrides `initdbScripts`) | `nil` | | `master.annotations[].key` | key for the the annotation list item | `nil` | | `master.annotations[].value` | value for the the annotation list item | `nil` | | `master.affinity` | Master affinity (in addition to master.antiAffinity when set) | `{}` | @@ -152,6 +154,10 @@ $ helm install --name my-release -f values.yaml stable/mariadb The [Bitnami MariaDB](https://github.com/bitnami/bitnami-docker-mariadb) image allows you to use your custom scripts to initialize a fresh instance. In order to execute the scripts, they must be located inside the chart folder `files/docker-entrypoint-initdb.d` so they can be consumed as a ConfigMap. +Alternatively, you can specify custom scripts using the `initdbScripts` parameter as dict. + +In addition to these options, you can also set an external ConfigMap with all the initialization scripts. This is done by setting the `initdbScriptsConfigMap` parameter. Note that this will override the two previous options. + The allowed extensions are `.sh`, `.sql` and `.sql.gz`. ## Persistence diff --git a/stable/mariadb/templates/_helpers.tpl b/stable/mariadb/templates/_helpers.tpl index 9d785167bcf1..693b02992f6f 100644 --- a/stable/mariadb/templates/_helpers.tpl +++ b/stable/mariadb/templates/_helpers.tpl @@ -63,3 +63,15 @@ Return the proper metrics image name {{- $tag := .Values.metrics.image.tag | toString -}} {{- printf "%s/%s:%s" $registryName $repositoryName $tag -}} {{- end -}} + +{{ template "mariadb.initdbScriptsCM" . }} +{{/* +Get the initialization scripts ConfigMap name. +*/}} +{{- define "mariadb.initdbScriptsCM" -}} +{{- if .Values.initdbScriptsConfigMap -}} +{{- printf "%s" .Values.initdbScriptsConfigMap -}} +{{- else -}} +{{- printf "%s-init-scripts" (include "mariadb.fullname" .) -}} +{{- end -}} +{{- end -}} diff --git a/stable/mariadb/templates/initialization-configmap.yaml b/stable/mariadb/templates/initialization-configmap.yaml index 7ce6711836cb..f7380aff77ed 100644 --- a/stable/mariadb/templates/initialization-configmap.yaml +++ b/stable/mariadb/templates/initialization-configmap.yaml @@ -1,19 +1,26 @@ -{{ if (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|sql|sql.gz]") }} +{{- if and (or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScripts) (not .Values.initdbScriptsConfigMap) }} apiVersion: v1 kind: ConfigMap metadata: name: {{ template "master.fullname" . }}-init-scripts labels: app: {{ template "mariadb.name" . }} - component: "master" chart: {{ template "mariadb.chart" . }} release: {{ .Release.Name | quote }} heritage: {{ .Release.Service | quote }} + component: "master" +{{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz") (not .Values.initdbScriptsConfigMap) }} binaryData: {{- $root := . }} {{- range $path, $bytes := .Files.Glob "files/docker-entrypoint-initdb.d/*.sql.gz" }} {{ base $path }}: {{ $root.Files.Get $path | b64enc | quote }} {{- end }} +{{- end }} data: +{{- if and (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}") (not .Values.initdbScriptsConfigMap) }} {{ (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql}").AsConfig | indent 2 }} +{{- end }} +{{- with .Values.initdbScripts }} +{{ toYaml . | indent 2 }} +{{- end }} {{ end }} diff --git a/stable/mariadb/templates/master-statefulset.yaml b/stable/mariadb/templates/master-statefulset.yaml index 4cad6fef4fb8..fe79f8d73e9a 100644 --- a/stable/mariadb/templates/master-statefulset.yaml +++ b/stable/mariadb/templates/master-statefulset.yaml @@ -143,7 +143,7 @@ spec: volumeMounts: - name: data mountPath: /bitnami/mariadb - {{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|sql|sql.gz]") }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - name: custom-init-scripts mountPath: /docker-entrypoint-initdb.d {{- end }} @@ -196,10 +196,10 @@ spec: configMap: name: {{ template "master.fullname" . }} {{- end }} - {{- if (.Files.Glob "files/docker-entrypoint-initdb.d/*[sh|sql|sql.gz]") }} + {{- if or (.Files.Glob "files/docker-entrypoint-initdb.d/*.{sh,sql,sql.gz}") .Values.initdbScriptsConfigMap .Values.initdbScripts }} - name: custom-init-scripts configMap: - name: {{ template "master.fullname" . }}-init-scripts + name: {{ template "mariadb.initdbScriptsCM" . }} {{- end }} {{- if .Values.master.persistence.enabled }} volumeClaimTemplates: diff --git a/stable/mariadb/values-production.yaml b/stable/mariadb/values-production.yaml index 906e91d73588..7f67fd71b5bf 100644 --- a/stable/mariadb/values-production.yaml +++ b/stable/mariadb/values-production.yaml @@ -94,6 +94,19 @@ replication: ## If it is not force, a random password will be generated. forcePassword: true +## initdb scripts +## Specify dictionnary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." +# +## ConfigMap with scripts to be run at first boot +## Note: This will override initdbScripts +# initdbScriptsConfigMap: + master: ## Mariadb Master additional pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ diff --git a/stable/mariadb/values.yaml b/stable/mariadb/values.yaml index 7de7ae8df69f..2b5f565a5d5b 100644 --- a/stable/mariadb/values.yaml +++ b/stable/mariadb/values.yaml @@ -94,6 +94,19 @@ replication: ## If it is not force, a random password will be generated. forcePassword: false +## initdb scripts +## Specify dictionnary of scripts to be run at first boot +## Alternatively, you can put your scripts under the files/docker-entrypoint-initdb.d directory +## +# initdbScripts: +# my_init_script.sh: | +# #!/bin/sh +# echo "Do something." +# +## ConfigMap with scripts to be run at first boot +## Note: This will override initdbScripts +# initdbScriptsConfigMap: + master: ## Mariadb Master additional pod annotations ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/